0db3d0d13de52522793a1e6f18fdcad1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0db3d0d13de52522793a1e6f18fdcad1_JaffaCakes118
Size

304KB
MD5

0db3d0d13de52522793a1e6f18fdcad1
SHA1

ca5c166a0a1b96a9f2a820a1c2489c153a00113d
SHA256

76b5f8987c380a87adb03ed5a607a3bb5858bd5287c351448ad3473fad55e77f
SHA512

e390fa10eaa3a75659b1a8779e4eb24e2269520c6e323ad6832880ba32b7462bae20037defa64e09882fd0f622adbca325e7925107ce51bd809bb974abf6b692
SSDEEP

3072:XLhWk+8xmxo6N7VjhkiOV4O/dk4TBfRvKD32T16:bhWkJk1N7VyiOVlFk4TBJyDw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0db3d0d13de52522793a1e6f18fdcad1_JaffaCakes118

Files

0db3d0d13de52522793a1e6f18fdcad1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d9f00feeec9bd7ebd88c2edba2f3363c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertOpenSystemStoreA
CertEnumCertificatesInStore
CertNameToStrA
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore

ntdll

NtDuplicateObject
sscanf
NtReadVirtualMemory
strtoul
sprintf
RtlAdjustPrivilege
strncmp
NtQueryObject
atoi
NtQueryInformationProcess
NtProtectVirtualMemory
NtWriteVirtualMemory
wcscpy
_itoa
_chkstk
NtQueryInformationThread
NtClose
memcmp
wcslen
_strlwr
_strcmpi
strcmp
RtlCompareUnicodeString
_vsnprintf
_snprintf
strcat
strcpy
memset
isalnum
RtlRandom
strlen
memcpy
strstr
NtQuerySystemInformation
_allmul

wininet

FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
InternetSetStatusCallback
InternetQueryOptionA
FindCloseUrlCache

shlwapi

PathCombineA
SHGetValueA
StrStrIA
StrStrA
SHRegSetUSValueA
StrCmpNIA
StrStrW
SHDeleteValueA

wtsapi32

WTSFreeMemory

kernel32

SystemTimeToFileTime
DuplicateHandle
CloseHandle
HeapFree
HeapValidate
HeapAlloc
GetProcessHeap
GetTickCount
lstrcatA
DeleteFileA
GetLastError
GetLocalTime
TerminateThread
WriteFile
WaitNamedPipeA
CreateFileA
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
DisconnectNamedPipe
FlushFileBuffers
ReadFile
IsBadReadPtr
OutputDebugStringA
GetCurrentThreadId
CreateThread
Sleep
GetModuleFileNameA
CreateMutexA
SetLastError
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetModuleHandleA
InitializeCriticalSection
FileTimeToSystemTime
ConnectNamedPipe
CreateNamedPipeA
GetExitCodeThread
WaitForSingleObject
ExitProcess
GetTimeZoneInformation
GetUserDefaultLangID
GetVersionExA
FreeLibrary
MultiByteToWideChar
ReadProcessMemory
GetThreadSelectorEntry
GetThreadContext
FlushInstructionCache
WideCharToMultiByte
OpenProcess
IsBadWritePtr
HeapReAlloc
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
VirtualQueryEx
GetVolumeInformationA
GetSystemWindowsDirectoryA
GetComputerNameA
lstrcmpA
GetWindowsDirectoryA
TerminateProcess
CreateProcessA
GetSystemDirectoryA
OpenMutexA
SetThreadPriority
GetThreadPriority
RemoveDirectoryA
MoveFileExA
GetTempFileNameA
GetTempPathA
ExitThread
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
CreateRemoteThread
SetFilePointer
SetEvent
lstrlenA
CreateEventA
lstrlenW
SetNamedPipeHandleState
WaitNamedPipeW
CreateFileW
lstrcatW
lstrcpyW
SetFileAttributesA
VirtualAlloc
VirtualProtect
VirtualFree
lstrcpyA
LocalFileTimeToFileTime
CreateDirectoryA
CreateDirectoryW
GetCurrentDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
SetFileTime
GetCurrentProcessId

user32

GetKeyboardState
ToUnicode
DrawIcon
GetDesktopWindow
GetIconInfo
LoadCursorA
ReleaseDC
GetCursorPos
GetWindowRect
GetWindowDC
EnumWindows
CallWindowProcA
CharLowerA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
CreateCompatibleBitmap
DeleteDC

advapi32

RegOpenKeyExA
CryptAcquireContextW
CryptReleaseContext
CryptGetUserKey
CryptGetKeyParam
CryptDestroyKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExA
GetUserNameA

shell32

SHGetFolderPathA

ole32

CreateStreamOnHGlobal

ws2_32

inet_addr
getpeername
ntohs
WSAGetLastError
inet_ntoa
htons

Sections

.text
Size: 110KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9f00feeec9bd7ebd88c2edba2f3363c

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ntdll

wininet

shlwapi

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

Sections

.text Size: 110KB - Virtual size: 2.9MB

.rdata Size: 33KB - Virtual size: 3.1MB

.data Size: 2KB - Virtual size: 3.1MB

.CRT Size: 512B - Virtual size: 3.2MB

.reloc Size: 7KB - Virtual size: 3.2MB

.text
Size: 110KB - Virtual size: 2.9MB

.rdata
Size: 33KB - Virtual size: 3.1MB

.data
Size: 2KB - Virtual size: 3.1MB

.CRT
Size: 512B - Virtual size: 3.2MB

.reloc
Size: 7KB - Virtual size: 3.2MB