3809331932073e048e3ada742dcc32ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3809331932073e048e3ada742dcc32ba_JaffaCakes118
Size

395KB
MD5

3809331932073e048e3ada742dcc32ba
SHA1

6d946555379d48b5b934d420221dbc19351354e5
SHA256

8b4720dee65c1da5021e6a41f1e3272a239576bd45059bd8216be8dfd48c4fb9
SHA512

6cd957db82f1eea529ddf495f614678d4e9cf0e9b746722e4451f3b356afd765bc7ef9b7c10f88ea131cfb85b7b3c34dd602e1405b7ad544cf9f3996baf0d360
SSDEEP

12288:X0HH2HIDqkf4MrHYS7ln7x3amVKLUD7Uw:X0n2HI5fZD7r3TULUD7Uw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3809331932073e048e3ada742dcc32ba_JaffaCakes118

Files

3809331932073e048e3ada742dcc32ba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f23bdfd0206f09af0c56ba2b549da287

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveArgsA
PathQuoteSpacesA
PathFileExistsA
StrRChrA
PathUnquoteSpacesA

kernel32

SetEvent
GetTickCount
IsBadReadPtr
ExpandEnvironmentStringsA
GetWindowsDirectoryA
WriteFile
InitializeCriticalSection
OpenProcess
FindResourceExA
WideCharToMultiByte
GetVolumeInformationA
Sleep
SizeofResource
CreateEventA
LeaveCriticalSection
GetFileAttributesA
GetExitCodeProcess
CreateProcessA
TerminateProcess
IsDBCSLeadByte
ReadFile
GetSystemDirectoryA
GetEnvironmentVariableA
MultiByteToWideChar
lstrlenW
RaiseException
GetShortPathNameA
FindFirstFileA
GetLastError
lstrcmpiA
GetProcAddress
EnterCriticalSection
GetTempFileNameA
FindClose
LoadLibraryA
GetProcessId
CreateFileMappingA
GetExitCodeThread
WaitForSingleObject
CreateEventW
GetModuleFileNameA
FindNextFileA
GetModuleHandleA
LoadLibraryExA
VirtualProtect
OpenEventW
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
GetVersionExA
CloseHandle
GetTempPathA
GetSystemTime
DeleteFileA
lstrcpyA
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadResource
FreeLibrary
lstrcpynA
MapViewOfFile
lstrlenA
lstrcmpA
FindResourceA
GetProcessHeap
GetFileSize
CreateFileA
GetComputerNameA
ExitProcess
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
SetFilePointer
GetLocaleInfoA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
LockResource
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapFree
HeapAlloc
VirtualAlloc
GetModuleHandleW
GetSystemInfo
VirtualQuery
GetCommandLineA
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
HeapReAlloc
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStringTypeA
GetStringTypeW
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

CharNextA
PostMessageA
GetMessageA
DefWindowProcA

advapi32

RegCreateKeyExA
CloseServiceHandle
RegCloseKey
GetUserNameA
QueryServiceConfigA
OpenSCManagerA
QueryServiceStatusEx
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
StartServiceA
RegEnumKeyExA
RegDeleteKeyA
EnumServicesStatusExA
CreateServiceA
RegSetValueExA
GetTokenInformation
OpenProcessToken
OpenServiceA

shell32

ShellExecuteA
ShellExecuteExA

ole32

CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoTaskMemRealloc
CoCreateInstance
CoInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA

Sections

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 371KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f23bdfd0206f09af0c56ba2b549da287

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

wininet

Sections

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 371KB - Virtual size: 378KB

.rsrc Size: 8KB - Virtual size: 8KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 371KB - Virtual size: 378KB

.rsrc
Size: 8KB - Virtual size: 8KB