3b32b6240c416248d328cfc0d5aca02f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b32b6240c416248d328cfc0d5aca02f_JaffaCakes118
Size

196KB
MD5

3b32b6240c416248d328cfc0d5aca02f
SHA1

559ff7f14f2d67a967b6922fb35dcf9057cb8a75
SHA256

9d1254e34c12a00b98cce5fcb76b050e09d15354ac7c129585ce3b39d0461cd6
SHA512

01fa2b091efc6c9430c3d27231acc947f0e356e2d083f0b37dc7b519d0c01286234f7ef4e48174f6cbdccf6f453656d6fa32f54c1b879b3bcbbb0cecbc85edfc
SSDEEP

3072:x38F46NBJvYGXfb0UAAqqfuyOXgXteEbMkC6y5eoOwK+pE9m4l4nPw3:046NbvY0jtApYuyOXCteEbMQL4Pw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b32b6240c416248d328cfc0d5aca02f_JaffaCakes118

Files

3b32b6240c416248d328cfc0d5aca02f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82dccaa705f5d8c0942188b3fbfc31ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

ws2_32

recv
socket
WSACleanup
inet_addr
send
connect
closesocket
ntohs
inet_ntoa
WSAStartup
WSAGetLastError
htons

advapi32

DuplicateTokenEx
OpenThreadToken
RevertToSelf
SetThreadToken
OpenProcessToken
StartServiceCtrlDispatcherA
StartServiceA
ControlService
DeleteService
CreateServiceA
ChangeServiceConfig2A
SetServiceStatus
QueryServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
CreateProcessAsUserA
OpenSCManagerA
CloseServiceHandle

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

user32

GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
EnumDesktopWindows
RegisterWindowMessageA
SendMessageTimeoutA
GetMessageA
EnumChildWindows
GetClassNameA
TranslateMessage
DispatchMessageW
DispatchMessageA
GetMessageW
IsWindowUnicode
PeekMessageA
GetWindowTextA
MsgWaitForMultipleObjects

ole32

CoCreateInstance
CoUninitialize
CoInitialize
OleRun
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoRevokeClassObject
CoRegisterClassObject

oleaut32

GetErrorInfo
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString

kernel32

OpenEventA
lstrcpyA
lstrcpyW
OutputDebugStringW
lstrcpynW
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
TlsSetValue
TlsGetValue
GetCurrentThread
GetSystemDirectoryA
SetEndOfFile
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetOEMCP
GetCPInfo
GetStringTypeW
GetStringTypeA
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetFilePointer
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
HeapAlloc
SetUnhandledExceptionFilter
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
TlsFree
TlsAlloc
GetCommandLineA
GetCurrentProcess
GetStdHandle
DebugBreak
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
CloseHandle
WriteFile
CreateFileA
GetLastError
MoveFileExA
GetFileSize
GetFileAttributesA
GetWindowsDirectoryA
Sleep
OutputDebugStringA
ReadFile
SetLastError
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
InitializeCriticalSection
GetModuleFileNameA
GetModuleHandleA
CreateThread
SetEvent
SuspendThread
ResumeThread
WaitForSingleObject
CreateEventA
TerminateProcess
OpenProcess
GetExitCodeProcess
HeapValidate
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetVersion
lstrlenW
lstrlenA
GetTickCount
CopyFileA
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
LocalAlloc
LocalFree
GetProcAddress
FreeLibrary
LoadLibraryA
ExitProcess
RtlUnwind
IsBadWritePtr
IsBadReadPtr
QueryPerformanceCounter

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82dccaa705f5d8c0942188b3fbfc31ca

Headers

File Characteristics

Imports

psapi

ws2_32

advapi32

shell32

wininet

user32

ole32

oleaut32

kernel32

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 12KB - Virtual size: 108KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 12KB - Virtual size: 108KB

.rsrc
Size: 4KB - Virtual size: 1KB