26d6123ae04c9947aec9a424bdd8d400_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26d6123ae04c9947aec9a424bdd8d400_JaffaCakes118
Size

244KB
MD5

26d6123ae04c9947aec9a424bdd8d400
SHA1

f72d272efc711dddf6e0c57f665f7f2877d7f08a
SHA256

d7da81f6fc583199cbd4f27f4090a9763ae215c5a71a2230d724ed6ca3e950a3
SHA512

92e0490322c9c1ad15e4ed09323983ed58e8304f1137dc517225f4c3a7fd4487b0e80283f18639cac6d659c3f348d70004caf5eb08ddf786c59789ef54ffb564
SSDEEP

6144:AxNsFWGLktipVb7lOttArsLiKMcLLFLm8ycE5x:c6wwtOIrsLevPT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26d6123ae04c9947aec9a424bdd8d400_JaffaCakes118

Files

26d6123ae04c9947aec9a424bdd8d400_JaffaCakes118
.exe windows:4 windows x86 arch:x86

05093e3f952993056c13522199b481bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
CopyFileA
Sleep
GetLastError
OpenMutexA
lstrcpynA
lstrcpyA
CreateEventA
lstrlenA
SetEvent
CloseHandle
GetCurrentProcess
SetProcessWorkingSetSize
LeaveCriticalSection
UnhandledExceptionFilter
TlsAlloc
TlsFree
FileTimeToSystemTime
FileTimeToLocalFileTime
SearchPathA
GetStringTypeW
GlobalUnlock
SetEnvironmentVariableA
CompareStringW
GetLocaleInfoW
GetVersionExA
OpenEventA
WaitForSingleObject
ResetEvent
ExpandEnvironmentStringsA
GetTickCount
FindClose
FindNextFileA
CreateFileA
FindFirstFileA
lstrcmpA
FreeLibrary
CompareFileTime
LoadLibraryExA
GetModuleHandleA
CreateProcessA
SetLastError
GetExitCodeProcess
GetFileAttributesA
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
GetFileSize
MoveFileA
SetFileAttributesA
SetFileTime
GetTempFileNameA
GetTempPathA
GetWindowsDirectoryA
GetShortPathNameA
ReadFile
WriteFile
GlobalMemoryStatus
GetDiskFreeSpaceA
WritePrivateProfileStringA
EnumResourceNamesA
GetProcAddress
LoadLibraryA
LocalFree
GetCurrentThread
HeapFree
HeapAlloc
GetProcessHeap
lstrcmpiA
CompareStringA
GetThreadLocale
InterlockedIncrement
InterlockedDecrement
OutputDebugStringA
WideCharToMultiByte
GetStringTypeExA
FormatMessageA
CreateMutexA
MultiByteToWideChar
GlobalFree
GlobalAlloc
SetConsoleCtrlHandler
TlsGetValue
GlobalLock
GetSystemDirectoryA
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
GetLocalTime
EnterCriticalSection
IsBadReadPtr
ReleaseSemaphore
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenSemaphoreA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetFileType
TerminateProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
GetCPInfo
GetACP
SetFilePointer
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
FlushFileBuffers
SetStdHandle
SetEndOfFile
SetUnhandledExceptionFilter
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA

user32

DispatchMessageA
TranslateMessage
TranslateAcceleratorA
PeekMessageA
WaitForInputIdle
GetCursorPos
CharNextA
CharUpperA
CharLowerA
CharToOemA
OemToCharA
GetWindowTextA
GetWindowTextLengthA
GetClassInfoExA
DestroyWindow
EnumChildWindows
GetDesktopWindow
GetClassNameA
UnregisterClassA
FindWindowA
GetMessageA
PostMessageA
RegisterWindowMessageA
MessageBoxA
SetTimer
RegisterClassExA
LoadCursorA
LoadIconA
CreateWindowExA
PostQuitMessage
LoadStringA
IsWindow
DefWindowProcA
KillTimer
wsprintfA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

rpcrt4

UuidFromStringA

wsock32

closesocket
send
WSAGetLastError
recv
gethostname
WSACancelAsyncRequest
inet_addr
WSAAsyncGetHostByName
getsockopt
__WSAFDIsSet
select
htons
WSAStartup
WSACleanup
socket
inet_ntoa
bind
ioctlsocket
connect

advapi32

RegGetKeySecurity
ImpersonateSelf
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
CopySid
RegSetKeySecurity
AddAce
InitializeAcl
FreeSid
OpenThreadToken
AccessCheck
AreAllAccessesGranted
RevertToSelf
AddAccessAllowedAce
GetAclInformation
GetAce
AllocateAndInitializeSid
GetLengthSid

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitialize

Sections

.text
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05093e3f952993056c13522199b481bd

Headers

File Characteristics

Imports

kernel32

user32

version

rpcrt4

wsock32

advapi32

shell32

ole32

Sections

.text Size: 184KB - Virtual size: 182KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 32KB - Virtual size: 48KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 184KB - Virtual size: 182KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 32KB - Virtual size: 48KB

.rsrc
Size: 4KB - Virtual size: 3KB