f4f6bcae9e72f8caae94df7f94c02047_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f4f6bcae9e72f8caae94df7f94c02047_JaffaCakes118
Size

351KB
MD5

f4f6bcae9e72f8caae94df7f94c02047
SHA1

92775fe9fe42c3f51461931ad762c1a9687b7b5a
SHA256

93f21e791335e96d6d92a94252a96c3c1d2509eff235f45f23b9d4bb232ece68
SHA512

c45b5e26afce3afc2de64a512e4bdd71f5dcf9f87e6e40a759eb5c561c1b69e6f86d61c9344080523027af17af809ef92c8d00735b6e75f9500cea5f354a7e34
SSDEEP

6144:7zgAKHOegOE9IPm573ZbRqzEOo21+IBqHwt/HjzHvV1J7Zgu:7zJegOEGO5Tl2UQpDzHN1JJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4f6bcae9e72f8caae94df7f94c02047_JaffaCakes118

Files

f4f6bcae9e72f8caae94df7f94c02047_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d9f5d712ca45725d8c11570fcd58df6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ToolsBuild\14.1.0.3434\source\release\MicrogamingInstall.pdb

Imports

kernel32

lstrcatA
WideCharToMultiByte
GetFileSize
FindClose
MultiByteToWideChar
GetVersionExA
CreateDirectoryA
lstrcpyA
FindFirstFileA
GetFileAttributesA
lstrcpynA
lstrcpynW
GetFileAttributesW
GetModuleFileNameW
lstrlenW
OutputDebugStringA
WriteFile
GetPrivateProfileStringW
FreeLibrary
LoadLibraryA
LocalFree
GetDriveTypeA
GetVolumeInformationA
DeviceIoControl
SetEvent
CreateEventA
CreateFileMappingA
GetExitCodeThread
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
CreateThread
GetLastError
SetEndOfFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
DeleteFileW
CreateSemaphoreA
GetModuleHandleA
ReleaseSemaphore
CreateMutexA
ReleaseMutex
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
GetStdHandle
ReadFile
GetComputerNameA
FindNextFileA
lstrlenA
GetWindowsDirectoryA
FormatMessageA
GetProcAddress
SetFilePointer
WaitForSingleObject
GetTempFileNameA
OpenProcess
GetModuleFileNameA
CreateProcessA
CopyFileA
RemoveDirectoryA
DeleteFileA
GetTempPathA
lstrcmpiA
GetCurrentProcessId
CloseHandle
Sleep
CreateFileW
CreateFileA
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
RaiseException
GetStartupInfoA
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
ExitThread
ExitProcess

user32

GetWindowLongA
IsWindowEnabled
MapWindowPoints
UpdateWindow
EnableWindow
MessageBoxW
GetSystemMetrics
AdjustWindowRect
LoadIconA
DispatchMessageA
PeekMessageA
SetWindowLongA
OffsetRect
GetWindowDC
ChildWindowFromPoint
wvsprintfA
GetActiveWindow
SetFocus
CopyRect
PostThreadMessageA
LoadCursorA
MessageBoxA
wsprintfA
GetDlgCtrlID
ReleaseDC
GetMessageA
SetWindowTextA
PostMessageA
wsprintfW
CreateWindowExA
InvalidateRect
RegisterClassA
ShowWindow
SetWindowPos
DefWindowProcA
DestroyWindow
GetWindowRect
TranslateMessage
IsDialogMessageA

gdi32

DeleteDC
CreateDIBSection
GetDIBits
DeleteObject
SelectObject
BitBlt
CreateCompatibleDC

advapi32

RegCreateKeyExW
RegEnumKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegSetValueA
RegOpenKeyExA
FreeSid
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
GetUserNameA
RegSetValueExA
RegQueryValueW

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFolderPathW

ole32

OleInitialize
OleUninitialize
CoCreateGuid
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoTaskMemFree
OleCreate
CLSIDFromProgID
OleSetContainedObject
CoCreateInstance
StringFromIID

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantCopy
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
SysFreeString
SysStringLen
SysAllocStringLen

wsock32

send
closesocket
WSAStartup
WSACleanup
inet_ntoa
connect
ioctlsocket
select
WSAGetLastError
htons
recv
socket
gethostbyname

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

shlwapi

UrlGetPartA
PathAppendW
PathCanonicalizeA
SHDeleteKeyA

sensapi

IsNetworkAlive

wininet

InternetGetLastResponseInfoA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetCombineUrlA
InternetReadFile
InternetQueryDataAvailable
InternetConnectA
HttpQueryInfoA
InternetGetConnectedState

urlmon

CoInternetGetSession

Sections

.text
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9f5d712ca45725d8c11570fcd58df6c

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wsock32

version

shlwapi

sensapi

wininet

urlmon

Sections

.text Size: 172KB - Virtual size: 169KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 16KB - Virtual size: 35KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 172KB - Virtual size: 169KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 16KB - Virtual size: 35KB

.rsrc
Size: 4KB - Virtual size: 3KB