33b672a893c6a9508fbb6dc16fa38e8f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33b672a893c6a9508fbb6dc16fa38e8f_JaffaCakes118
Size

468KB
MD5

33b672a893c6a9508fbb6dc16fa38e8f
SHA1

fa2a8445c317152505246d915a808ace9ab03767
SHA256

e7282c4e6ee01ce2f5e73abf3010974dab0b96ff54b12476d701fbac4005fdcb
SHA512

1ab5ed37fa12d38a35bd7938a0d41bc17ed66dd5ada1b5a3678d70960ca809bf1244b2f74502c715fa9b17cb4ba1ff5b34be4620a894fb10af448e3a17715c45
SSDEEP

12288:iEY+GMOne6HRQ5akgINrTGG6tIBZj5UZxT1o0hBol:ieN6HRQ5akLd6tG5UZXal

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33b672a893c6a9508fbb6dc16fa38e8f_JaffaCakes118

Files

33b672a893c6a9508fbb6dc16fa38e8f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

38d968b98e54bb380c348e2ba9e4dfd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ToolsBuild\16.2.0.7719\source\release\MicrogamingInstall.pdb

Imports

kernel32

OutputDebugStringA
ReleaseMutex
TerminateProcess
GetVersionExA
RemoveDirectoryW
GetProcAddress
GetVolumePathNameW
Process32First
CreateDirectoryW
ReadFile
DeleteFileW
GetModuleFileNameW
WideCharToMultiByte
FindNextFileA
GetComputerNameA
SetFilePointer
GetModuleHandleA
CopyFileW
MultiByteToWideChar
lstrcpyA
lstrlenA
lstrcpynA
lstrcpynW
GetFileAttributesW
lstrlenW
GetPrivateProfileStringW
WriteFile
LoadLibraryA
LocalFree
FreeLibrary
GetDriveTypeA
GetVolumeInformationA
DeviceIoControl
SetEvent
CreateFileMappingA
GetExitCodeThread
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
CreateThread
CreateEventA
GetLastError
SetEndOfFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
CreateSemaphoreA
FindFirstFileA
ReleaseSemaphore
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
HeapSize
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
GetStdHandle
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetFileSize
CreateDirectoryA
Process32Next
GetFileAttributesA
FormatMessageA
GetLocalTime
CreateToolhelp32Snapshot
FormatMessageW
CreateMutexA
FindClose
GetModuleFileNameA
WaitForSingleObject
CopyFileA
CreateProcessA
OpenProcess
RemoveDirectoryA
DeleteFileA
GetTempFileNameA
lstrcmpiA
GetTempPathA
GetCurrentProcessId
CloseHandle
CreateProcessW
Sleep
CreateFileA
CreateFileW
RaiseException
GetStartupInfoA
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
HeapReAlloc
HeapFree
GetCurrentThreadId
ExitThread
HeapAlloc
ExitProcess

user32

TranslateMessage
GetMessageA
IsDialogMessageA
GetDlgCtrlID
LoadCursorA
AdjustWindowRect
ReleaseDC
EnableWindow
PeekMessageA
UpdateWindow
PostMessageA
IsWindowEnabled
GetSystemMetrics
SetWindowLongW
RegisterClassW
GetWindowLongW
MessageBoxW
LoadIconA
DispatchMessageA
InvalidateRect
CreateWindowExW
SetWindowLongA
DefWindowProcW
OffsetRect
GetWindowDC
ChildWindowFromPoint
GetWindowRect
RegisterClassA
CreateWindowExA
DestroyWindow
DefWindowProcA
SetWindowPos
ShowWindow
EnumDisplayDevicesA
MessageBoxA
wvsprintfA
GetActiveWindow
SetFocus
CopyRect
PostThreadMessageA
EnumDisplaySettingsA
SetWindowTextA
wsprintfW
GetDC
MapWindowPoints
wsprintfA

gdi32

CreateCompatibleDC
DeleteDC
CreateDIBSection
GetDIBits
DeleteObject
SelectObject
GetDeviceCaps
BitBlt

advapi32

RegSetValueA
RegQueryValueW
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegSetValueW
FreeSid
RegOpenKeyExA
GetUserNameA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
OpenSCManagerA
CloseServiceHandle
RegSetValueExA
OpenServiceA

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteA
SHGetMalloc

ole32

CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
CoUninitialize
CoInitialize
OleInitialize
CLSIDFromProgID
OleCreate
OleSetContainedObject
CoTaskMemFree
StringFromIID
OleUninitialize

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantCopy
VariantChangeType
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
VariantInit
SysAllocString

psapi

GetModuleFileNameExA

wsock32

recv
WSAStartup
closesocket
send
gethostbyname
socket
htons
inet_ntoa
connect
ioctlsocket
select
WSAGetLastError
WSACleanup

wininet

InternetOpenUrlA
InternetQueryDataAvailable
HttpQueryInfoA
InternetOpenA
InternetCrackUrlA
InternetCrackUrlW
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenW
InternetOpenUrlW
InternetConnectA
HttpSendRequestA
HttpAddRequestHeadersA
InternetGetConnectedState
HttpOpenRequestA
InternetCombineUrlA
InternetReadFile

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

UrlGetPartA
PathAppendA
SHDeleteKeyA
PathCanonicalizeW
PathAppendW

sensapi

IsNetworkAlive

urlmon

CoInternetGetSession

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38d968b98e54bb380c348e2ba9e4dfd6

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

psapi

wsock32

wininet

version

shlwapi

sensapi

urlmon

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 36KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 36KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 3KB