f736a82f97a768189bc7ed78f9b51058_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f736a82f97a768189bc7ed78f9b51058_JaffaCakes118
Size

464KB
MD5

f736a82f97a768189bc7ed78f9b51058
SHA1

529f737a4b80144cd6213b92c856e771a3a7b9a9
SHA256

4b44fcd654af3082a0eaa67cad708386a8497d0e0975437fe8308f66023fbcf7
SHA512

0507b772b0788d4994f6c6c3cde579179c789c54994e2e435998637a1c231405b16782d02fd85777871734083acfcaf5108659749b00a04f95e1dfd6d2a744ef
SSDEEP

6144:LEyYYWO35H+GMOndcHaHtnfDs4cjHYqQCLazNxGB9as34sm8LxJrpQq4KYWfsZ/0:LEY+GMOne6HRQ5akasosm8NJrpQyndP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f736a82f97a768189bc7ed78f9b51058_JaffaCakes118

Files

f736a82f97a768189bc7ed78f9b51058_JaffaCakes118
.exe windows:4 windows x86 arch:x86

38d968b98e54bb380c348e2ba9e4dfd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ToolsBuild\16.2.0.7719\source\release\MicrogamingInstall.pdb

Imports

kernel32

OutputDebugStringA
ReleaseMutex
TerminateProcess
GetVersionExA
RemoveDirectoryW
GetProcAddress
GetVolumePathNameW
Process32First
CreateDirectoryW
ReadFile
DeleteFileW
GetModuleFileNameW
WideCharToMultiByte
FindNextFileA
GetComputerNameA
SetFilePointer
GetModuleHandleA
CopyFileW
MultiByteToWideChar
lstrcpyA
lstrlenA
lstrcpynA
lstrcpynW
GetFileAttributesW
lstrlenW
GetPrivateProfileStringW
WriteFile
LoadLibraryA
LocalFree
FreeLibrary
GetDriveTypeA
GetVolumeInformationA
DeviceIoControl
SetEvent
CreateFileMappingA
GetExitCodeThread
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
CreateThread
CreateEventA
GetLastError
SetEndOfFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
CreateSemaphoreA
FindFirstFileA
ReleaseSemaphore
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
HeapSize
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
GetStdHandle
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetFileSize
CreateDirectoryA
Process32Next
GetFileAttributesA
FormatMessageA
GetLocalTime
CreateToolhelp32Snapshot
FormatMessageW
CreateMutexA
FindClose
GetModuleFileNameA
WaitForSingleObject
CopyFileA
CreateProcessA
OpenProcess
RemoveDirectoryA
DeleteFileA
GetTempFileNameA
lstrcmpiA
GetTempPathA
GetCurrentProcessId
CloseHandle
CreateProcessW
Sleep
CreateFileA
CreateFileW
RaiseException
GetStartupInfoA
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
HeapReAlloc
HeapFree
GetCurrentThreadId
ExitThread
HeapAlloc
ExitProcess

user32

TranslateMessage
GetMessageA
IsDialogMessageA
GetDlgCtrlID
LoadCursorA
AdjustWindowRect
ReleaseDC
EnableWindow
PeekMessageA
UpdateWindow
PostMessageA
IsWindowEnabled
GetSystemMetrics
SetWindowLongW
RegisterClassW
GetWindowLongW
MessageBoxW
LoadIconA
DispatchMessageA
InvalidateRect
CreateWindowExW
SetWindowLongA
DefWindowProcW
OffsetRect
GetWindowDC
ChildWindowFromPoint
GetWindowRect
RegisterClassA
CreateWindowExA
DestroyWindow
DefWindowProcA
SetWindowPos
ShowWindow
EnumDisplayDevicesA
MessageBoxA
wvsprintfA
GetActiveWindow
SetFocus
CopyRect
PostThreadMessageA
EnumDisplaySettingsA
SetWindowTextA
wsprintfW
GetDC
MapWindowPoints
wsprintfA

gdi32

CreateCompatibleDC
DeleteDC
CreateDIBSection
GetDIBits
DeleteObject
SelectObject
GetDeviceCaps
BitBlt

advapi32

RegSetValueA
RegQueryValueW
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegSetValueW
FreeSid
RegOpenKeyExA
GetUserNameA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
OpenSCManagerA
CloseServiceHandle
RegSetValueExA
OpenServiceA

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteA
SHGetMalloc

ole32

CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
CoUninitialize
CoInitialize
OleInitialize
CLSIDFromProgID
OleCreate
OleSetContainedObject
CoTaskMemFree
StringFromIID
OleUninitialize

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantCopy
VariantChangeType
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
VariantInit
SysAllocString

psapi

GetModuleFileNameExA

wsock32

recv
WSAStartup
closesocket
send
gethostbyname
socket
htons
inet_ntoa
connect
ioctlsocket
select
WSAGetLastError
WSACleanup

wininet

InternetOpenUrlA
InternetQueryDataAvailable
HttpQueryInfoA
InternetOpenA
InternetCrackUrlA
InternetCrackUrlW
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenW
InternetOpenUrlW
InternetConnectA
HttpSendRequestA
HttpAddRequestHeadersA
InternetGetConnectedState
HttpOpenRequestA
InternetCombineUrlA
InternetReadFile

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

UrlGetPartA
PathAppendA
SHDeleteKeyA
PathCanonicalizeW
PathAppendW

sensapi

IsNetworkAlive

urlmon

CoInternetGetSession

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38d968b98e54bb380c348e2ba9e4dfd6

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

psapi

wsock32

wininet

version

shlwapi

sensapi

urlmon

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 36KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 36KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 3KB