f5a8e971a49199c5cf97b6b18a82e0d4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f5a8e971a49199c5cf97b6b18a82e0d4_JaffaCakes118
Size

113KB
MD5

f5a8e971a49199c5cf97b6b18a82e0d4
SHA1

21707ae1977e1edace4c14e80dc7a9bacf917bd2
SHA256

d513a6b0d1ac50135d47695d252f706a5e682e9b75571474ae21d2b63edae8c7
SHA512

3f623b5aa11332a0d0c47fde9dd5fded0bb4c5862b85687bcbfbd9f974feffbe1d68adc6682ed8cdb9b0e5b766de380a145fb7e343fabac3c18a3ac5d691678c
SSDEEP

3072:lcBfZRVPt5SArLktrzfKVfAKupadyHLj1Ud7:lcBVPtxrLGjKVfzupa21Ud7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5a8e971a49199c5cf97b6b18a82e0d4_JaffaCakes118

Files

f5a8e971a49199c5cf97b6b18a82e0d4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aef325c43301c120d7684d6d7d8e6b04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadPriority
lstrcmpiA
GetLastError
SetLastError
ResetEvent
WriteFile
CreateFileW
FlushFileBuffers
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
CreateMutexW
FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
CreateDirectoryW
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
GetCurrentThread
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
SetFileAttributesW
WTSGetActiveConsoleSessionId
GetThreadContext
SetThreadContext
GetProcessId
LeaveCriticalSection
EnterCriticalSection
CreateThread
GetLocalTime
GetNativeSystemInfo
LoadLibraryA
GlobalUnlock
GlobalLock
GetSystemTime
ExpandEnvironmentStringsW
GetPrivateProfileIntW
WaitForSingleObject
LoadLibraryW
GetPrivateProfileStringW
CreateRemoteThread
OpenProcess
VirtualFreeEx
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
MoveFileExW
GetTickCount
Sleep
GetFileAttributesW
GetModuleFileNameW
FreeLibrary
WriteProcessMemory
LocalFree
GetCurrentProcessId
DuplicateHandle
OpenEventW
GetFileAttributesExW
WaitForMultipleObjects
CreateEventW
GetProcAddress
GetVersionExW
VirtualFree
GetModuleHandleW
SetEvent
GetComputerNameW
SetErrorMode
GetCommandLineW
ExitProcess
GetUserDefaultUILanguage
lstrcmpiW
InitializeCriticalSection

user32

CharLowerA
PeekMessageW
ExitWindowsEx
CharLowerW
CharToOemW
CharUpperW
MsgWaitForMultipleObjects
LoadImageW
ToUnicode
GetClipboardData
GetKeyboardState
TranslateMessage
GetCursorPos
GetIconInfo
DrawIcon
CharLowerBuffA
DispatchMessageW

advapi32

ConvertSidToStringSidW
IsWellKnownSid
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
EqualSid
CryptHashData
RegSetValueExW
AdjustTokenPrivileges
CryptDestroyHash
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
CryptGetHashParam
InitiateSystemShutdownExW
GetLengthSid

shlwapi

UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAddBackslashW
SHDeleteValueW
PathSkipRootW
PathIsURLW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
PathMatchSpecW
StrStrIW
wvnsprintfA
StrCmpNIW
PathQuoteSpacesW
StrCmpNIA
StrStrIA
PathRemoveBackslashW
PathRenameExtensionW
PathRemoveFileSpecW
SHDeleteKeyW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

ws2_32

getsockname
select
getaddrinfo
recvfrom
accept
WSAEventSelect
WSASetLastError
listen
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
WSAGetLastError
shutdown
setsockopt
bind
socket
recv
freeaddrinfo
getpeername
WSASend
closesocket
send
sendto

crypt32

CertCloseStore
PFXExportCertStoreEx
CryptUnprotectData
CertDeleteCertificateFromStore
CertOpenSystemStoreW
PFXImportCertStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext

wininet

HttpSendRequestA
InternetQueryOptionA
InternetSetOptionA
InternetQueryOptionW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetOpenA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA
InternetCloseHandle

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aef325c43301c120d7684d6d7d8e6b04

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 106KB - Virtual size: 105KB

.data Size: 512B - Virtual size: 7KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 106KB - Virtual size: 105KB

.data
Size: 512B - Virtual size: 7KB

.reloc
Size: 5KB - Virtual size: 4KB