3e14ab5906bc259e46a97c3903e92c4e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e14ab5906bc259e46a97c3903e92c4e_JaffaCakes118
Size

292KB
MD5

3e14ab5906bc259e46a97c3903e92c4e
SHA1

fff9ecdf1b077dde3413fee64755d66dab68cf13
SHA256

ca6f0b31351a05b20da2e466fca1896eb31a31a358d0222566b0e90a9ad62aa0
SHA512

a4fff1c366112c5b2a005c30121560c673afe68b74458879b203909c5945880248d936637aecc82b60fb0d0800590499eab1d8f32827472168a3d4be8cc7a62d
SSDEEP

6144:SImq3uxKiIaGaSgirNEH6Wf0+w4j0runG7RMZvdvxGsXBzuF:uq3uOaGk1j0uiRMhdvxs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e14ab5906bc259e46a97c3903e92c4e_JaffaCakes118

Files

3e14ab5906bc259e46a97c3903e92c4e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d46a63834b68c1e74eae03e2f0e6853e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
SetFileTime
GetTempFileNameA
GetTempPathA
GetShortPathNameA
ReadFile
WriteFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalMemoryStatus
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReleaseSemaphore
UnmapViewOfFile
SetEvent
OpenEventA
MapViewOfFile
CreateFileMappingA
OpenSemaphoreA
FreeLibrary
LoadLibraryA
GetProcAddress
IsBadReadPtr
MultiByteToWideChar
CreateProcessA
CreateEventA
GetVersionExA
ResetEvent
GetCurrentThread
HeapFree
HeapAlloc
GetCurrentProcess
CreateMutexA
OpenMutexA
LoadLibraryExA
LockResource
LoadResource
SizeofResource
FindResourceA
SetFilePointer
ResumeThread
SetThreadPriority
GetDiskFreeSpaceA
GetModuleHandleA
GetSystemDirectoryA
SearchPathA
GetFileSize
VirtualFree
GetModuleFileNameA
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
HeapSize
HeapReAlloc
TerminateProcess
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
RaiseException
GetFileType
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetACP
GetCPInfo
GetOEMCP
FlushFileBuffers
VirtualAlloc
IsBadWritePtr
SetStdHandle
SetEndOfFile
SetUnhandledExceptionFilter
IsBadCodePtr
GetStringTypeA
GetStringTypeW
CompareStringW
SetEnvironmentVariableA
CreateDirectoryA
lstrcatA
RemoveDirectoryA
DeleteFileA
GetFileAttributesA
ExpandEnvironmentStringsA
FormatMessageA
LocalFree
GetStringTypeExA
HeapCreate
CreateFileA
WideCharToMultiByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
GetThreadLocale
CompareStringA
lstrcmpiA
lstrcmpA
FindFirstFileA
FindNextFileA
FindClose
GetLocalTime
CopyFileA
SetLastError
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTickCount
lstrcpyA
WaitForSingleObject
CloseHandle
Sleep
CreateThread
GetLastError
GetWindowsDirectoryA
GetVolumeInformationA
lstrcpynA
TerminateThread
lstrlenA

user32

GetClassInfoExA
GetDesktopWindow
UnregisterClassA
DestroyWindow
GetClassNameA
EnumWindows
GetCursorPos
PeekMessageA
LoadStringA
CharLowerA
GetWindowTextA
CharNextA
SendMessageTimeoutA
FindWindowA
IsWindowVisible
PostMessageA
MessageBoxA
SetTimer
PostQuitMessage
KillTimer
SetForegroundWindow
LoadIconA
LoadCursorA
RegisterClassExA
GetPropA
SetPropA
RemovePropA
DefWindowProcA
SystemParametersInfoA
GetSystemMetrics
SetRect
CreateWindowExA
IsWindow
ShowWindow
SetWindowPos
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA

advapi32

ImpersonateSelf
OpenThreadToken
AccessCheck
AreAllAccessesGranted
RevertToSelf
AddAccessAllowedAce
GetAclInformation
GetAce
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

ole32

CoCreateGuid

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

rpcrt4

UuidFromStringA

wsock32

closesocket
socket
inet_ntoa
bind
ioctlsocket
htons
connect
send
__WSAFDIsSet
getsockopt
WSAAsyncGetHostByName
inet_addr
WSACancelAsyncRequest
WSAStartup
WSACleanup
recv
WSAGetLastError
select

setupapi

SetupIterateCabinetA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d46a63834b68c1e74eae03e2f0e6853e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

version

rpcrt4

wsock32

setupapi

shell32

Sections

.text Size: 216KB - Virtual size: 214KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 44KB - Virtual size: 59KB

.rsrc Size: 4KB - Virtual size: 636B

.text
Size: 216KB - Virtual size: 214KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 44KB - Virtual size: 59KB

.rsrc
Size: 4KB - Virtual size: 636B