fce5ab46be135418ffa72c2121a9afe9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fce5ab46be135418ffa72c2121a9afe9_JaffaCakes118
Size

208KB
MD5

fce5ab46be135418ffa72c2121a9afe9
SHA1

b5ae5dcda6b08b90540af2c21e0a2466ba6948cc
SHA256

e83166b796e1e88b1769dc2f787b2b1c975eb503a8cdd3d6b843218d6c08ffaf
SHA512

b2a81fa64936e3ddc8443c75d9f04f7c7a22190f5d954505e720adb6978d89546537141192fb216572bc7c07a80241cfd65fb8de5ed86cbdacd94d4db4bf00aa
SSDEEP

3072:7to2HyJt6oobhLgaMCLgfl8wofyNqPcJCXTrJroZVGv9fKZ+3jnHo3hQ1bWpbT6j:7PHy/6TyaMCLgt8ty0OYlu7GE9o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fce5ab46be135418ffa72c2121a9afe9_JaffaCakes118

Files

fce5ab46be135418ffa72c2121a9afe9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

db30eb4355fb69eb637dd536c90c9702

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SHFileOperationA

kernel32

lstrlenA
GetModuleHandleA
InterlockedDecrement
GetLastError
GetProcAddress
GetDiskFreeSpaceA
CloseHandle
CreateThread
GetCommandLineA
GetModuleFileNameA
InterlockedIncrement
DebugBreak
OutputDebugStringA
GetTempPathA
CreateDirectoryA
lstrcpyA
GetFileSize
CreateFileA
DeleteFileA
FlushFileBuffers
GetVersionExA
WriteFile
SetFilePointer
Sleep
lstrcatA
GetShortPathNameA
CopyFileA
GetVersion
GetFullPathNameA
CreateMutexA
SetLastError
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
LoadLibraryA
GetCurrentThreadId
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeResource
GlobalFree
GlobalHandle
LockResource
LoadResource
FindResourceA
GlobalAlloc
lstrlenW
MultiByteToWideChar
GlobalUnlock
GlobalLock
MulDiv
lstrcmpA
FlushInstructionCache
GetCurrentProcess
WideCharToMultiByte
CompareStringA
lstrcmpiA
FreeLibrary
GetTickCount
SetHandleCount
ReadFile
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetEnvironmentStringsW
ExitProcess
GetStartupInfoA
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
GetStringTypeA
IsBadCodePtr
SetEndOfFile
GetStringTypeW
GetCPInfo
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
IsBadReadPtr
GetOEMCP
SetStdHandle
LCMapStringW
LCMapStringA
GetACP

user32

GetDlgItem
CharLowerA
wvsprintfA
PostMessageA
MoveWindow
CreateWindowExA
wsprintfA
InvalidateRgn
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetDesktopWindow
GetClassNameA
IsWindow
BeginPaint
FillRect
EndPaint
CallWindowProcA
GetDC
ReleaseDC
GetFocus
IsChild
SetFocus
GetSysColor
RedrawWindow
CharNextA
GetWindowTextLengthA
GetWindowTextA
SetWindowLongA
DefWindowProcA
GetClassInfoExA
RegisterClassExA
RegisterWindowMessageA
LoadCursorA
CreateDialogIndirectParamA
PostQuitMessage
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
LoadIconA
SetWindowTextA
ShowWindow
DestroyWindow
GetMessageA
IsDialogMessageA
DispatchMessageA
SendMessageA
LoadStringA
GetWindowLongA
InvalidateRect

gdi32

GetDeviceCaps
DeleteObject
GetStockObject
GetObjectA
CreateSolidBrush
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt

wininet

InternetOpenA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetGetConnectedState

ole32

CLSIDFromString
OleInitialize
OleUninitialize
CLSIDFromProgID
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocStringLen

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db30eb4355fb69eb637dd536c90c9702

Headers

File Characteristics

Imports

wsock32

advapi32

shell32

kernel32

user32

gdi32

wininet

ole32

oleaut32

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 15KB - Virtual size: 20KB

.rsrc Size: 90KB - Virtual size: 90KB

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 15KB - Virtual size: 20KB

.rsrc
Size: 90KB - Virtual size: 90KB