fbc238585f90fc73bd65adcd0c391184_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbc238585f90fc73bd65adcd0c391184_JaffaCakes118
Size

357KB
MD5

fbc238585f90fc73bd65adcd0c391184
SHA1

ce464bc6f5b023be08aa6e45b0ea1625310aeaa1
SHA256

6df5b5fbfe3c7cd3a01ec13e79d66e0ee449a2919e425e81360084bf3256e78a
SHA512

c7cb144b46ecfe39b48ba6d1521d1ee94ab090b557b1038c8d3a60a8de4b7b8ede17601b639d1a20ecb26af9faac4565210f6f6977b8745d62082943bf3e101a
SSDEEP

6144:0xscMrg9mLyzcTbA81xAuDBoOjHX8aOKsMSnB4/tMida2TBiTn+FIIG9UZqt:EscMrg9mLTA80uWOj8xKcB4FMqa2TsT9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbc238585f90fc73bd65adcd0c391184_JaffaCakes118

Files

fbc238585f90fc73bd65adcd0c391184_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b93dd5480ad7255eaa848a2153c9707a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
SetFilePointer
CreateProcessW
GetVersionExW
ReadFile
GetFileSizeEx
GetLongPathNameW
ProcessIdToSessionId
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetProcAddress
LoadLibraryW
GetSystemTimeAsFileTime
FreeLibrary
MultiByteToWideChar
OpenProcess
DeleteCriticalSection
SetProcessWorkingSetSize
GetFileAttributesW
CreateThread
SetFileAttributesW
LocalFree
GetCurrentProcessId
DeleteFileW
OpenEventW
CreateWaitableTimerW
WaitForMultipleObjects
SetNamedPipeHandleState
DeviceIoControl
CreateEventW
ResetEvent
TransactNamedPipe
Sleep
WaitNamedPipeW
SetEvent
WaitForSingleObject
lstrcatW
MoveFileExW
SetWaitableTimer
CloseHandle
GetLocalTime
EnterCriticalSection
SetLastError
CreateFileW
LeaveCriticalSection
InitializeCriticalSection
WriteFile
OutputDebugStringW
GetLastError
CreateDirectoryW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapCreate
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
lstrcmpiW
FindClose
lstrcmpW
GetSystemDirectoryW
GetModuleHandleW
GetSystemWindowsDirectoryW
FindFirstFileW
GetFileTime
GetCurrentProcess
CompareFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ExitProcess
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
ExitThread
GetCurrentThreadId
HeapFree
GetCommandLineA
HeapSetInformation
HeapAlloc
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
TerminateProcess
FlushFileBuffers

advapi32

CryptDecrypt
CryptDestroyKey
RevertToSelf
CryptEncrypt
ImpersonateLoggedOnUser
DuplicateTokenEx
CreateProcessAsUserW
GetTokenInformation
CryptDeriveKey
CryptAcquireContextW
RegEnumKeyExW
RegOpenCurrentUser
GetUserNameW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetEntriesInAclW
SetSecurityInfo
CryptGenRandom
BuildTrusteeWithSidW
GetSecurityInfo
SetSecurityDescriptorDacl
ConvertStringSidToSidW
InitializeSecurityDescriptor
CryptHashData
CryptDestroyHash
ReportEventW
CryptCreateHash
DeregisterEventSource
RegisterEventSourceW
CryptGetHashParam
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

userenv

DestroyEnvironmentBlock
GetDefaultUserProfileDirectoryW
GetProfilesDirectoryW
CreateEnvironmentBlock
GetUserProfileDirectoryW
ExpandEnvironmentStringsForUserW

shlwapi

SHRegGetPathW
PathFileExistsW
SHGetValueA
SHRegGetPathA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

EnumProcesses
GetModuleBaseNameW
GetModuleFileNameExW

shell32

SHGetFolderPathW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

user32

CharUpperA
CharUpperW

iphlpapi

GetIpAddrTable
_PfDeleteInterface@4
_PfMakeLog@4
_PfCreateInterface@24
_PfSetLogBuffer@28
_PfUnBindInterface@4
_PfBindInterfaceToIPAddress@12
_PfDeleteLog@0
_PfAddFiltersToInterface@24

mpr

WNetGetConnectionW

mbam

ord10
ord20

mbamnet

ord12
ord26
ord10
ord9

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b93dd5480ad7255eaa848a2153c9707a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

userenv

shlwapi

version

psapi

shell32

wtsapi32

user32

iphlpapi

mpr

mbam

mbamnet

Sections

.text Size: 269KB - Virtual size: 269KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 269KB - Virtual size: 269KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 19KB - Virtual size: 18KB