7cd87c4976f1b34a0b060a23faddbd19_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7cd87c4976f1b34a0b060a23faddbd19_JaffaCakes118
Size

416KB
MD5

7cd87c4976f1b34a0b060a23faddbd19
SHA1

058ad628be1d29af8469c11af82ee2e040dafa91
SHA256

fc085d9be18f3d8d7ca68fbe1d9e29abbe53e7582453f61a9cd65da06961f751
SHA512

c0886cb6eb75e38eb2847e4b3d8ff977278569b29ca2f2dbf76b2e1c9b5223616c8e24ff283d834d3756454e97a58ab8f7b4e395a80c3677358b47b13d38fa9a
SSDEEP

6144:d7/46x51v9cOxcYrRPzpP+hbFi5fMS7WMUvwSj4o7uQaDqIZ3A/y:dE6Dx+YrR7pPsiF7TUvX4T1DqIZMy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7cd87c4976f1b34a0b060a23faddbd19_JaffaCakes118

Files

7cd87c4976f1b34a0b060a23faddbd19_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16e370498bafc2da116b687155eb9503

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMessageA
GetDesktopWindow
SendMessageA
ReleaseDC
CloseClipboard
GetClientRect
GetClipboardData
OpenClipboard
BeginPaint
TranslateMessage
CreateWindowExA
GetWindowTextW
GetWindowTextLengthW
RegisterClassExA
MsgWaitForMultipleObjects
PeekMessageA
GetWindowTextA
IsWindowVisible
EnumWindows
DispatchMessageA
wsprintfA
GetDC
ToAscii
DefWindowProcA
CallNextHookEx
GetWindowThreadProcessId
GetKeyboardLayout
GetKeyboardState
GetKeyState
MapVirtualKeyA
GetSystemMetrics
MapVirtualKeyExA
GetForegroundWindow
GetKeyNameTextA
ToUnicodeEx

psapi

GetProcessMemoryInfo

kernel32

GetStdHandle
SetHandleCount
FlushFileBuffers
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetOEMCP
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
OpenProcess
GetCurrentProcessId
Sleep
FileTimeToSystemTime
ReadFile
SetFilePointer
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
CreateFileA
WriteFile
GetFileType
GetLocalTime
LocalFileTimeToFileTime
CreateDirectoryA
GetFileAttributesA
GetCurrentDirectoryA
SetFileTime
GetModuleFileNameA
GetModuleHandleA
GetEnvironmentStrings
GetTickCount
SetFileAttributesA
CopyFileA
DeleteFileA
InterlockedDecrement
SetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
GetLastError
CreateProcessA
CreatePipe
WinExec
MoveFileA
GetCompressedFileSizeA
GetComputerNameA
ExpandEnvironmentStringsA
GlobalUnlock
GlobalLock
CreateThread
CreateEventA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpA
CopyFileExA
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
HeapSize
SystemTimeToFileTime
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
SetStdHandle
SetEnvironmentVariableA
GetFullPathNameA
SetEndOfFile
FileTimeToLocalFileTime
VirtualQuery
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
CompareStringW
CompareStringA
HeapReAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCommandLineA
GetStartupInfoA
GetDateFormatA
GetTimeFormatA
RemoveDirectoryA
UnmapViewOfFile
GetCPInfo
RtlUnwind
ResumeThread
ExitThread
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapFree
ExitProcess
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement

gdi32

CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
CreateCompatibleDC

advapi32

OpenServiceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
DeleteService
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
SetServiceStatus

shell32

ShellExecuteA

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantClear
SysFreeString

avicap32

capCreateCaptureWindowA

wininet

InternetCloseHandle
DeleteUrlCacheEntry

ws2_32

inet_addr
WSAGetLastError
gethostbyname
inet_ntoa
htonl
getservbyname
htons
gethostbyaddr
ntohs
WSAStartup
send
recv
socket
setsockopt
closesocket
WSACleanup
getservbyport

gdiplus

GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdiplusStartup
GdipCloneImage
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipFree

Sections

.text
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16e370498bafc2da116b687155eb9503

Headers

File Characteristics

Imports

user32

psapi

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

avicap32

wininet

ws2_32

gdiplus

Sections

.text Size: 256KB - Virtual size: 253KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 72KB - Virtual size: 103KB

.shared Size: 4KB - Virtual size: 4B

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 256KB - Virtual size: 253KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 72KB - Virtual size: 103KB

.shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 28KB - Virtual size: 25KB