14d1def14f8cbd10f49d5194aefc9502_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14d1def14f8cbd10f49d5194aefc9502_JaffaCakes118
Size

140KB
MD5

14d1def14f8cbd10f49d5194aefc9502
SHA1

2f2300302640e1a2332b07098873f3e55b52187f
SHA256

ba89d732e90ee372883c5c42c0137b35154c82c2c0c103004677b0e4d575b7dd
SHA512

eda8cb41fff3c5722864063efb90573981b1b08b83c059d2bf6df167b26fe7e32a173ff0a8a9c8eb69c32cf6fe1e4f1a95970842de5d0ce9ab82202218cd90dc
SSDEEP

3072:hiTo6LTy6whXSV6OWSTYBc5hRuSh9JVoHN:GZLT90SVeSTe2Thc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14d1def14f8cbd10f49d5194aefc9502_JaffaCakes118

Files

14d1def14f8cbd10f49d5194aefc9502_JaffaCakes118
.exe windows:4 windows x86 arch:x86

65f1116d5632b75ede4b583c9306f042

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

bind
ioctlsocket
htons
connect
inet_ntoa
select
__WSAFDIsSet
getsockopt
WSAGetLastError
send
socket
closesocket
inet_addr
WSACleanup
WSAAsyncGetHostByName
WSAStartup
WSACancelAsyncRequest
recv

lz32

LZRead
LZSeek
LZOpenFileA
LZClose

kernel32

GetFileAttributesA
OutputDebugStringA
GetVersionExA
GlobalUnlock
GlobalLock
FreeLibrary
SearchPathA
LocalFree
GetLastError
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
FormatMessageA
GetModuleHandleA
SetFileAttributesA
ReadFile
WriteFile
GlobalMemoryStatus
GetCurrentThread
CreateProcessA
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
lstrcmpiA
ReleaseSemaphore
GetWindowsDirectoryA
GetModuleFileNameA
CreateThread
lstrcpynA
GetTickCount
GetPrivateProfileStringA
lstrlenA
lstrcpyA
lstrcatA
Sleep
WaitForSingleObject
CloseHandle
GetTempPathA
GetTempFileNameA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalAlloc
GlobalFree
InterlockedDecrement
InterlockedIncrement
OpenSemaphoreA
CreateFileMappingA
MapViewOfFile
OpenEventA
SetEvent
UnmapViewOfFile
SetLastError
GetExitCodeProcess
FlushFileBuffers
GetFileSize
CreateFileA
GetVersion
HeapSize
HeapReAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetSystemTime
GetTimeZoneInformation
ExitProcess
GetStringTypeA
GetCommandLineA
GetStartupInfoA
RtlUnwind
ResetEvent
GetLocalTime
GetSystemDirectoryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
SetFilePointer
SetEndOfFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
VirtualAlloc
GetStringTypeW

user32

GetWindowLongA
wsprintfA
ShowWindow
GetDlgItem
MessageBoxA
LoadStringA
EnumWindows
GetClassNameA
GetWindowTextA
RegisterClassExA
GetClassInfoExA
DefWindowProcA
DestroyWindow
DispatchMessageA
TranslateMessage
PeekMessageA
CreateWindowExA
GetDesktopWindow
SetWindowPos
GetSystemMetrics
GetWindowRect
SetWindowLongA
EndPaint
BeginPaint
DialogBoxParamA
CreateDialogParamA
EndDialog
ReleaseDC
InvalidateRect
CallWindowProcA
RegisterClassA
WaitForInputIdle
GetClientRect
InflateRect
IsWindow
GetSysColor
SetPropA
RemovePropA
GetPropA
GetDC
GetCursorPos

gdi32

DeleteObject
SelectPalette
SetBkColor
SetTextColor
GetStockObject
CreatePen
LineTo
MoveToEx
SelectObject
ExtTextOutA
GetTextExtentPoint32A
GetTextMetricsA
CreateSolidBrush
RealizePalette

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
FreeSid
SetSecurityDescriptorDacl
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
GetAce
GetAclInformation
AddAccessAllowedAce
RevertToSelf
AreAllAccessesGranted
AccessCheck
OpenThreadToken
ImpersonateSelf
RegDeleteValueA

ole32

CoCreateGuid

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65f1116d5632b75ede4b583c9306f042

Headers

File Characteristics

Imports

wsock32

lz32

kernel32

user32

gdi32

advapi32

ole32

version

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 24KB - Virtual size: 38KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 24KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 3KB