425b8277b037c52ded09254e68a95446_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

425b8277b037c52ded09254e68a95446_JaffaCakes118
Size

2.4MB
MD5

425b8277b037c52ded09254e68a95446
SHA1

976a8ac6e6a10bb7c92e6de35a4b81261c61c77a
SHA256

09cbfc78aa9e65cb330dc38dbc13052d5b252d03338c5acae6a74ad92ba3c467
SHA512

e7c8350997715a64afdd310c2dd7b6495093a5391441b239b869a69386838af8e745eb109105ef6f0e2e2964ef81d8eb8d2afe0e06a99ab59a5916b2f268b5ef
SSDEEP

49152:ZkwKwLbmQbzizMYt7qLaeIUz8KOLuoodGhRpCHXh/xldDQH1LxGDwPoZM:ZkLwnzbmzMYAV185qRHXldsGDwPoZM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
425b8277b037c52ded09254e68a95446_JaffaCakes118

Files

425b8277b037c52ded09254e68a95446_JaffaCakes118
.exe windows:4 windows x86 arch:x86

46c098cbc5a7424d1aaefb04dd7c4542

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

crypt32

CertControlStore

ws2_32

accept
recv
WSACleanup
connect
socket
WSAGetLastError
WSAStartup

kernel32

ReadConsoleOutputA
SetErrorMode
CopyFileA
CreateMutexA
GetSystemTimeAsFileTime
WriteConsoleOutputA
GetTickCount
DeleteCriticalSection
GetConsoleMode
FindNextFileA
GetShortPathNameA
InterlockedIncrement
SetConsoleCtrlHandler
GetFileInformationByHandle
GetFileType
GetCurrentProcessId
SetConsoleActiveScreenBuffer
GetNumberFormatA
CreateFileMappingA
GetCompressedFileSizeA
GetConsoleOutputCP
ReadConsoleA
GetFileSize
GetLocaleInfoA
QueryDosDeviceA
MoveFileExA
FreeLibrary
ReadConsoleInputW
UnmapViewOfFile
CreateProcessA
GetModuleFileNameA
LocalFileTimeToFileTime
GetLargestConsoleWindowSize
AllocConsole
SetConsoleTextAttribute
SystemTimeToFileTime
RaiseException
GetEnvironmentVariableA
ReadConsoleW
GetConsoleCursorInfo
IsBadReadPtr
SetFileApisToANSI
SetConsoleMode
GetCurrentDirectoryA
SearchPathA
EnterCriticalSection
GetSystemTime
GetCurrentThreadId
InterlockedDecrement
ReleaseMutex
IsBadCodePtr
TerminateProcess
FlushFileBuffers
LeaveCriticalSection
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
GetComputerNameA
FormatMessageA
FindCloseChangeNotification
CompareStringA
SetFileApisToOEM
GetDiskFreeSpaceA
PeekConsoleInputA
InitializeCriticalSection
GlobalMemoryStatus
SetCurrentDirectoryA
GetConsoleCP
FindClose
ReadFile
GetModuleHandleA
WriteFile
MoveFileA
BackupWrite
SetConsoleTitleA
OpenProcess
FlushConsoleInputBuffer
FindFirstFileA
SetFilePointer
FreeConsole
GetLastError
SetEndOfFile
GetFileAttributesA
SetLastError
GetVolumeInformationA
DefineDosDeviceA
LoadLibraryA
GetVersionExA
GetStdHandle
CreateFileW
ReadConsoleOutputW
LoadLibraryExA
WaitForSingleObject
FileTimeToDosDateTime
PeekConsoleInputW
GetLogicalDrives
lstrcmpiA
WaitForMultipleObjects
CreateDirectoryA
SetConsoleOutputCP
GetFullPathNameA
ReadConsoleInputA
FindFirstChangeNotificationA
CreateFileA
DeleteFileA
WriteConsoleOutputW
RemoveDirectoryA
SetFileTime
SetConsoleCursorPosition
SetConsoleScreenBufferSize
IsBadWritePtr
GetConsoleScreenBufferInfo
SetStdHandle
SetEnvironmentVariableA
GetFileTime
SetConsoleCursorInfo
MapViewOfFile
VirtualAlloc
WriteConsoleInputW

user32

GetSystemMetrics
GetWindowRect
GetDlgItem
EndDialog
ReleaseDC
MessageBoxA
EnableWindow
ShowWindow
GetClientRect
LoadStringW
GetDC
TranslateMessage

msvcrt

fwrite
wcsncpy
wcscpy
_except_handler3
free
_adjust_fdiv
_snwprintf
_onexit
__dllonexit
_initterm
_wtoi
_vsnwprintf
malloc
_strnicmp
strtol
_local_unwind2
wcsncmp
wcslen
_iob
_itow
wcscmp
_wcsicmp
_ftol

rpcrt4

MesInqProcEncodingId
NdrAllocate
MesDecodeIncrementalHandleCreate
MesIncrementalHandleReset
NDRcopy
MesBufferHandleReset
NdrByteCountPointerBufferSize
NDRSContextMarshallEx
NDRCContextBinding
DllGetClassObject
NDRCContextMarshall
NdrAsyncServerCall
NdrClientInitialize
NDRSContextMarshall
CreateStubFromTypeInfo
DllRegisterServer
NdrByteCountPointerUnmarshall
NdrByteCountPointerFree
NdrAsyncClientCall
DceErrorInqTextW
CStdStubBuffer_CountRefs
MesHandleFree
MesEncodeFixedBufferHandleCreate
NdrConformantStructBufferSize

shlwapi

UrlUnescapeW

version

GetFileVersionInfoA
VerQueryValueW

ole32

CLIPFORMAT_UserMarshal
CoAllowSetForegroundWindow
CoCreateFreeThreadedMarshaler
CLIPFORMAT_UserUnmarshal
CoDisableCallCancellation
BindMoniker
CoCopyProxy
CLSIDFromProgID
OleSetClipboard
CoDeactivateObject
CLSIDFromOle1Class
CoAddRefServerProcess
CoCreateInstance
CoCreateInstanceEx
CLIPFORMAT_UserFree
OleInitialize
CLSIDFromString
CoBuildVersion
OleGetClipboard
CLIPFORMAT_UserSize

oleacc

DllUnregisterServer
CreateStdAccessibleObject
IID_IAccessibleHandler
DllGetClassObject
AccessibleObjectFromPoint
LIBID_Accessibility
GetRoleTextA
AccessibleChildren
CreateStdAccessibleProxyW
GetStateTextA
AccessibleObjectFromWindow
CreateStdAccessibleProxyA
GetRoleTextW
GetOleaccVersionInfo
GetStateTextW
WindowFromAccessibleObject
IID_IAccessible
ObjectFromLresult
DllCanUnloadNow
AccessibleObjectFromEvent
LresultFromObject

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

46c098cbc5a7424d1aaefb04dd7c4542

Headers

File Characteristics

Imports

crypt32

ws2_32

kernel32

user32

msvcrt

rpcrt4

shlwapi

version

ole32

oleacc

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 24KB - Virtual size: 6.0MB

.rsrc Size: 122KB - Virtual size: 122KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 24KB - Virtual size: 6.0MB

.rsrc
Size: 122KB - Virtual size: 122KB

.tls
Size: 512B - Virtual size: 4KB