44b5a3af895f31e22f6bc4eb66bd3eb7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44b5a3af895f31e22f6bc4eb66bd3eb7_JaffaCakes118
Size

348KB
MD5

44b5a3af895f31e22f6bc4eb66bd3eb7
SHA1

2e7e2bc0b92f4c4f095a04a785e2b08d3666883b
SHA256

a98099541168c7f36b107e24e9c80c9125fefb787ae720799b03bb4425aba1a9
SHA512

6efdf1581ec90867c243b99dcaf08a3a8b306582686eb3d79bf52d4e12febcd3ec50c91fa98e32f5496d9724e677454f41ec9cb39548ec95c5764ddeca8a00ac
SSDEEP

6144:+W/434pHIXYWtsWLxiG5w6f1uBjE/yFfpU8nrs0T/ihAOt:+73gIPLxiG5w6oBjn28npTrS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44b5a3af895f31e22f6bc4eb66bd3eb7_JaffaCakes118

Files

44b5a3af895f31e22f6bc4eb66bd3eb7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f599cc012f65508257232b4126048f9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetClientRect
GetClipboardData
OpenClipboard
BeginPaint
SendMessageA
GetDC
GetSystemMetrics
SendMessageW
GetWindowTextW
GetWindowTextLengthW
GetForegroundWindow
GetKeyNameTextA
ToUnicodeEx
MapVirtualKeyExA
ToAscii
MapVirtualKeyA
CloseClipboard
GetKeyboardState
GetKeyboardLayout
GetWindowThreadProcessId
wsprintfW
DefWindowProcA
CreateWindowExA
RegisterClassExA
CallNextHookEx
MsgWaitForMultipleObjects
PeekMessageA
IsWindowVisible
EnumWindows
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
ReleaseDC
GetKeyState
GetDesktopWindow

psapi

GetProcessMemoryInfo

kernel32

GetTimeZoneInformation
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFullPathNameW
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetOEMCP
IsBadWritePtr
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
OpenProcess
GetCurrentProcessId
Sleep
FileTimeToSystemTime
ReadFile
SetFilePointer
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
CreateFileA
WriteFile
SystemTimeToFileTime
VirtualProtect
LocalFileTimeToFileTime
CreateDirectoryA
GetFileAttributesA
GetCurrentDirectoryA
SetFileTime
FindClose
FindFirstFileW
GetEnvironmentStringsW
GetTickCount
InterlockedDecrement
DeleteFileA
SetCurrentDirectoryA
SetFileAttributesA
GetLastError
CreateProcessA
CreatePipe
MultiByteToWideChar
FindNextFileW
CopyFileA
GetComputerNameA
ExpandEnvironmentStringsA
MoveFileA
GetCompressedFileSizeA
GlobalUnlock
GlobalLock
GetVolumeInformationA
GetDriveTypeA
CreateThread
GetModuleHandleA
CreateEventA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileExW
MoveFileW
DeleteFileW
SetFileAttributesW
WinExec
GetModuleFileNameA
WideCharToMultiByte
LocalFree
GetSystemInfo
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
GetLocalTime
FreeEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetCurrentDirectoryW
GetLocaleInfoW
SetStdHandle
SetEnvironmentVariableA
CreateFileW
GetFullPathNameA
SetEndOfFile
ExitProcess
HeapFree
HeapAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
TerminateProcess
GetCurrentProcess
FileTimeToLocalFileTime
GetDriveTypeW
ExitThread
ResumeThread
RtlUnwind
GetCPInfo
GetTimeFormatA
UnmapViewOfFile
FindFirstFileA
GetCurrentThreadId
QueryPerformanceCounter
CompareStringW
CompareStringA
HeapReAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCommandLineA
GetStartupInfoA
CreateDirectoryW
RemoveDirectoryW
GetSystemTimeAsFileTime
GetDateFormatA
InterlockedIncrement

gdi32

CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
CreateCompatibleDC

advapi32

RegQueryValueExA
StartServiceCtrlDispatcherA
DeleteService
CloseServiceHandle
OpenSCManagerA
OpenServiceA
SetServiceStatus
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegisterServiceCtrlHandlerA

shell32

ShellExecuteA
ShellExecuteW

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
VariantChangeType
VariantInit
SysFreeString
SysAllocString

avicap32

capCreateCaptureWindowA

shlwapi

StrCmpW
StrCpyW

wininet

InternetCloseHandle
DeleteUrlCacheEntry

ws2_32

inet_addr
WSAGetLastError
gethostbyname
inet_ntoa
htonl
getservbyname
htons
gethostbyaddr
ntohs
getservbyport
WSACleanup
closesocket
setsockopt
socket
recv
WSAStartup
send

gdiplus

GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdipCloneImage
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat

Sections

.text
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f599cc012f65508257232b4126048f9f

Headers

File Characteristics

Imports

user32

psapi

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

avicap32

shlwapi

wininet

ws2_32

gdiplus

Sections

.text Size: 272KB - Virtual size: 269KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 8KB - Virtual size: 44KB

.shared Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 272KB - Virtual size: 269KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 8KB - Virtual size: 44KB

.shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 1KB