51ea81983f05256dd4ca91e798aee08e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

51ea81983f05256dd4ca91e798aee08e_JaffaCakes118
Size

976KB
MD5

51ea81983f05256dd4ca91e798aee08e
SHA1

20cd28de8a471cbfd635b9fb3afe27b016d489c1
SHA256

c538d085df804da9683a184de827fef7e6895e1f7b347a1d93399b554ec299c5
SHA512

6edb3046e760f901202e04c306555e085d59acee89d17085312a7460386368c5ca382a2ebe1f72cf9cc2345c8cf1e051abd9bbc22fdefe975caf7d98d0edbcb0
SSDEEP

24576:389hmuTPWTvE1f/8fV3qQlgvqa29KRZhr3Cx1:3g7cEl8t6Qu49KVrw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51ea81983f05256dd4ca91e798aee08e_JaffaCakes118

Files

51ea81983f05256dd4ca91e798aee08e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e188158c6c28234ab66f67fe5e72c1fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DefWindowProcA
CreateWindowExW
TrackPopupMenu
InsertMenuItemW
GetPropW
InsertMenuW
RegisterClassW
PostMessageA
SetPropW
CallWindowProcA
DestroyWindow
PostQuitMessage
GetCursorPos
GetSystemMetrics
LoadStringW
DispatchMessageA
SetForegroundWindow
LoadImageW
GetMessageA
CreatePopupMenu
TranslateMessage
DestroyMenu

shell32

Shell_NotifyIconW
ShellExecuteA
SHGetPathFromIDListW
SHGetSpecialFolderLocation

advapi32

RegSetValueExW
RegOpenKeyW
RegCloseKey
OpenThreadToken
OpenProcessToken
RegCreateKeyExW
RegQueryValueExW
ConvertSidToStringSidA
RegOpenKeyExW
GetTokenInformation

kernel32

EnterCriticalSection
MoveFileW
InitializeCriticalSection
TlsFree
WriteFile
CreateThread
SetEndOfFile
DeleteFileW
DeleteCriticalSection
GetFileInformationByHandle
TlsSetValue
GetSystemTimeAsFileTime
LeaveCriticalSection
SetEvent
CloseHandle
GetDriveTypeW
CreateSemaphoreA
TlsGetValue
ReadFile
GetLastError
SwitchToThread
GetUserDefaultLCID
SetFilePointer
GetLocalTime
TlsAlloc
ReleaseSemaphore
GlobalAddAtomA
WaitForSingleObject
FindFirstFileW
GetModuleFileNameW
GetFullPathNameW
Sleep
FindClose
GetStartupInfoA

sensapi

IsNetworkAlive

ws2_32

WSAEventSelect
WSAIoctl
WSASocketA
WSACreateEvent

wininet

InternetReadFile
InternetConnectA
InternetOpenA
HttpAddRequestHeadersA
InternetWriteFile
HttpOpenRequestA
HttpEndRequestA
InternetSetOptionA
HttpQueryInfoA
HttpSendRequestExA
HttpSendRequestA
InternetCrackUrlA
InternetCloseHandle

tapi32

lineSetAgentState
lineAccept

ole32

CoCreateInstance
CoTaskMemFree

shlwapi

StrCmpNA

Sections

.text
Size: 622KB - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 320KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e188158c6c28234ab66f67fe5e72c1fd

Headers

File Characteristics

Imports

user32

shell32

advapi32

kernel32

sensapi

ws2_32

wininet

tapi32

ole32

shlwapi

Sections

.text Size: 622KB - Virtual size: 622KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 320KB - Virtual size: 3.6MB

.rsrc Size: 29KB - Virtual size: 29KB

.text
Size: 622KB - Virtual size: 622KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 320KB - Virtual size: 3.6MB

.rsrc
Size: 29KB - Virtual size: 29KB