f38f2d6be9deb642ff6667bed5d3750e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f38f2d6be9deb642ff6667bed5d3750e_JaffaCakes118
Size

3.1MB
MD5

f38f2d6be9deb642ff6667bed5d3750e
SHA1

a5f041f167f019337c627a12514c993bdab0b5a3
SHA256

bb63ede36755e815a2a68183c5f98962424ea168c2d6fd8925d4475065f50eeb
SHA512

9f2ba1eaab9f87a2ef9fd6d7fe53b002284df326506cfde29c195f73c22fdd9de825e1a79dd9ab535002d8ebc4a466609e6e452fd4dd50431af3e1c63183045a
SSDEEP

98304:aJ5LgJf6PD3Nmn7AJEgLYXMKUCCCNYzQEr0WO0Yk84c1w:bJiPD3Nm7AJEgLYX8CNYzQEr0WO0Yk8q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f38f2d6be9deb642ff6667bed5d3750e_JaffaCakes118

Files

f38f2d6be9deb642ff6667bed5d3750e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

671bf282a1220dd40b726d0900e97b4a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateFileA
GetProcAddress
LoadLibraryA
lstrcatA
lstrlenA
Sleep
GetFileSize
lstrcmpA
ReadFile
SetFilePointer
GetFileAttributesA
GetModuleHandleA
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
GetSystemDefaultLangID
lstrcpyW
lstrlenW
CreateProcessA
ExpandEnvironmentStringsA
CopyFileA
GetWindowsDirectoryW
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetSystemDirectoryA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
InterlockedIncrement
InterlockedDecrement
SetUnhandledExceptionFilter
GetCurrentDirectoryA
LeaveCriticalSection
EnterCriticalSection
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapSize
HeapReAlloc
UnhandledExceptionFilter
SetLastError
SetFileAttributesA
GetModuleFileNameA
VirtualProtect
VirtualAlloc
WinExec
CreateToolhelp32Snapshot
Process32First
Process32Next
UnmapViewOfFile
Module32First
Module32Next
CloseHandle
TerminateProcess
DeleteFileA
lstrcpyA
VirtualFree
CreateFileMappingA
TlsAlloc
GetCurrentThreadId
HeapAlloc
RaiseException
HeapFree
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
RtlUnwind
GetLocalTime
GetSystemTime
GetTimeZoneInformation
ExitThread
TlsGetValue
TlsSetValue
CreateThread
ResumeThread
GetLastError
MapViewOfFile
GetCurrentProcessId
SetStdHandle

user32

IsRectEmpty
GetClassNameW
GetDlgItemTextA
SetDlgItemTextA
EnableWindow
CheckDlgButton
SystemParametersInfoA
EndDialog
MessageBoxA
GetWindowThreadProcessId
IsDlgButtonChecked
GetClassNameA
IsWindow
GetWindow
GetTopWindow
IsWindowVisible
FindWindowA
wsprintfA
UnloadKeyboardLayout
GetKeyboardLayoutList
ReleaseCapture
ClientToScreen
SetCursor
SetCapture
LoadIconA
LoadCursorA
WindowFromPoint
GetParent
PtInRect
GetWindowDC
GetWindowRect
OffsetRect
LoadBitmapA
ReleaseDC
DialogBoxParamA
GetClassInfoExA
RegisterClassExA
WaitForInputIdle
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
PostMessageA
GetDlgItem

gdi32

PatBlt

advapi32

RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegEnumValueA

shell32

ShellExecuteExA
ShellExecuteA

ws2_32

closesocket
connect
htons
inet_addr
socket
inet_ntoa
gethostbyname
WSAStartup
recv
__WSAFDIsSet
select
send

imm32

ImmIsIME
ImmGetDescriptionA

shlwapi

PathFileExistsA
StrCatW
PathFindFileNameA
PathFindExtensionA
PathRenameExtensionA
PathRemoveFileSpecA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 592KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

671bf282a1220dd40b726d0900e97b4a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

imm32

shlwapi

version

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 16KB - Virtual size: 36KB

.text0 Size: 68KB - Virtual size: 64KB

.text1 Size: 592KB - Virtual size: 588KB

.rsrc Size: 68KB - Virtual size: 64KB

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 16KB - Virtual size: 36KB

.text0
Size: 68KB - Virtual size: 64KB

.text1
Size: 592KB - Virtual size: 588KB

.rsrc
Size: 68KB - Virtual size: 64KB