179a156a793bd787bd4ae905f13b0354_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

179a156a793bd787bd4ae905f13b0354_JaffaCakes118
Size

656KB
MD5

179a156a793bd787bd4ae905f13b0354
SHA1

0c6e389ff585be07ddc58228bb102cbbe5e2d04e
SHA256

97ad6f2d2ac66728e627155c708071b3968cffd36855c382f99cbc1ceb46eaea
SHA512

206334cf4872ae1790923fdf920311f9f06459653574a596af41e0924c46960a8fac0256f5a93b8960d2356522b5931073713ad0d1b721ab04cc23fa0dd5b369
SSDEEP

12288:qnnHPqNHrtT6Clleiiz1chwVsiUqZTYmXUJZQtdVYtq36Z7GsHnHjjv1t9JJ:qnnHPGdxJYEritZTxUDtG2nXvP9J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
179a156a793bd787bd4ae905f13b0354_JaffaCakes118

Files

179a156a793bd787bd4ae905f13b0354_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e9f4b9700dcc8010817f9f26db97e877

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetAttemptConnect
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetOpenW
InternetOpenUrlW

shell32

SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteW

shlwapi

StrStrIW
StrToIntExW
StrToIntW
PathAppendW
PathRemoveFileSpecW
StrChrW
PathFileExistsW
PathIsDirectoryW
SHStrDupW
SHGetValueW
PathAddBackslashW
PathFindExtensionW
PathStripPathW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetProcAddress
SetEvent
WaitForSingleObject
CreateThread
GetModuleHandleW
GetCurrentProcess
GetVersionExW
DeleteFileW
GetTempPathW
GetTempFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
GetFileSize
ExitProcess
Sleep
TerminateThread
GetSystemTimeAsFileTime
lstrcpyW
lstrlenW
lstrcatW
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
lstrcmpiW
GlobalFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThread
InitializeCriticalSectionAndSpinCount
CreateDirectoryW
DeleteCriticalSection
FlushFileBuffers
LocalFree
GetCommandLineW
FreeEnvironmentStringsW
GetEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
GetSystemTime
MoveFileExW
MoveFileW
SetFileAttributesW
RemoveDirectoryW
FreeLibrary
FindNextFileW
FindFirstFileW
GetFileSizeEx
OutputDebugStringW
GetExitCodeThread
WaitForMultipleObjects
ResumeThread
GetCurrentDirectoryW
FreeResource
FindResourceA
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetCurrentDirectoryW
InitializeCriticalSection
FormatMessageW
IsWow64Process
LocalAlloc
GetModuleFileNameW
GetExitCodeProcess
LoadLibraryA
TerminateProcess
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GlobalAlloc
LoadLibraryExW
GetProcessId
ExpandEnvironmentStringsW
GetModuleHandleA
SetHandleCount
GetStartupInfoA
SetStdHandle
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetConsoleCP
GetConsoleMode
SetEndOfFile
GetProcessHeap
HeapSize
GetTimeZoneInformation
QueryPerformanceCounter
GetLocaleInfoA
GetStringTypeA
GetCPInfo
SetFilePointer
WriteFile
ReadFile
GetLastError
CreateFileA
CreateFileW
CloseHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetStringTypeW
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
HeapAlloc
HeapFree
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetStartupInfoW
LCMapStringA
LCMapStringW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
FindClose
SetEnvironmentVariableA

user32

GetPropW
RemovePropW
GetWindowTextW
IsWindowEnabled
IsWindowVisible
EnumChildWindows
LoadIconW
RegisterClassExW
DefWindowProcW
CreateDialogParamW
SetWindowTextW
BeginPaint
EndPaint
MessageBoxW
SetWindowPos
SetTimer
GetMessageW
KillTimer
IsDialogMessageW
EnableWindow
ShowWindow
CreateWindowExW
SetWindowLongW
SetCursor
DestroyWindow
GetDlgItem
SetForegroundWindow
IsWindow
UpdateWindow
FindWindowExW
GetWindowTextLengthW
FillRect
GetClientRect
GetWindowLongW
InvalidateRect
PostMessageW
CallWindowProcW
LoadCursorW
SetPropW
GetParent
ScreenToClient
wsprintfW
BringWindowToTop
GetWindowThreadProcessId
EnumWindows
SendMessageTimeoutW
SendMessageTimeoutA
SendMessageW
MoveWindow
DialogBoxParamW
IsDlgButtonChecked
CheckDlgButton
SetFocus
GetWindowRect
EndDialog
TranslateMessage
SetDlgItemTextW
DispatchMessageW

gdi32

CreateFontIndirectW
GetObjectW
GetStockObject
SetBkMode
CreateSolidBrush
SetBkColor
SetTextColor

advapi32

FreeSid
LogonUserW
CreateProcessWithLogonW
GetTokenInformation
OpenThreadToken
OpenProcessToken
DuplicateToken
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
ConvertSidToStringSidW
LookupAccountNameW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegEnumValueW
AllocateAndInitializeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor

ole32

OleSetContainedObject
CoInitializeEx
CoCreateGuid
CoTaskMemFree
CoGetClassObject
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysAllocString
VariantInit

winhttp

WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpSetOption
WinHttpCrackUrl
WinHttpWriteData

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

credui

CredUIPromptForCredentialsW

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9f4b9700dcc8010817f9f26db97e877

Headers

DLL Characteristics

File Characteristics

Imports

wininet

shell32

shlwapi

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

winhttp

userenv

credui

Sections

.text Size: 294KB - Virtual size: 293KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 10KB - Virtual size: 39KB

.rsrc Size: 183KB - Virtual size: 183KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 294KB - Virtual size: 293KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 10KB - Virtual size: 39KB

.rsrc
Size: 183KB - Virtual size: 183KB

.reloc
Size: 24KB - Virtual size: 23KB