06efc2df2739aa8c291a3d25ef420c66_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06efc2df2739aa8c291a3d25ef420c66_JaffaCakes118
Size

132KB
MD5

06efc2df2739aa8c291a3d25ef420c66
SHA1

e6186a18853fbdb666c879f6ec829e02d8650e9d
SHA256

e7973dc291a6c30db208c46334d8b344d3e1007a2511cc76383cad7763e595f5
SHA512

f2b5bd770701bd36ec2672c646fdb665f6de8014f10022f5ae77470ece68c9573225635da8354627a5a7f0c95ff4ec96bd3b0c190a9b5907ad226c4229d607d8
SSDEEP

3072:mYaKC+s1JSqNHRkkf6CQc17xJAAGnIWf13K+C+t7BUV3:aKtwJSqcnCQ4ExK+CidUV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06efc2df2739aa8c291a3d25ef420c66_JaffaCakes118

Files

06efc2df2739aa8c291a3d25ef420c66_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f72875edaed86851d0a5a20e7eb9c845

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceExW
SetFileTime
WriteFile
DeleteFileW
FreeLibrary
OpenProcess
GetProcAddress
LoadLibraryW
GetVersionExW
GetCommandLineW
VirtualAlloc
GetModuleFileNameW
GetPrivateProfileIntW
CreateThread
SetErrorMode
CreateMutexW
WaitForMultipleObjectsEx
lstrcmpA
lstrcmpiA
GetPrivateProfileStringW
SetFilePointer
GlobalAlloc
CopyFileW
GetModuleHandleW
InterlockedExchange
WritePrivateProfileStringW
lstrcpynW
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
ReadFileEx
GetOverlappedResult
WriteFileEx
GetHandleInformation
CancelIo
TerminateThread
SuspendThread
WaitForSingleObjectEx
InterlockedCompareExchange
GetStartupInfoW
SetEndOfFile
SystemTimeToFileTime
CreateWaitableTimerW
SetWaitableTimer
CloseHandle
lstrlenW
WideCharToMultiByte
GetTempPathW
GetTempFileNameW
ResetEvent
WaitForMultipleObjects
CancelWaitableTimer
GetTickCount
IsBadReadPtr
IsBadWritePtr
lstrlenA
MultiByteToWideChar
TlsSetValue
WaitForSingleObject
Sleep
SetEvent
CreateEventW
DeviceIoControl
CreateFileW
GetLastError
ReadFile
GlobalFree

user32

IsWindow
PostMessageW
UnregisterClassW
GetMessageW
TranslateMessage
GetWindowThreadProcessId
SendMessageTimeoutW
IsHungAppWindow
FindWindowExW
DispatchMessageW
CreateWindowExW
RegisterClassExW
LoadCursorW
DefWindowProcW

advapi32

RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString

wininet

InternetReadFileExA
InternetReadFile
HttpEndRequestW
HttpQueryInfoW
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetCrackUrlW
InternetSetStatusCallbackW
FtpOpenFileW
InternetSetOptionA
FtpGetFileSize
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
InternetConnectW

urlmon

ObtainUserAgentString

msvcrt

_snwprintf
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
swprintf
_vsnprintf
strncat
_strlwr
_except_handler3
malloc
free
strncpy
wcsrchr
wcscat
_vsnwprintf
_snprintf
fopen
fseek
ftell
fread
fclose
_wcsicmp
memcmp
wcscmp
_wtoi64
wcsncat
??2@YAPAXI@Z
_ftol
time
wcsncpy
_ui64tow
wcscpy
wcsstr
_wtol
_beginthreadex
wcslen
??3@YAXPAX@Z
__CxxFrameHandler
memset
tolower
isspace
isprint
strlen
memcpy

msvcp60

??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

Netbios

shlwapi

PathFileExistsW
PathFindFileNameA
PathGetDriveNumberW
StrStrIW
PathRemoveFileSpecW
SHGetValueW
SHGetValueA

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f72875edaed86851d0a5a20e7eb9c845

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

urlmon

msvcrt

msvcp60

version

netapi32

shlwapi

psapi

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 424KB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 424KB

.rsrc
Size: 52KB - Virtual size: 52KB