529b379fc516ac4bc32962532dc432f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

529b379fc516ac4bc32962532dc432f1_JaffaCakes118
Size

50KB
MD5

529b379fc516ac4bc32962532dc432f1
SHA1

078cf093632e1a98360a9013bbe427f29893bd68
SHA256

d98c4c20d051c259591326aff27d115d3b9d762e67028c74c96f025929db3972
SHA512

4f7ac60ec62ac9cffda06358ab24db30641d76e689a9881a4091532740bbdb974dec3ccc6f843266c19ea089b9c03e0f570e0c683da3e26a3b0bd47c0052857c
SSDEEP

1536:OCYQsnkiM3oX4OvQQczJYMgdc6YL0VWZMhES1iZd:OCNsnkiM3oXH8zJYMgc6YLKSSES1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
529b379fc516ac4bc32962532dc432f1_JaffaCakes118

Files

529b379fc516ac4bc32962532dc432f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8a04fd5eb790361a4a24b84abfd087e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
GetLocalTime
CloseHandle
Sleep
HeapFree
ReleaseMutex
WaitForSingleObject
CreateMutexA
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
TerminateThread
CreateFileMappingA
lstrcpynA
HeapReAlloc
DeleteFileA
CreateProcessA
PulseEvent
GetFileAttributesA
GetCurrentProcess
VirtualFree
WinExec
FreeLibrary
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
VirtualProtect
VirtualQuery
lstrcmpiA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
OpenMutexA
OpenProcess
LoadLibraryA
FlushInstructionCache
SetLastError
lstrcmpA
FileTimeToSystemTime
GetCurrentThreadId
GetVersionExA
OutputDebugStringA
GetTickCount
MapViewOfFileEx
VirtualAlloc
SetThreadContext
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ResumeThread
DuplicateHandle
CreateRemoteThread
FindNextFileA
FindFirstFileA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualAllocEx
VirtualFreeEx
QueryDosDeviceA
GetLogicalDriveStringsA
CreateThread
GetTempFileNameA
GetTempPathA
CopyFileA
GetSystemDirectoryA
GetFileSize
CreateFileA
lstrcatA
RemoveDirectoryA
GetWindowsDirectoryA
OpenFile
CompareFileTime
GetCurrentProcessId
CreateEventA
GetLastError
WaitForSingleObjectEx
ResetEvent
OpenEventA
SetEvent
ExitProcess
GetProcessHeap
HeapAlloc
lstrcpyA
IsBadReadPtr
lstrlenA

user32

MessageBoxA
wsprintfA

advapi32

AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
OpenProcessToken
RegDeleteValueA

shell32

SHGetSpecialFolderPathA

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
InternetCanonicalizeUrlA

shlwapi

SHDeleteKeyA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

Exports

Exports

BhoInstall
_WorkProc@4
__mp@4

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a04fd5eb790361a4a24b84abfd087e2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

shlwapi

rpcrt4

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.reloc Size: 4KB - Virtual size: 3KB

Size: 512B - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 44KB

.reloc
Size: 4KB - Virtual size: 3KB