07085c5245dee08968d48669eb0a56ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07085c5245dee08968d48669eb0a56ba_JaffaCakes118
Size

4.6MB
MD5

07085c5245dee08968d48669eb0a56ba
SHA1

aff0aeaae45b1c1e65cdb66d6d0b25b74a364262
SHA256

ead14dc8981b9c25a3d1ba88f7bb04872c3e4b296ab8b136a723ac716347c23c
SHA512

e5188fdb7c4ca3dfdff68fb404399e197e8904fe0012db3863416350890b6a24acdd96e64c59daffaf0bcc234c5b23463adb141cfcec339334e9c890f3e57bcf
SSDEEP

98304:TRpFRAK4iMSSay0ATJm3surxvcYopSnxOe+K:9pXAK4DTIcMnxOe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07085c5245dee08968d48669eb0a56ba_JaffaCakes118

Files

07085c5245dee08968d48669eb0a56ba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f8d98066797662fc3e3cc91f321bbd1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\projects\avast\aswMBR\aswMBR.pdb

Imports

wininet

InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetOpenW

kernel32

SetLastError
GetProcAddress
MoveFileW
GlobalFree
GetLocalTime
LoadLibraryA
LockResource
GetSystemInfo
GetModuleHandleA
CloseHandle
GetWindowsDirectoryW
DeleteFileW
LocalFree
CreateThread
ExpandEnvironmentStringsW
GetTempFileNameW
GetFileSize
FindFirstFileW
SetFilePointer
MoveFileExW
GetCurrentProcess
GetPrivateProfileStringW
GetCommandLineA
GetSystemDirectoryW
LoadLibraryW
CopyFileW
CreateProcessA
ReadFile
FlushFileBuffers
GetCurrentDirectoryW
FindClose
OpenThread
SetCurrentDirectoryW
FindNextFileW
GetLastError
FileTimeToSystemTime
LocalAlloc
FileTimeToLocalFileTime
DeviceIoControl
GetVersionExA
CreateFileA
GetCurrentThread
lstrcpynW
DeleteFileA
CallNamedPipeA
VirtualFree
VirtualAlloc
GetWindowsDirectoryA
SearchPathA
HeapSize
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTempPathW
MultiByteToWideChar
GetFileAttributesW
CreateFileW
GetVersionExW
FormatMessageW
SizeofResource
Sleep
GlobalAlloc
WriteFile
GetModuleHandleW
GetComputerNameW
WaitForSingleObject
CreateDirectoryW
CreateProcessW
LoadResource
FreeLibrary
FindResourceW
SearchPathW
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
CompareStringA
GetLocaleInfoW
SetEndOfFile
SuspendThread
GetProcessHeap
RaiseException
RtlUnwind
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetStartupInfoA
HeapReAlloc
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
GetFileType
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
InterlockedIncrement
InterlockedDecrement
GetTimeZoneInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
DeleteCriticalSection
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

wsprintfW
ScreenToClient
TrackPopupMenu
DrawTextW
GetSubMenu
DialogBoxParamW
SendMessageA
InvalidateRect
LoadMenuW
GetDlgItem
EndDialog
CheckDlgButton
ShowWindow
IsDlgButtonChecked
MessageBoxW
SendMessageW
EnableWindow
SetWindowTextW
PostMessageW

gdi32

SetBkColor
GetStockObject
SetTextColor

advapi32

AdjustTokenPrivileges
ImpersonateSelf
RegCreateKeyExA
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
OpenThreadToken
RegCreateKeyExW
RegEnumKeyW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegOpenKeyW
RegQueryValueExW
GetUserNameW
RegFlushKey

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

Sections

.text
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8d98066797662fc3e3cc91f321bbd1c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 432KB - Virtual size: 431KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 76KB - Virtual size: 86KB

.rsrc Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 432KB - Virtual size: 431KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 76KB - Virtual size: 86KB

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 27KB - Virtual size: 26KB