1008c56724529822b39cc0e40673bb5d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1008c56724529822b39cc0e40673bb5d_JaffaCakes118
Size

136KB
MD5

1008c56724529822b39cc0e40673bb5d
SHA1

5d3cabcf70d02e77ca21377c8f3a00c6cfcb8899
SHA256

cdd17add688c5f503766fd326521a782708d13961edcaf8c668cfc28229d9747
SHA512

b8388b5a1fde926353d594e9609407c87d8b93ecb3d155311dc4af3c555138e9b31c61771bba310ab8ff387d0c0c48ea877e3663d9d38635f63fa730fee7fa8c
SSDEEP

3072:scXAbumnq8EUMWe59ghUA0oTCvTiKVFG4VJ3lrkx1:seoumnL2AHnKVFPlrK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1008c56724529822b39cc0e40673bb5d_JaffaCakes118

Files

1008c56724529822b39cc0e40673bb5d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0b11d0a3a1c3b73f66836b6cbad1e843

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
SetLastError
GetProcAddress
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
WaitForMultipleObjects
lstrcmpiW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
GetVolumeNameForVolumeMountPointW
DeleteFileW
LocalFree
GetSystemTime
WriteProcessMemory
SetFileAttributesW
CreateThread
ExpandEnvironmentStringsW
ExitProcess
GetFileAttributesW
Thread32First
SetEvent
GetModuleFileNameW
CreateEventW
GetFileAttributesExW
OpenEventW
DuplicateHandle
GetCurrentProcessId
GetThreadContext
SetThreadContext
GetProcessId
CreateRemoteThread
Process32FirstW
Process32NextW
lstrcmpiA
WTSGetActiveConsoleSessionId
GetComputerNameW
GetVolumeInformationA
GetVersionExW
GlobalMemoryStatusEx
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileStringW
GetPrivateProfileIntW
InterlockedExchange
GetNativeSystemInfo
MoveFileExW
GetUserDefaultUILanguage
VirtualQuery
GetModuleHandleA
ResetEvent
HeapCreate
ReadProcessMemory
Sleep
VirtualFreeEx
GetCommandLineW
WideCharToMultiByte
OpenProcess
WriteFile
VirtualQueryEx
SetFileTime
IsBadReadPtr
GetProcessHeap
VirtualFree
GetTickCount
GetModuleHandleW
CreateDirectoryW
HeapFree
SetFilePointerEx
SystemTimeToFileTime
HeapAlloc
CreateProcessW
SetEndOfFile
WaitForSingleObject
FindFirstFileW
HeapReAlloc
GetTempFileNameW
GetEnvironmentVariableW
CloseHandle
GetLastError
CreateFileW
LoadLibraryW
FreeLibrary
CreateMutexW
SetThreadPriority
GetCurrentThread
SetErrorMode

user32

CharLowerA
TranslateMessage
CharToOemW
CharLowerW
ExitWindowsEx
CharLowerBuffA
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
CharUpperW

advapi32

GetSidSubAuthority
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
OpenProcessToken
CryptGetHashParam
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
IsWellKnownSid
GetLengthSid
EqualSid
ConvertSidToStringSidW
InitiateSystemShutdownExW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shlwapi

PathIsDirectoryW
PathFindFileNameW
wvnsprintfW
PathAddBackslashW
SHDeleteValueW
PathSkipRootW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
PathRemoveBackslashW
PathMatchSpecW
StrCmpNIA
wvnsprintfA
PathRenameExtensionW
PathQuoteSpacesW
StrCmpNIW
PathIsURLW
UrlUnescapeA
PathRemoveFileSpecW

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

secur32

GetUserNameExW

ole32

CoGetObject
CoInitializeEx
StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

ws2_32

WSAEventSelect
getpeername
recvfrom
sendto
WSAIoctl
connect
socket
WSAStartup
getaddrinfo
select
WSAGetLastError
getsockname
shutdown
setsockopt
recv
bind
freeaddrinfo
WSASetLastError
closesocket
send
accept
listen

wininet

InternetOpenA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionW
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetQueryOptionW
HttpQueryInfoA
InternetConnectA

oleaut32

VariantClear
SysFreeString
SysAllocString

netapi32

NetApiBufferFree
NetUserGetInfo
NetUserEnum

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b11d0a3a1c3b73f66836b6cbad1e843

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

wininet

oleaut32

netapi32

version

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 2KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 2KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 4KB