08021676266cfbcb9325b1e678b222da_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08021676266cfbcb9325b1e678b222da_JaffaCakes118
Size

728KB
MD5

08021676266cfbcb9325b1e678b222da
SHA1

aa813586c8f0e72caf05c39d4f9f391136be3f0a
SHA256

e5c7fde5239a12c83038fc803c37b66c1c7357c95ee8271c384ca496707459fd
SHA512

a8d1ce7f8ab369309e8caf960f231ff6dcb8c64548b3aee3ba7ecdb93f04f07d2f55c3e3570b5a78d682b0d788485a02c6afadfc4af6d9e755bb80dfc5f9c4db
SSDEEP

12288:difmLOgLN70/IG7CqF38Q3s3aFiwLVqGzzCxuUKo1nWjhStiSbUccDUIwsrKms:gOLOYW7CqF38qfpzeuUKtYcwUccUf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08021676266cfbcb9325b1e678b222da_JaffaCakes118

Files

08021676266cfbcb9325b1e678b222da_JaffaCakes118
.exe windows:4 windows x86 arch:x86

68831fd38d4eb26788a4c40e7c266815

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\a.klaus\Desktop\Acid_Burn & BlaXx Version\release\Codesoft-PW_Stealer_Server.pdb

Imports

kernel32

FindFirstFileA
FindNextFileA
CreateFileA
WriteFile
CloseHandle
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemTime
lstrlenA
GetEnvironmentVariableA
GetShortPathNameA
lstrcpyA
GetTempPathA
HeapFree
VirtualFree
GetProcessHeap
IsBadReadPtr
VirtualAlloc
VirtualProtect
ExitProcess
lstrcmpA
Process32First
Module32First
Process32Next
GetModuleHandleA
CreateToolhelp32Snapshot
Module32Next
CreateMutexA
GetModuleFileNameA
CopyFileA
GetLastError
lstrcatA
Sleep
HeapAlloc
GetComputerNameA
SetEndOfFile
GetLocaleInfoW
CreateFileW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapValidate
DeleteFileA
GetModuleFileNameW
GetCommandLineA
GetVersionExA
GetStartupInfoA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
FatalAppExitA
SetHandleCount
GetStdHandle
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
HeapReAlloc
HeapDestroy
HeapCreate
GetACP
GetOEMCP
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
IsValidCodePage

advapi32

RegQueryValueA
OpenProcessToken
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
GetUserNameA

shell32

ShellExecuteA
SHGetFolderPathA

shlwapi

PathUnquoteSpacesA
PathRemoveArgsA

wininet

FtpPutFileA
FtpSetCurrentDirectoryA
InternetOpenA
InternetCloseHandle
InternetConnectA

Sections

.text
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68831fd38d4eb26788a4c40e7c266815

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

shlwapi

wininet

Sections

.text Size: 284KB - Virtual size: 280KB

.rdata Size: 104KB - Virtual size: 101KB

.data Size: 316KB - Virtual size: 344KB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 284KB - Virtual size: 280KB

.rdata
Size: 104KB - Virtual size: 101KB

.data
Size: 316KB - Virtual size: 344KB

.rsrc
Size: 20KB - Virtual size: 17KB