762f49730e3132ea32237cbe6ea77ddc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

762f49730e3132ea32237cbe6ea77ddc_JaffaCakes118
Size

622KB
MD5

762f49730e3132ea32237cbe6ea77ddc
SHA1

65ea74b0858bfa25280d132bbb229cc71d267d16
SHA256

d174bc0b0c5c24b942dad473e8f102370b0d7fc82f3dc5cc16ab2417bc17f72b
SHA512

6976d92a28aadbfe6f2bb61118f3e1b999b19460641cffb8069c68a8ef8c531b3be64fc98be34cc1f8efa6ef3347a92dd6a49410fb194d91d33d4a15f6d5be16
SSDEEP

12288:XxyrtKEc9vUfRemaVtOKU+t60qmSwbrzHhzw0Rl1Tsq7aZfxG:XxyrtKEwa4KKUmzq6rFw0RrTJ7aZfxG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
762f49730e3132ea32237cbe6ea77ddc_JaffaCakes118

Files

762f49730e3132ea32237cbe6ea77ddc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6ec51592f97131f483058aabbd3b330f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
GetTokenInformation
DuplicateToken
CheckTokenMembership
OpenProcessToken
CreateWellKnownSid

wininet

HttpOpenRequestW
InternetQueryOptionW
InternetOpenW
HttpQueryInfoW
InternetReadFileExW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetGetConnectedState
InternetSetOptionW
InternetReadFile
InternetCrackUrlW

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeA

psapi

GetProcessImageFileNameW

kernel32

GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
ReadConsoleW
SetFilePointerEx
GetConsoleMode
CreateDirectoryW
SizeofResource
HeapFree
WriteFile
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
CreateFileW
HeapSize
MultiByteToWideChar
Sleep
GetLastError
LockResource
HeapReAlloc
CloseHandle
RaiseException
CreateThread
FindResourceExW
ResetEvent
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleW
FindFirstFileW
FindNextFileW
GetCurrentProcess
RemoveDirectoryW
GetModuleFileNameW
GetTempPathW
FindClose
GetFileAttributesW
GetVersionExW
SetFileAttributesW
DeleteFileW
SetCurrentDirectoryW
MoveFileExW
SetLastError
EnterCriticalSection
InterlockedDecrement
LeaveCriticalSection
GetCurrentThreadId
GlobalAlloc
GlobalLock
InterlockedIncrement
GlobalUnlock
lstrcmpW
MulDiv
InitializeCriticalSection
GetCommandLineW
FreeEnvironmentStringsW
ReadFile
SetFilePointer
CreateEventW
OutputDebugStringW
SetEvent
GetFileSize
CreateProcessW
FreeLibrary
lstrcmpiW
LoadLibraryExW
GetExitCodeThread
FormatMessageW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VerSetConditionMask
GetCurrentProcessId
VerifyVersionInfoW
IsWow64Process
SetEndOfFile
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
WriteConsoleW
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
SetStdHandle
SetEnvironmentVariableA
GetEnvironmentStringsW
LocalFree

user32

ReleaseDC
InvalidateRect
SetForegroundWindow
BeginPaint
ShowWindow
GetMonitorInfoW
MapWindowPoints
SendDlgItemMessageW
LoadIconW
UpdateWindow
LoadImageW
MessageBoxW
GetWindowLongW
GetWindowTextLengthW
GetMessageW
DefWindowProcW
GetKeyState
CallWindowProcW
EndPaint
GetWindowTextW
PostMessageW
UnregisterClassW
GetSystemMetrics
MonitorFromWindow
IsWindowVisible
GetWindowRect
CreateDialogParamW
ReleaseCapture
CreateWindowExW
GetWindow
GetFocus
DestroyWindow
GetDC
SetWindowPos
FillRect
ScreenToClient
SendMessageW
SetWindowTextW
RegisterClassExW
IsWindow
InvalidateRgn
DispatchMessageW
RedrawWindow
ClientToScreen
DestroyAcceleratorTable
IsChild
GetSysColor
MoveWindow
CreateAcceleratorTableW
SetFocus
CharNextW
TranslateMessage
LoadCursorW
GetClassNameW
SetCapture
SetWindowLongW
GetClientRect
GetDlgItem
GetDesktopWindow
GetClassInfoExW
GetParent
RegisterWindowMessageW

gdi32

DeleteDC
GetObjectW
DeleteObject
CreateSolidBrush
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
GetDeviceCaps

shell32

ShellExecuteExW
CommandLineToArgvW
Shell_NotifyIconW
ord680

ole32

CoGetClassObject
OleUninitialize
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
CreateStreamOnHGlobal
OleInitialize
CLSIDFromString
OleLockRunning
CoInitialize
CoUninitialize
CoTaskMemRealloc
OleRun

oleaut32

SysStringLen
SafeArrayUnaccessData
SysAllocStringLen
SafeArrayCreateVector
SafeArrayAccessData
VariantClear
SysAllocString
LoadTypeLi
VariantInit
LoadRegTypeLi
SafeArrayDestroy
VarUI4FromStr
SysFreeString
GetErrorInfo
OleCreateFontIndirect

shlwapi

PathStripPathW
PathRemoveExtensionW
PathIsSystemFolderW
PathFindExtensionW
PathRemoveBackslashW
PathFileExistsW
PathAddBackslashW
PathIsDirectoryW
PathRemoveFileSpecW
PathRenameExtensionW

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ec51592f97131f483058aabbd3b330f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

wininet

rpcrt4

psapi

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 400KB - Virtual size: 399KB

.rdata Size: 175KB - Virtual size: 175KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 400KB - Virtual size: 399KB

.rdata
Size: 175KB - Virtual size: 175KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 20KB - Virtual size: 20KB