427cc1417e51e4e78c4925d5dc40ac5e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

427cc1417e51e4e78c4925d5dc40ac5e_JaffaCakes118
Size

2.3MB
MD5

427cc1417e51e4e78c4925d5dc40ac5e
SHA1

58a0baddd09e88e826652cebffffb6586303bd3e
SHA256

6261146c0cd1359c1a688dbe6fd06531e857f5bdd9ba93817071317f4fd9f49e
SHA512

82c0f764877c182c8c047c84d7c94eefc3e7131f0e7f712b3216e23a868d37fecdc410e84c4cba1083562207da4124b0602585d00d0711618cb687ff0299ed9c
SSDEEP

49152:4FZvBS10tMQo0LBeHvYLFUQ00T+LpBKJ6lUW+e/bb+YGk7su7Xcd9Qy:OZr60KvotspBKU/+eDaYGq693

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
427cc1417e51e4e78c4925d5dc40ac5e_JaffaCakes118

Files

427cc1417e51e4e78c4925d5dc40ac5e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4df80f9a93aabdb54d988beca7f26493

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
GetVersionExA
CloseHandle
GetTempPathA
LocalFree
WriteProcessMemory
DeleteFileA
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
CreateThread
CompareStringW
CompareStringA
SetEndOfFile
CreateFileW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
CreateMutexA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTempFileNameA
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
MoveFileA
LocalAlloc
Process32Next
LoadLibraryA
IsValidLocale
GetPrivateProfileStringA
VirtualAllocEx
CopyFileA
GetProcAddress
GetLastError
FindFirstFileA
CreateDirectoryA
SetThreadPriority
ReadFile
TerminateProcess
SizeofResource
Sleep
GetPrivateProfileIntA
OpenProcess
GetSystemWow64DirectoryA
WriteFile
GetWindowsDirectoryA
SetFileTime
CreateRemoteThread
FormatMessageA
GetCurrentThread
GetTickCount
WaitForSingleObject
Process32First
SetEnvironmentVariableA
GetModuleHandleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetCurrentProcess
LoadResource
FindResourceA
CreateFileA
GetTimeZoneInformation
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
RaiseException
RtlUnwind
GetCPInfo
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte

user32

LoadCursorA
DestroyMenu
UpdateWindow
SetWindowTextA
InsertMenuA
GetSystemMetrics
SystemParametersInfoA
DispatchMessageA
IsWindow
MoveWindow
LoadIconA
AppendMenuA
GetActiveWindow
CreatePopupMenu
SendMessageA
GetCursorPos
GetDesktopWindow
DefWindowProcA
ReleaseDC
CreateWindowExA
InvalidateRect
GetWindowPlacement
TranslateMessage
IsDialogMessageA
GetDC
BeginPaint
SetFocus
LoadBitmapA
SetForegroundWindow
TrackPopupMenu
RegisterClassExA
MessageBoxA
ShowWindow
EndPaint
DestroyWindow
GetMessageA

gdi32

CreateFontA
AddFontResourceExA
SetBkMode
DeleteObject
GetStockObject
CreateSolidBrush
SetTextColor

advapi32

AllocateAndInitializeSid
OpenThreadToken
SetSecurityDescriptorGroup
AccessCheck
RegCloseKey
AdjustTokenPrivileges
GetLengthSid
IsValidSecurityDescriptor
FreeSid
AddAccessAllowedAce
SetSecurityDescriptorOwner
OpenProcessToken
InitializeAcl
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateToken
RegQueryValueExA
RegSetValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

wininet

FtpOpenFileA
InternetReadFile
DeleteUrlCacheEntry
FtpGetFileSize
InternetOpenA
InternetCloseHandle
InternetConnectA

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_Create

ws2_32

send
gethostbyname
closesocket
socket
recv
setsockopt
htons
inet_addr
WSAStartup
inet_ntoa
connect

psapi

GetModuleFileNameExA

gdiplus

GdiplusShutdown
GdipFree
GdipGetImageHeight
GdipDeleteGraphics
GdipDrawImageRectI
GdipLoadImageFromFile
GdipAlloc
GdipDisposeImage
GdipCreateFromHDC
GdipCloneImage
GdiplusStartup
GdipGetImageWidth

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4df80f9a93aabdb54d988beca7f26493

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

comctl32

ws2_32

psapi

gdiplus

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB