927d2513269d427092f4be3b9d94b76c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

927d2513269d427092f4be3b9d94b76c_JaffaCakes118
Size

1.9MB
MD5

927d2513269d427092f4be3b9d94b76c
SHA1

47347839b0f72f6d72cdc145b5c3346cd304985b
SHA256

ffd5df16a55d4bae296f01d1f50afba4f548b63533929d070087327d019ea207
SHA512

fba402db80de04c2b73a9906c1701b6e01aca6631f6ae9273c8d0fed908f80c06221448839287c8bd47f8b4ec9e64ea5dd8394490520bc613cd0a1e5f3518ee3
SSDEEP

49152:dhM2HtmjrwT/LttNQ4hF/iJRoGE//UEHtt:7f8jr4ttNhF/irodntt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
927d2513269d427092f4be3b9d94b76c_JaffaCakes118

Files

927d2513269d427092f4be3b9d94b76c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a0c0d3881bfe5d39f8b8a95db430da09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncpy
_wcsicmp
wcslen
wcscpy
wcscmp
memmove
wcscat
sprintf
_wstat
_wcsdup
free
strcmp
memcpy
fread
longjmp
_setjmp3
fseek
ftell
strlen
memcmp
strcpy
wcsncmp
_snwprintf
tolower
localtime
mktime
_wcsnicmp
_itow
gmtime
fmod
fabs
malloc
ceil
floor
fclose
pow
??3@YAXPAX@Z
setlocale
swscanf
_isnan
wcsstr
calloc
_errno
strrchr
memchr
strncmp
abort
_close
_wopen
realloc
_setmode
_lseeki64
exit
_open_osfhandle
strchr
_strdup
_snprintf
wctomb
_get_osfhandle
_open
toupper
wcschr
mbstowcs
frexp
modf
_CIpow
fopen
strerror
atof
fflush
ferror
remove
fwrite
__p__iob
fprintf
getenv
sscanf
strstr
isxdigit
isalpha
strtol
strncpy
strpbrk
strtoul
qsort
fgets
fputs
atoi
isspace
isdigit
_stricmp
_strnicmp
_read
_write
fputc
isalnum
isupper
_stati64
time
_ftime
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
CreateMutexW
GetLastError
ReleaseMutex
HeapDestroy
ExitProcess
FormatMessageW
LocalFree
GetProcAddress
GetCurrentProcess
HeapFree
TlsGetValue
HeapAlloc
TlsSetValue
TlsAlloc
UnregisterWait
CloseHandle
EnterCriticalSection
LeaveCriticalSection
TlsFree
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
WaitForSingleObject
GetVersionExW
LoadLibraryW
CreateThread
TerminateThread
GetCurrentThreadId
Sleep
FreeLibrary
GetCurrentProcessId
GetModuleFileNameW
CreatePipe
GetStdHandle
CreateProcessW
PeekNamedPipe
CreateFileW
GetFileSize
ReadFile
DeleteFileW
WriteFile
TerminateProcess
SetUnhandledExceptionFilter
WideCharToMultiByte
GlobalLock
GlobalSize
MultiByteToWideChar
GlobalUnlock
GlobalAlloc
GlobalFree
HeapReAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
SetLastError
CreateDirectoryW
SetFileAttributesW
CopyFileW
FindFirstFileW
FindClose
FindNextFileW
RemoveDirectoryW
MoveFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTempPathW
GetDriveTypeW
GetFileAttributesW
SetFilePointer
GetLocalTime
HeapSize
MulDiv
InterlockedCompareExchange
InterlockedExchange
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetExitCodeProcess
GetFullPathNameW
VerSetConditionMask
VerifyVersionInfoA
SleepEx
LoadLibraryA
ExpandEnvironmentStringsA
FormatMessageA

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

FindWindowW
SendMessageW
LoadCursorW
GetWindowLongW
SetClassLongW
ShowWindow
GetCursorPos
SetCursorPos
RedrawWindow
GetAsyncKeyState
SetWindowLongW
SetWindowPos
WindowFromPoint
DestroyIcon
CreateIconIndirect
MessageBoxW
PostMessageW
DefWindowProcW
DestroyWindow
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
ClipCursor
GetWindowRect
ShowCursor
InvalidateRect
BeginPaint
EndPaint
GetSysColor
GetSysColorBrush
GetDC
SetRect
DrawTextW
ReleaseDC
CallWindowProcW
GetClientRect
FillRect
PeekMessageW
GetPropW
RemovePropW
SetPropW
GetIconInfo
UpdateWindow
ReleaseCapture
DrawStateW
SetCapture
ScreenToClient
GetWindow
SetWindowTextW
GetParent
MapWindowPoints
MoveWindow
GetFocus
GetClassNameW
ClientToScreen
SetScrollInfo
GetScrollPos
GetScrollRange
SetScrollPos
EnumPropsExW
SetActiveWindow
RegisterClassW
AdjustWindowRectEx
MsgWaitForMultipleObjects
GetActiveWindow
GetMenu
IsZoomed
IsIconic
DefFrameProcW
EnumChildWindows
GetKeyState
IsChild
RegisterWindowMessageW
EnumDisplaySettingsW
DrawIconEx
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreatePatternBrush
GetObjectType
DeleteObject
GetStockObject
SetTextColor
SetBkColor
SelectObject
GetObjectW
GetTextExtentPoint32W
CreateSolidBrush
CreateCompatibleBitmap
CreateDCW
CreateCompatibleDC
DeleteDC
SetStretchBltMode
StretchBlt
GetDeviceCaps
SelectPalette
RealizePalette
GetDIBits
SetPixelV
Rectangle
Ellipse
BitBlt
StretchDIBits
SetBkMode
MoveToEx
TextOutW
SetROP2
GetPixel
ExtFloodFill
CreatePen
LineTo
SetTextAlign
RoundRect
CreateFontIndirectW
GetTextMetricsW
CreateDIBSection
SetBrushOrgEx
CreateBitmap
SetPixel
CreateFontW

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
OpenSCManagerW
CloseServiceHandle
RegEnumValueW
RegQueryInfoKeyW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

comctl32

InitCommonControlsEx
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

oleaut32

VariantInit
VariantClear
SysFreeString
DispGetParam
SysAllocString
SysStringLen

shell32

SHFileOperationW
ShellExecuteExW
Shell_NotifyIconW
SHGetFolderLocation
SHGetPathFromIDListW

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
OleInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
RevokeDragDrop
OleCreate
OleSetContainedObject

winmm

PlaySoundW
timeEndPeriod
timeBeginPeriod

ws2_32

WSAIoctl
getaddrinfo
freeaddrinfo

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
recv
WSAGetLastError
send
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
ntohs
gethostname
ntohl
htonl

wininet

DeleteUrlCacheEntryW

Sections

.code
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 589KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0c0d3881bfe5d39f8b8a95db430da09

Headers

File Characteristics

Imports

msvcrt

kernel32

gdiplus

user32

gdi32

advapi32

comctl32

oleaut32

shell32

ole32

winmm

ws2_32

wsock32

wininet

Sections

.code Size: 139KB - Virtual size: 139KB

.text Size: 589KB - Virtual size: 588KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 73KB - Virtual size: 73KB

.code
Size: 139KB - Virtual size: 139KB

.text
Size: 589KB - Virtual size: 588KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 73KB - Virtual size: 73KB