3ec2896437c9b47c021ab719cd67b28c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3ec2896437c9b47c021ab719cd67b28c_JaffaCakes118
Size

90KB
MD5

3ec2896437c9b47c021ab719cd67b28c
SHA1

eb0d773cc3b53936585e1f898c291548f23b2005
SHA256

e509dac46439a5a8d855817219e569054ccbe01e964179650c4b0b6e3b7bb4be
SHA512

642302b11e5ffeb07e7ca716309cab8958a69b475af63855d9fbf62d12e1f05926018be99fa4beeda0f4ee53b2ffebb3cdf378fea02994debd976761ec79f628
SSDEEP

1536:fD9FGHFf77u+nAWhc03ENV0CpoWFvd9bXGW+GFR512EJku7pTJjbRvWHgcci20lz:fRFqfn1u0SoWvxXGW+sR/2MkUBpWEgP

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PersistencyMonitor.exe
unpack001/PlaceHolder.exe

Files

3ec2896437c9b47c021ab719cd67b28c_JaffaCakes118
.zip
PersistencyMonitor.exe
.exe windows:4 windows x86 arch:x86

478117ca092e0b3c149406ba3c71342b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetEvent
OpenEventA
CreateEventA
OpenMutexA
GetModuleHandleA
SetLastError
GetTickCount
GetVolumeInformationA
GetFileAttributesA
GetModuleFileNameA
GetSystemDirectoryA
WaitForMultipleObjectsEx
ReleaseMutex
WaitForSingleObject
GetLastError
VirtualAlloc
VirtualQuery
VirtualProtect
CreateMutexA
GetStartupInfoA
FormatMessageA
LocalFree
ResetEvent
GetCurrentThreadId
DeviceIoControl
GetTempPathA
CreateProcessA
WaitForMultipleObjects
GetExitCodeProcess
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
SetFilePointer
WriteFile
Sleep
DeleteFileA
GetVersionExA
MoveFileExA
GetWindowsDirectoryA
GetShortPathNameA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
CreateDirectoryA
FindFirstFileA
FindClose
VirtualFree
SystemTimeToFileTime
GetSystemTimeAsFileTime

advapi32

RegCreateKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
mbstowcs
strcpy
isspace
_ui64toa
_atoi64
memmove
strncpy
strcmp
sprintf
strchr
_ultoa
tolower
memcmp
rand
_ltoa
strlen
atol
_i64toa
_purecall
??2@YAPAXI@Z
memset
strstr
_splitpath
??0exception@@QAE@XZ
??3@YAXPAX@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
time
srand
strcat

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
InternetOpenA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetGetConnectedState
InternetSetStatusCallback
InternetOpenUrlA

ws2_32

inet_addr

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PlaceHolder.exe
.exe windows:4 windows x86 arch:x86

e96ad8fc3377d8a29cca6d1f34dbad7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
WaitForMultipleObjectsEx
GetTempPathA
WriteFile
CreateEventA
DeleteFileA
SetEvent
OpenEventA
OpenMutexA
GetVolumeInformationA
SetLastError
CreateMutexA
GetLastError
WaitForSingleObject
ReleaseMutex
CloseHandle
VirtualAlloc
VirtualQuery
VirtualProtect
CreateFileA
GetStartupInfoA
DeviceIoControl
LoadLibraryA
GetProcAddress
CreateDirectoryA
FindFirstFileA
FindClose
GetVersionExA
MoveFileExA
GetWindowsDirectoryA
GetShortPathNameA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
VirtualFree
SystemTimeToFileTime
GetSystemTimeAsFileTime

advapi32

RegDeleteValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA

wininet

HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState

msvcrt

free
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strcmp
strcat
strlen
strcpy
memset
_itoa
_purecall
_ui64toa
_atoi64
sprintf
strchr
??2@YAPAXI@Z
_ultoa
tolower
strstr
_splitpath
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
__CxxFrameHandler
toupper

shell32

ShellExecuteA

ws2_32

inet_addr

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

478117ca092e0b3c149406ba3c71342b

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

wininet

ws2_32

Sections

.text Size: 84KB - Virtual size: 80KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 6KB

e96ad8fc3377d8a29cca6d1f34dbad7a

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

msvcrt

shell32

ws2_32

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 3KB

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 6KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 3KB