edb8a112411edb6b31e0cf59996e156e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

edb8a112411edb6b31e0cf59996e156e_JaffaCakes118
Size

215KB
MD5

edb8a112411edb6b31e0cf59996e156e
SHA1

ce4b9fb987e260cef5e4f3c75645fa25b88a75ec
SHA256

e3affb44cd0acf7cb0beaba93f18ce0c9a9835697b8be67e50dd3ddf94619847
SHA512

e9d715bf0913948debe0886acad642a0a64c2d8e60da3c7c290577c0dc855cac306a9c0f8bccb93c599e01a15e22e052aa2ce5d14b3b74eea12415a9bd3b65e0
SSDEEP

6144:B6z8x9KvWUX4oAou+LiE+U6t6XnsYEZcu:B6MfUJTI63f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edb8a112411edb6b31e0cf59996e156e_JaffaCakes118

Files

edb8a112411edb6b31e0cf59996e156e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

74c600be2ecafb9bcdf40f0cf8f745fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetStockObject
SelectPalette
GetDIBits
RealizePalette
DeleteDC
ExtEscape
CreateSolidBrush
CreateDIBitmap
CreateDIBSection
CreateCompatibleBitmap
SetStretchBltMode
GetObjectA
CreateFontA
GetDeviceCaps
StretchDIBits
SelectObject
DeleteObject
CreateCompatibleDC
BitBlt
SetBkMode

shlwapi

PathFileExistsW
PathCombineW

gdiplus

GdipAlloc
GdipCreateBitmapFromFileICM
GdipFree
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipDisposeImage
GdipCloneImage

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

UnmapViewOfFile
GetShortPathNameW
GlobalSize
MapViewOfFile
LocalFree
CreateFileW
LocalAlloc
GetProcessAffinityMask
CreateFileA
ReadFile
EnumResourceTypesA
Sleep
DisableThreadLibraryCalls
GlobalAlloc
GlobalFree
GetFileAttributesA
WideCharToMultiByte
WriteFile
GetTickCount
SetFilePointer
CreateFileMappingA
GetFileSize
CloseHandle

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

winmm

timeGetTime
timeSetEvent

ole32

StgCreateDocfile
OleInitialize
CoInitialize
CoUninitialize
CoTaskMemAlloc
OleUninitialize
CoInitializeSecurity
CoTaskMemRealloc
StgOpenStorage
CreateBindCtx
OleLockRunning
StringFromGUID2
CreateStreamOnHGlobal
CoGetClassObject
CoSetProxyBlanket
CoCreateInstance
BindMoniker
CoTaskMemFree
CLSIDFromProgID
GetRunningObjectTable
StgIsStorageFile
CreateItemMoniker
CLSIDFromString

advapi32

CryptDestroyKey
CryptDestroyHash
RegCreateKeyExA
CryptCreateHash
RegSetValueExA
RegQueryValueExA
CryptImportKey
RegOpenKeyExA
CryptEncrypt
CryptReleaseContext
RegEnumKeyExA
RegDeleteValueA
CryptHashData
RegEnumValueA
RegCloseKey
RegQueryInfoKeyA
CryptGetHashParam
CryptAcquireContextA
RegDeleteKeyA

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

user32

RegisterWindowMessageA
GetWindowTextLengthA
EnumDisplayDevicesA
SetTimer
RegisterClassExA
IsWindow
GetWindowRect
CopyRect
GetDC
PostThreadMessageA
DestroyWindow
IsChild
LoadCursorA
GetSysColor
SetFocus
CallWindowProcA
EqualRect
SetCapture
CreateDialogParamA
PostMessageA
FindWindowA
InvalidateRect
GetFocus
DispatchMessageA
DestroyAcceleratorTable
ReleaseCapture
GetDesktopWindow
GetWindowTextA
GetParent
SetWindowLongA
GetDlgItem
GetWindow
GetWindowLongA
CreateWindowExA
CharNextA
RedrawWindow
FillRect
KillTimer
SetParent
GetClassInfoExA
CreateAcceleratorTableA
PeekMessageA
InvalidateRgn
SetWindowTextA
SetRect
GetQueueStatus
GetActiveWindow
GetClientRect
GetClassNameA
MsgWaitForMultipleObjects
BeginPaint
UnregisterClassA
SendMessageTimeoutA
MoveWindow
SendMessageA
DefWindowProcA
DrawTextA
SendNotifyMessageA
EndPaint
ReleaseDC
wsprintfA
wvsprintfA
ShowWindow
SetWindowPos

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74c600be2ecafb9bcdf40f0cf8f745fa

Headers

File Characteristics

Imports

gdi32

shlwapi

gdiplus

version

kernel32

shell32

winmm

ole32

advapi32

wininet

setupapi

user32

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 5KB - Virtual size: 4KB

.bss Size: 88KB - Virtual size: 88KB

.tls Size: 1024B - Virtual size: 80KB

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 5KB - Virtual size: 4KB

.bss
Size: 88KB - Virtual size: 88KB

.tls
Size: 1024B - Virtual size: 80KB