012b4c4b652218030d52b4e703d67ce7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

012b4c4b652218030d52b4e703d67ce7_JaffaCakes118
Size

51KB
MD5

012b4c4b652218030d52b4e703d67ce7
SHA1

4c9dd33cf9ab3a6de594c989e0f4581c6efbb896
SHA256

e1645d112538e1c71fe4a391dee78bdba8526802f369114e3f82b4256b337273
SHA512

d88489f6d29fa1193e5135f6c01a56a0656e080059815d3200a56fc8219cbdfad04935e56440d9c4a91d92934c162fe256ca83c54f6423423fe19170228d566a
SSDEEP

768:qhexAnwC1/pcgKOKT+yTZb8WnxF+cmxOTW/KsmD1KzJg6ueGBrDJHg:qFxcgKJToW71q9m1i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
012b4c4b652218030d52b4e703d67ce7_JaffaCakes118

Files

012b4c4b652218030d52b4e703d67ce7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1b1fd62ba3c244037d46161950c40813

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateStreamOnHGlobal
CoTaskMemFree

kernel32

GetVolumeInformationA
GetDriveTypeA
GetEnvironmentVariableA
CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
lstrlenW
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteFile
WideCharToMultiByte
UnmapViewOfFile
FindNextFileA
FreeLibrary
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
TerminateProcess
Sleep
ReadFile
Process32Next
Process32First
OpenProcess
MultiByteToWideChar
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetFileSize
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetStartupInfoA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetModuleHandleA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetLastError
GetDiskFreeSpaceA

user32

SetTimer
ReleaseDC
GetMessageA
TranslateMessage
wsprintfA
SetWindowLongA
GetDC
DispatchMessageA
CreateWindowExA

oleaut32

SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData

advapi32

ChangeServiceConfigA
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyA
RegCloseKey
OpenServiceA
OpenSCManagerA
OpenProcessToken
LookupPrivilegeValueA
GetUserNameA
ControlService
AdjustTokenPrivileges

shlwapi

StrRChrA
StrStrIA
StrChrA
StrCmpNA

shell32

ShellExecuteA

wsock32

socket
shutdown
send
recv
listen
inet_addr
gethostname
gethostbyname
connect
closesocket
bind
accept
WSAStartup

ws2_32

WSAIoctl
WSASocketA

rasapi32

RasEnumEntriesA
RasGetEntryPropertiesA
RasGetEntryDialParamsA

gdi32

GetDeviceCaps

Sections

Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 21KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nah
Size: 185B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xxhxhhxy
Size: 115B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b1fd62ba3c244037d46161950c40813

Headers

File Characteristics

Imports

ole32

kernel32

user32

oleaut32

advapi32

shlwapi

shell32

wsock32

ws2_32

rasapi32

gdi32

Sections

Size: 24KB - Virtual size: 23KB

Size: 3KB - Virtual size: 3KB

Size: 21KB - Virtual size: 202KB

Size: 1024B - Virtual size: 1000B

.nah Size: 185B - Virtual size: 256B

xxhxhhxy Size: 115B - Virtual size: 4KB

.nah
Size: 185B - Virtual size: 256B

xxhxhhxy
Size: 115B - Virtual size: 4KB