8bd8582155ef003b8a24d341d75f1d7f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8bd8582155ef003b8a24d341d75f1d7f_JaffaCakes118
Size

464KB
MD5

8bd8582155ef003b8a24d341d75f1d7f
SHA1

0b951626f5ce6b95a6bb6ee2bb9e925990abbfa5
SHA256

1a49dc441d93c44de5fe946e14f8f06464680cf9d9e537fb36d3535003a1a1b1
SHA512

bd665e4ef7c656fdff83dc671103d385d096a5e68b2f4e66c21ec13b4ac713c9574b1658ca4ab6aeb67a81210a593a5b835d0638230fa6441cbb5a5b8204da30
SSDEEP

12288:YOkT2i4EREn8ms7bgMRkoL71zLeIdT2qzgETygf7YWb:YOkT2i4EREnoIMRkoL71HeOT2qcEFv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bd8582155ef003b8a24d341d75f1d7f_JaffaCakes118

Files

8bd8582155ef003b8a24d341d75f1d7f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e14312c0d640f304137fa05b0716e6fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\host\Documents\Visual Studio 2008\Projects\тучгы\Release\тучгы.pdb

Imports

kernel32

FindNextFileA
GetCurrentDirectoryA
CloseHandle
DeleteFileA
lstrcpyA
GetFileAttributesExA
GetComputerNameA
GetUserDefaultLocaleName
GetSystemWow64DirectoryA
GlobalMemoryStatusEx
GetConsoleWindow
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
lstrlenW
GetVersionExW
HeapDestroy
FindClose
HeapCreate
HeapValidate
GetFileAttributesW
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
TerminateProcess
lstrcpyW
FileTimeToDosDateTime
GetCurrentProcess
FileTimeToSystemTime
GetLocalTime
GetFileType
GetFileInformationByHandle
lstrcatA
ReadFile
GetFileAttributesA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
GlobalAlloc
WriteFile
lstrlenA
GlobalFree
CopyFileA
GetLastError
FindFirstFileA
LeaveCriticalSection
SetCurrentDirectoryA
lstrcmpA
GetFileSize
CreateFileA
RemoveDirectoryA
FormatMessageW
CreateDirectoryA

user32

GetSystemMetrics
ReleaseDC
GetDC
ShowWindow
CharUpperA
EnumDisplayDevicesA
wsprintfA
IsCharUpperA
wsprintfW

gdi32

DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
GetUserNameA
RegCloseKey
GetCurrentHwProfileA

shell32

SHFileOperationA
SHGetFolderPathA
ShellExecuteA

ole32

CreateStreamOnHGlobal

shlwapi

StrRChrA
PathCombineA
PathFileExistsA
PathAppendA
PathIsDirectoryA
PathIsDirectoryEmptyA
PathFindNextComponentA
StrStrA
StrChrA

msvcr90

_stricmp
memcpy
_tzset
memset
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
atoi
wcstombs
memmove
strncmp
free
malloc
_localtime64_s
_msize
_endthreadex
_beginthreadex
strrchr
strcspn
realloc
??3@YAXPAX@Z
_mktime32
??2@YAPAXI@Z
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode

crypt32

CryptStringToBinaryA
CryptUnprotectData

gdiplus

GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdiplusStartup
GdipSaveImageToStream
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders

urlmon

URLDownloadToFileA

wininet

HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA
InternetReadFile
InternetConnectA

Sections

.text
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e14312c0d640f304137fa05b0716e6fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

msvcr90

crypt32

gdiplus

urlmon

wininet

Sections

.text Size: 390KB - Virtual size: 389KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 390KB - Virtual size: 389KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 12KB - Virtual size: 11KB