61180cfb83f66d7b3c281f6fcc3c9793_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61180cfb83f66d7b3c281f6fcc3c9793_JaffaCakes118
Size

500KB
MD5

61180cfb83f66d7b3c281f6fcc3c9793
SHA1

b250a0645215d45e55887713ae4e9b4f49597a1e
SHA256

11dc85e4e2d2a77d0c415b5fb1df9c6abb14ba84a398668ec7aae05c9abb16eb
SHA512

730200523fc4308ad80a77f14e39effa88be4f02ab36e17814e53a0d9508a03ce38b67cccb81aa619800776a1dc2fae3c903bb5514ea58231c309a3d364c8821
SSDEEP

6144:2nqE+qTsAi9LxlirfsqHMbPfSMtilrdN3KEXkt8mkRSO1DpUSmrJz:2nqlmsAi5xlirL5MtwrdRK8kmYO1ySU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61180cfb83f66d7b3c281f6fcc3c9793_JaffaCakes118

Files

61180cfb83f66d7b3c281f6fcc3c9793_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5e5eda1e5d196ce9300adad20d11d650

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpOpen
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpWriteData
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpConnect
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpCrackUrl

msimg32

AlphaBlend

comctl32

ord17

shlwapi

StrCmpNIW
StrToIntA
PathStripPathW
SHCreateStreamOnFileEx
StrChrW
StrStrIW
StrToInt64ExW
PathIsDirectoryW
PathFileExistsW
PathAddBackslashW
wvnsprintfW
PathRemoveFileSpecW
StrChrIW
PathAppendW
PathFindExtensionW
StrToIntW
StrToIntExW
StrToIntExA
StrCmpIW

windowscodecs

WICConvertBitmapSource

psapi

GetModuleFileNameExW

kernel32

HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
GetProcessHeap
GetStdHandle
CreateMutexA
CreateFileMappingA
lstrcpyA
lstrcatA
InterlockedDecrement
InterlockedIncrement
lstrcmpiA
lstrlenA
GetProcAddress
LoadLibraryW
GlobalFree
GlobalAlloc
CreateMutexW
CloseHandle
WaitForSingleObject
ReleaseMutex
lstrcmpiW
GetVersionExW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
WaitForMultipleObjects
Sleep
CreateThread
LocalFree
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenW
GetTickCount
FreeLibrary
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
TryEnterCriticalSection
SetFilePointer
GetModuleFileNameW
RaiseException
FlushFileBuffers
WriteFile
lstrcpyW
lstrcatW
GetFileAttributesW
GetPrivateProfileStringW
SetEnvironmentVariableW
GetLastError
LoadLibraryExW
GetExitCodeProcess
ResumeThread
CreateProcessW
GetEnvironmentStringsW
GetCurrentProcessId
GetProcessId
ExpandEnvironmentStringsW
GetCommandLineW
OpenFileMappingW
WideCharToMultiByte
SetEvent
OpenEventW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetStartupInfoW
lstrcmpW
VirtualQuery
Thread32Next
Thread32First
GetCurrentThreadId
GetModuleHandleW
TerminateProcess
OpenProcess
lstrcpynW
EnterCriticalSection
LeaveCriticalSection
SetLastError
TerminateThread
GetCurrentThread
CreateEventW

user32

SetTimer
KillTimer
SetDlgItemTextW
SetWindowPos
GetWindowTextW
FindWindowExW
ChildWindowFromPointEx
EnumPropsW
IsWindowVisible
GetDlgCtrlID
PostMessageW
SetActiveWindow
GetWindow
EnableWindow
FillRect
GetSysColorBrush
PostQuitMessage
DestroyWindow
SetCursor
DestroyMenu
TrackPopupMenuEx
GetCursorPos
AppendMenuW
CreatePopupMenu
MessageBoxW
DispatchMessageW
TranslateMessage
GetMessageW
LoadImageW
CreateDialogParamW
GetSysColor
GetWindowTextLengthW
CheckDlgButton
IsDlgButtonChecked
SendDlgItemMessageW
LoadIconW
GetAncestor
wsprintfA
wvsprintfA
wvsprintfW
EnumChildWindows
EnumWindows
GetWindowThreadProcessId
SetForegroundWindow
wsprintfW
CreateWindowExW
GetWindowRect
MoveWindow
IsWindow
DrawTextW
SetWindowTextW
UpdateWindow
InvalidateRect
GetDC
GetClientRect
DrawFrameControl
ReleaseDC
GetDlgItem
GetPropW
ShowWindow
SetFocus
SetWindowLongW
RemovePropW
CallWindowProcW
SendMessageW
MapWindowPoints
ScreenToClient
GetParent
GetWindowLongW
SetPropW
IsDialogMessageW
LoadCursorW
EndDialog

gdi32

CreateCompatibleDC
DeleteDC
SetBkColor
CreateSolidBrush
SetTextColor
SetBkMode
GetStockObject
CreateFontIndirectW
GetObjectW
CreatePatternBrush
BitBlt
CreateCompatibleBitmap
CreateFontW
SelectObject
GetTextExtentPoint32W
CreateDIBSection
DeleteObject

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHCreateDirectoryExW
Shell_NotifyIconW

ole32

OleSetContainedObject
CoUninitialize
CoCreateInstance
CoInitializeEx
CoGetClassObject

oleaut32

SysStringLen
SysFreeString
VariantInit
SysAllocString
VariantClear

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e5eda1e5d196ce9300adad20d11d650

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

msimg32

comctl32

shlwapi

windowscodecs

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 1.2MB

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 1.2MB

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 11KB - Virtual size: 10KB