fa91a7b83b8e96f8dcda5bde5bc7ffed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa91a7b83b8e96f8dcda5bde5bc7ffed_JaffaCakes118
Size

234KB
MD5

fa91a7b83b8e96f8dcda5bde5bc7ffed
SHA1

0bf23fc0fcaed842bd61177ee3e7bc5713f2d00a
SHA256

b3138aea4604946b60fac0b003dcc07d00f5e30d7216be4beb66899ef4981f50
SHA512

55bee61f7349eef1e97543112c6b82485331379b6f085630e4ac113afcffb78538a35f3d85fafbe322c73d00822afa4ddbb8983841fee046ff153f395223adfe
SSDEEP

6144:6tYgdLO1NGKm+vN29cxqlUnbjJT4TfVidd9YO:YXLck/o+cxql6SVir

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa91a7b83b8e96f8dcda5bde5bc7ffed_JaffaCakes118

Files

fa91a7b83b8e96f8dcda5bde5bc7ffed_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6e82d110ac410da1fca724bd4cf941d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetLocaleInfoA
SetEndOfFile
GetStringTypeW
GetStringTypeA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
HeapSize
HeapAlloc
FlushFileBuffers
VirtualFree
HeapFree
GetProcessHeap
ReadFile
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
WriteFile
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

CoInitialize
GetClassFile

shell32

ShellExecuteA

shlwapi

PathIsDirectoryA
PathFileExistsA
PathFindFileNameA
PathRemoveBlanksA
PathGetArgsA

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comsvcs

MTSCreateActivity

imm32

ImmGetDefaultIMEWnd
ImmGetCompositionFontW
ImmRegisterWordW
ImmGetConversionStatus
ImmConfigureIMEA
ImmEscapeW
ImmCreateContext
ImmGetConversionListW
ImmConfigureIMEW
ImmUnregisterWordW
ImmGetProperty
ImmGetRegisterWordStyleA
ImmDisableTextFrameService
ImmSetCompositionFontW
ImmGetCandidateListCountW
ImmReleaseContext
ImmInstallIMEW
ImmGetDescriptionW
ImmAssociateContext
ImmGetDescriptionA
ImmGetCompositionFontA
ImmSetOpenStatus
ImmEnumInputContext
ImmSetCandidateWindow
ImmGetCandidateListCountA
ImmDestroyContext

iphlpapi

GetIpNetTable
GetTcpStatisticsEx
GetOwnerModuleFromTcpEntry

msi

ord274
ord172
ord256
ord6
ord181
ord178
ord217
ord215
ord253
ord59
ord202
ord177
ord104
ord108
ord102
ord10
ord38
ord219
ord214
ord37
ord218
ord55
ord229
ord248
ord262
ord66
ord67
ord71
ord270
ord264
ord239
ord195
ord237
ord246
ord225
ord168
ord68
ord8
ord85
ord65
ord203
ord72
ord204
ord156
ord265
ord173
ord243
ord212
ord272
ord249
ord70
ord266
ord42
ord193
ord43
ord275
ord5
ord258
ord223
ord224
ord141
ord90
ord101
ord109
ord250
ord41
ord231
ord94
ord130
ord154
ord126

msimg32

GradientFill
TransparentBlt

msvfw32

DrawDibChangePalette

mswsock

GetAcceptExSockaddrs
WSARecvEx

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6e82d110ac410da1fca724bd4cf941d8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

ws2_32

netapi32

comsvcs

imm32

iphlpapi

msi

msimg32

msvfw32

mswsock

Sections

.text Size: 166KB - Virtual size: 166KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 4KB - Virtual size: 21KB

.text
Size: 166KB - Virtual size: 166KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 21KB