JaffaCakes118_c1afd5d05b62a7b9fbbdf7935775c5c8

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_c1afd5d05b62a7b9fbbdf7935775c5c8
Size

1.3MB
MD5

c1afd5d05b62a7b9fbbdf7935775c5c8
SHA1

641c7c01c6b93b72d761748a16c0fd416889fe40
SHA256

11f5b5ebfc2f25bf32e675728d4faa069311cefb66825f32106adf237d70a2e7
SHA512

5cd2d62ecbcc31f607e4139ea69a9a3d778d8f9f93e35eb9d3f669f1ea8a4f695fa6312090a502dc39353cdc143dfb8739fd6af8e745e3888e731041a7865992
SSDEEP

24576:bswyOQUyohQ9BO7Qtj6VUBYaff0Lo0Udkw/J8nPXJUF/8zhYWf:bpJQUt+UQtjOU2aff0c0Udkwnqm2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_c1afd5d05b62a7b9fbbdf7935775c5c8

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

JaffaCakes118_c1afd5d05b62a7b9fbbdf7935775c5c8
.exe windows:4 windows x86 arch:x86

ece6278d195fe70ce30ccfd1c3b1f256

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileA

comctl32

ord17

kernel32

CreateProcessA
GetCommandLineA
TerminateProcess
RemoveDirectoryA
GetCurrentProcess
OpenProcess
lstrcatA
SetFileAttributesA
FindClose
WaitForSingleObject
Sleep
GetEnvironmentVariableA
MoveFileA
GetTempPathA
GetShortPathNameA
CreateDirectoryA
GetStartupInfoA
LocalFree
GetFileAttributesA
FindFirstFileA
GetModuleFileNameA
GetExitCodeProcess
FindNextFileA
GetModuleHandleA
CompareStringA
SetEndOfFile
MoveFileExA
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetLongPathNameA
FormatMessageA
DeleteFileA
CloseHandle
GetLastError
ReadFile
CreateFileA
WriteConsoleW
lstrcpyA
CompareStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapSize
GetFileType
SetHandleCount
GetCurrentDirectoryA
GetFullPathNameA
InitializeCriticalSection
LoadLibraryA
UnhandledExceptionFilter
SetEnvironmentVariableA
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
ExitThread
ResumeThread
CreateThread
GetSystemTimeAsFileTime
GetProcAddress
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetTimeZoneInformation
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
DeleteCriticalSection

user32

DialogBoxParamA
ShowWindow
BringWindowToTop
KillTimer
DestroyWindow
TranslateMessage
PostMessageA
GetMessageA
DispatchMessageA
wsprintfA
GetForegroundWindow
GetDlgItem
SetTimer
GetWindowTextA
SetWindowTextA
EndDialog
CreateDialogParamA
ExitWindowsEx
UpdateWindow
BlockInput
SendMessageA
FindWindowA
MessageBoxA
GetDlgItemTextA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
AdjustTokenPrivileges
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
LookupPrivilegeValueA
RegSetValueExA
GetUserNameA
OpenProcessToken

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

shell32

SHFileOperationA
SHGetFolderPathA
SHCreateDirectoryExA
ShellExecuteA

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ece6278d195fe70ce30ccfd1c3b1f256

Headers

File Characteristics

Imports

urlmon

comctl32

kernel32

user32

advapi32

psapi

shell32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 3KB