07cc657dc4216a6185d8f20dea6e0f37_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

07cc657dc4216a6185d8f20dea6e0f37_JaffaCakes118
Size

62KB
MD5

07cc657dc4216a6185d8f20dea6e0f37
SHA1

84ca2e56562bcfa5afbb21e868a5404863f206d2
SHA256

6e8a28115b0f36155aee7dee44e61ca9278cff3993f10fdfe0f328f5c7f7e3ea
SHA512

89a3ccd13da99cf8ce301cdd0478cad764cd940cf5e6393ebc109a00ea3aa32e9a86e50d94a1c822cbfff78d2b00d89ca652865394b144bbf131e60bda3d3de4
SSDEEP

1536:3MivkKldcHkM5g1In7dMO3TpZBK0t4KDFP14FMV:3MivkK1M58IBLSUP16M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07cc657dc4216a6185d8f20dea6e0f37_JaffaCakes118

Files

07cc657dc4216a6185d8f20dea6e0f37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7ac4ec713b21279d10d0d42cb6b3c617

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

system
atoi
strncmp
_stricmp
swprintf
strstr
wcscmp
srand
rand
strncpy
strlen
mbstowcs
wcstombs
wcsncpy
_wcsicmp
wcsstr
memcpy
strcmp
sprintf
_vsnwprintf
_snwprintf
memset
_vsnprintf
_snprintf

kernel32

GetProcessId
VirtualProtect
WriteProcessMemory
FlushInstructionCache
CreateDirectoryW
GetLogicalDriveStringsW
WaitForMultipleObjects
OpenThread
OutputDebugStringA
OutputDebugStringW
Sleep
GetCurrentProcessId
CreateThread
ExitProcess
ExitThread
CloseHandle
GetLastError
CreateMutexW
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
SetErrorMode
ReadFile
GetFileSize
CreateFileW
FindNextFileW
FindFirstFileW
VirtualFree
VirtualFreeEx
VirtualProtectEx
ReadProcessMemory
GetCurrentProcess
VirtualAlloc
LoadLibraryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenMutexW
ExpandEnvironmentStringsW
ReleaseMutex
WaitForSingleObject
CopyFileW
WriteFile
SetFileAttributesW
lstrlenW
lstrlenA
MoveFileW
DeleteFileW
CreateRemoteThread
HeapAlloc
GetProcessHeap
HeapFree
GetFileAttributesW
GetTickCount
CreateProcessW
TerminateProcess
GetVersionExA
GetLocaleInfoA
GetDriveTypeW
SetLastError
CreateEventW
IsDebuggerPresent
CheckRemoteDebuggerPresent
DeleteFiber
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
CreateNamedPipeW
FlushFileBuffers
ConnectNamedPipe
DisconnectNamedPipe

ntdll

NtOpenProcess
NtWriteVirtualMemory
NtResumeThread
NtQueryInformationThread
NtAllocateVirtualMemory

ws2_32

ioctlsocket
socket
sendto
connect
send
closesocket
WSACleanup
recv
WSAStartup
htons
select
inet_addr
gethostbyname

shlwapi

PathAppendW

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString

psapi

GetModuleFileNameExW

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteA
CommandLineToArgvW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegNotifyChangeKeyValue
GetUserNameW

user32

TranslateMessage
DispatchMessageW
DefWindowProcW
LoadCursorW
RegisterClassW
CreateWindowExW
GetMessageW
UnregisterDeviceNotification
PostQuitMessage
CharUpperBuffA
DestroyWindow
RegisterDeviceNotificationW

urlmon

ObtainUserAgentString

Sections

.data
Size: 51KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ac4ec713b21279d10d0d42cb6b3c617

Headers

File Characteristics

Imports

msvcrt

kernel32

ntdll

ws2_32

shlwapi

wininet

ole32

psapi

shell32

advapi32

user32

urlmon

Sections

.data Size: 51KB - Virtual size: 404KB

.idata Size: 6KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

.data
Size: 51KB - Virtual size: 404KB

.idata
Size: 6KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB