ffb48a06608bbfd8f220c34ac235a58f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ffb48a06608bbfd8f220c34ac235a58f_JaffaCakes118
Size

529KB
MD5

ffb48a06608bbfd8f220c34ac235a58f
SHA1

669564184695637a54fb4bef83fccf232b2867a7
SHA256

83b1d62f83308116c579dd5edf455c5dac0ed74cde70386b59cc9e41b6da87a3
SHA512

88dfabe34ce921c308616f9af113bfaa47600a332bbb0d5d8350247c869cacd96bb92fcecaad563cea11bd8708922a182dbeab81a1602a7657c0b97b775cccb1
SSDEEP

12288:VeFGAYSRayCmBENr7wH6iO8MY0A3vOl6SioX1cCTs5jaUAMDlhhlNJ+AntX:VevDA7wH6iO8MY0SvOllioXxTwjaUPZt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffb48a06608bbfd8f220c34ac235a58f_JaffaCakes118

Files

ffb48a06608bbfd8f220c34ac235a58f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b931e3686a9b30706ca28a109b8a2a0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\InstallToolBox3.5\src\bin.iru\Reporter.pdb

Imports

wininet

InternetOpenW
InternetConnectW
InternetCloseHandle
HttpAddRequestHeadersW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpOpenRequestW
HttpSendRequestW
InternetQueryOptionW
InternetSetOptionW
InternetReadFile

kernel32

WaitForSingleObject
FormatMessageW
HeapCreate
HeapDestroy
FreeLibrary
LoadLibraryW
GetModuleFileNameW
lstrlenA
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
FindResourceA
GetVersionExA
CreateFileA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindFirstFileA
DeleteFileA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
CreateDirectoryA
GetFileAttributesA
GetExitCodeThread
LocalFree
lstrcmpiW
lstrcpyW
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
GetCPInfo
GetOEMCP
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsBadWritePtr
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
LCMapStringW
LCMapStringA
GetModuleFileNameA
VirtualQuery
VirtualProtect
GetStartupInfoW
GetModuleHandleA
CreateThread
ExitThread
ExitProcess
RtlUnwind
WaitForMultipleObjects
SetEndOfFile
FlushFileBuffers
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
SetUnhandledExceptionFilter
GetModuleHandleW
VirtualAlloc
CompareStringW
HeapAlloc
HeapFree
lstrcatW
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesW
CreateDirectoryW
MoveFileW
GetFileSize
WriteFile
ReadFile
CreateFileW
MultiByteToWideChar
CloseHandle
lstrlenW
WideCharToMultiByte
GetLastError
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
LoadLibraryExW
GetTickCount
GetProcAddress
InterlockedDecrement
InterlockedIncrement
OutputDebugStringW
SetFilePointer
GetLocalTime
GetCurrentProcessId
InterlockedExchangeAdd
GetSystemInfo
TerminateProcess
VirtualFree
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetProcessHeap

user32

SetRectEmpty
SystemParametersInfoW
IsWindow
GetMouseMovePointsEx
GetForegroundWindow
ShowWindow
GetActiveWindow
MessageBoxW
GetWindow
GetWindowRect
MapWindowPoints
DestroyWindow
GetSystemMenu
EnableMenuItem
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
EndPaint
BeginPaint
GetDlgCtrlID
SetCursor
InvalidateRect
PtInRect
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
UpdateWindow
GetClassNameW
LoadCursorW
CallWindowProcW
MsgWaitForMultipleObjectsEx
OffsetRect
ReleaseDC
GetDC
DefWindowProcW
FillRect
DrawTextW
PostMessageW
SetWindowPos
GetDlgItem
GetParent
GetClientRect
SendMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowLongW
CreateWindowExW
SetWindowLongW
CharNextW
wsprintfW
DispatchMessageW
GetMessageA
IsWindowUnicode
DispatchMessageA
TranslateMessage
GetMessageW
PeekMessageW
UnregisterClassW

gdi32

CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
GetTextMetricsW
SetBkMode
SetTextColor
CreateFontIndirectW
DeleteDC
GetObjectW
DeleteObject
GetStockObject
SelectObject

advapi32

RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

shlwapi

PathAppendW
PathRenameExtensionW
PathCombineW
PathAppendA
PathAddBackslashW

comctl32

PropertySheetW
CreatePropertySheetPageW
DestroyPropertySheetPage
_TrackMouseEvent

Sections

.text
Size: 316KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b931e3686a9b30706ca28a109b8a2a0a

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 316KB - Virtual size: 314KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 24KB - Virtual size: 30KB

.data1 Size: 4KB - Virtual size: 224B

.rsrc Size: 24KB - Virtual size: 23KB

.rrdata Size: 68KB - Virtual size: 68KB

.text
Size: 316KB - Virtual size: 314KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 24KB - Virtual size: 30KB

.data1
Size: 4KB - Virtual size: 224B

.rsrc
Size: 24KB - Virtual size: 23KB

.rrdata
Size: 68KB - Virtual size: 68KB