5471193abdf6c04f95caa68c8df65716_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5471193abdf6c04f95caa68c8df65716_JaffaCakes118
Size

248KB
MD5

5471193abdf6c04f95caa68c8df65716
SHA1

4ef5a70ba8b6be21c155f6ed16e4bbd513cbad00
SHA256

f29c9563fc96449ed3e6546dc800f5295153f968f2c6fd5da8ba05132e110612
SHA512

8abf9d2ba4a89671cd806d0e0f059e4a0b3a0a54e8912ce9a69c21b59bf458f4070f88175018f0c0b27a8b994ef9a670533cbcecd02185436fd9f378e7afd66e
SSDEEP

6144:KIV6Tpli9D71XnLEP9QmuWb1zvi2r+sE0+qrhJa:l6Wx7xY1R1b1zvTBx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5471193abdf6c04f95caa68c8df65716_JaffaCakes118

Files

5471193abdf6c04f95caa68c8df65716_JaffaCakes118
.exe windows:4 windows x86 arch:x86

904dac6a7c0836db69f9d94966551efa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
DeleteFileA
CopyFileA
ReadFile
OpenEventA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateThread
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
GetStringTypeW
GetStringTypeA
ExpandEnvironmentStringsA
FindNextFileA
FindClose
lstrcmpA
FindFirstFileA
WinExec
FindResourceA
LoadResource
LockResource
CreateProcessA
GetPrivateProfileStringA
GetCurrentProcess
CreateFileA
WriteFile
CloseHandle
ExitProcess
WaitForSingleObject
OutputDebugStringA
SleepEx
Sleep
GetSystemDirectoryA
OpenProcess
DeviceIoControl
FlushFileBuffers
GetSystemTime
MultiByteToWideChar
SetFilePointer
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenW
lstrlenA
lstrcpyW
lstrcpyA
lstrcmpiW
lstrcmpiA
lstrcatW
WriteProcessMemory
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
UnmapViewOfFile
TerminateThread
TerminateProcess
SetThreadPriority
SetLastError
SetEvent
ResumeThread
ReleaseMutex
ReadProcessMemory
OpenMutexW
OpenMutexA
OpenFileMappingW
OpenFileMappingA
OpenEventW
MapViewOfFile
LoadLibraryExA
LoadLibraryW
IsBadWritePtr
IsBadReadPtr
GetVersionExW
GetTickCount
GetThreadContext
GetSystemDirectoryW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLastError
GetFileSize
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetCurrentThread
GetCurrentProcessId
GetCurrentDirectoryW
GetCurrentDirectoryA
InterlockedExchange
FormatMessageA
DuplicateHandle
DeleteFileW
CreateProcessW
CreatePipe
CreateMutexW
CreateMutexA
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateEventW
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
SetUnhandledExceptionFilter
FreeEnvironmentStringsA

user32

GetUserObjectInformationA
PeekMessageA
MessageBoxA
GetThreadDesktop
OpenInputDesktop
MsgWaitForMultipleObjects
TranslateAcceleratorA
SetTimer
GetMessageA
CloseDesktop
TranslateMessage
DispatchMessageA
KillTimer
wsprintfA
GetKeyboardType

oleaut32

SysFreeString
SysReAllocStringLen

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
EqualSid
FreeSid
GetLengthSid
GetTokenInformation
InitializeSecurityDescriptor
IsValidSid
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegSetValueExW
SetSecurityDescriptorDacl
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetKernelObjectSecurity

wininet

InternetQueryDataAvailable
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

904dac6a7c0836db69f9d94966551efa

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

advapi32

wininet

Sections

.text Size: 48KB - Virtual size: 46KB

CODE Size: 104KB - Virtual size: 102KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 20KB

DATA Size: 4KB - Virtual size: 3KB

BSS Size: 4KB - Virtual size: 1KB

.sxdata Size: 4KB - Virtual size: 124B

.rsrc Size: 52KB - Virtual size: 48KB

.text
Size: 48KB - Virtual size: 46KB

CODE
Size: 104KB - Virtual size: 102KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 20KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: 4KB - Virtual size: 1KB

.sxdata
Size: 4KB - Virtual size: 124B

.rsrc
Size: 52KB - Virtual size: 48KB