0c83bc8fa072fa85a30a2d59539d620c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0c83bc8fa072fa85a30a2d59539d620c_JaffaCakes118
Size

152KB
MD5

0c83bc8fa072fa85a30a2d59539d620c
SHA1

784f057a6ccdfc39d73f7d0e23778e69c3d98c44
SHA256

d60f1cddbc697efa1d9123e28684ccfc2bf9f59883205485920a5e86874c5cb8
SHA512

241dd069994f2649c30006536402725cf1aab464bf986a5c6c5b60e3ba6a523e6aa93aaa0fb814a6151a94ea726fbb9aaebde14a3b5d007e696ace46efdaf5c4
SSDEEP

3072:W4zEkrC0VAbOMv7p20HVAQZoWJkE352liMJHHdgOCtl51:W4zEcC0ViVTXiQuqt52lzJH90751

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FAH.exe
unpack001/is167704.exe

Files

0c83bc8fa072fa85a30a2d59539d620c_JaffaCakes118
.cab
FAH.exe
.exe windows:4 windows x86 arch:x86

24af167c45c4c8fcf9c03f07e4a1cf7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
FlushFileBuffers
CloseHandle
CreateFileA
GetExitCodeProcess
SetConsoleCtrlHandler
CreateProcessA
GetSystemPowerStatus
OpenProcess
TerminateProcess
OutputDebugStringA
SetCurrentDirectoryA
GetVersionExA
WriteFile
ExpandEnvironmentStringsA
FindClose
HeapReAlloc
GetLastError
PeekNamedPipe
GetFileInformationByHandle
CreateDirectoryA
GetConsoleMode
SetConsoleMode
GlobalMemoryStatus
HeapAlloc
ReadConsoleInputA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
RaiseException
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcessId
ReleaseSemaphore
OpenSemaphoreA
GetCurrentThreadId
GetCurrentProcess
WaitForSingleObject
CreateSemaphoreA
Sleep
GetSystemTime
WaitForMultipleObjects
GetStartupInfoA
FindFirstFileA
HeapDestroy
HeapCreate
HeapFree
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetTimeZoneInformation
GetLocalTime
InterlockedDecrement
InterlockedIncrement
MoveFileA
ExitProcess
VirtualAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
CreateThread
TlsSetValue
ExitThread
DeleteFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetLastError
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
GetFileType
GetProcAddress
GetModuleHandleA
TlsAlloc
GetStdHandle
WideCharToMultiByte
TlsGetValue
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
ReadFile
SetHandleCount

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA
OpenSCManagerA
OpenServiceA
RegQueryValueExA
CreateServiceA
CloseServiceHandle
DeleteService
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
SetServiceStatus
RegCreateKeyExA

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

rpcrt4

UuidCreate

wsock32

closesocket
select
recv
send
socket
setsockopt
bind
connect
getsockname
ntohl
ntohs
gethostbyname
ioctlsocket
WSAStartup
htons
htonl

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
is167704.exe
.exe windows:4 windows x86 arch:x86

342e9dbaf86e88f4cdc1cff3f8d9fb99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

OemToCharBuffA
MessageBoxA
MessageBeep
LoadCursorFromFileA
LoadCursorA
EndPaint
EndDialog
EmptyClipboard
DrawTextA
DestroyCursor
CreateIconFromResourceEx
CreateDesktopA
CopyRect
CharToOemBuffA
CharNextA
ActivateKeyboardLayout

kernel32

lstrcmpiA
ReadFile
MapViewOfFile
InitializeCriticalSection
GetVersionExA
GetSystemTimeAsFileTime
GetStartupInfoA
GetModuleHandleA
ExitProcess
EnumResourceTypesA
EnumResourceLanguagesA
CloseHandle

advapi32

RegQueryValueA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 18KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24af167c45c4c8fcf9c03f07e4a1cf7b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

rpcrt4

wsock32

Sections

.text Size: 172KB - Virtual size: 168KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 36KB - Virtual size: 49KB

.rsrc Size: 28KB - Virtual size: 27KB

342e9dbaf86e88f4cdc1cff3f8d9fb99

Headers

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 29KB - Virtual size: 32KB

.data Size: 1024B - Virtual size: 4KB

.rdata Size: 18KB - Virtual size: 32KB

.text
Size: 172KB - Virtual size: 168KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 36KB - Virtual size: 49KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 29KB - Virtual size: 32KB

.data
Size: 1024B - Virtual size: 4KB

.rdata
Size: 18KB - Virtual size: 32KB