b58e38cf51cb1f6600ddc3473db0dd95_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b58e38cf51cb1f6600ddc3473db0dd95_JaffaCakes118
Size

4.6MB
MD5

b58e38cf51cb1f6600ddc3473db0dd95
SHA1

7be4e5508655f8af482ab3ff5965d196e1b6b6c7
SHA256

96cd81a1bbcbef372e18bfa4da9efd4dba2db15c456158b793f75a7080e3a8f9
SHA512

a9433a11b69eb3f701ba0c798cbfd04be56ac5abc14dba1ecd3bdbe6d799067cc30e8220c56a3db72ff94457cb2820f46c3b81bfd89e74bc9bf7a391a9ebd310
SSDEEP

98304:4yocknQRNUAQsAQsWnvM58WnyPs2TAdmq5N:4ySIjsWnvM58WnykDmA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b58e38cf51cb1f6600ddc3473db0dd95_JaffaCakes118

Files

b58e38cf51cb1f6600ddc3473db0dd95_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2f7bb5b4d0d060adc1152037dad1bb80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualProtect
GetSystemTime
GlobalMemoryStatus
CreateProcessA
DeleteFileA
GetTempFileNameA
GetWindowsDirectoryA
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
CompareFileTime
CopyFileA
CreateDirectoryA
MulDiv
EscapeCommFunction
ClearCommBreak
SetCommBreak
ReadFile
GetFileSize
FileTimeToDosDateTime
GetFileInformationByHandle
SetFileTime
DosDateTimeToFileTime
VirtualQuery
GetTickCount
WaitForMultipleObjects
lstrcpyA
SetUnhandledExceptionFilter
SetCurrentDirectoryA
OpenMutexA
GetFileTime
GetLogicalDriveStringsA
ClearCommError
IsBadReadPtr
lstrcatA
GetCommState
CreateEventA
PurgeComm
SetupComm
GetCommMask
ResetEvent
GetCommModemStatus
GetOverlappedResult
GetVersionExA
GetExitCodeProcess
GetCurrentDirectoryA
HeapDestroy
GetComputerNameA
ReleaseMutex
FlushInstructionCache
WriteFile
GetCurrentProcess
GetModuleFileNameA
lstrlenA
TerminateProcess
IsBadCodePtr
DeviceIoControl
CreateFileA
SetFilePointer
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
CloseHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
InitializeCriticalSection
CreateThread
SetThreadPriority
GetLastError
FormatMessageA
FindFirstFileA
FindNextFileA
FreeConsole
ExitProcess
AllocConsole
GetVolumeInformationA
LoadLibraryA
FreeLibrary
LockResource
FindResourceA
LoadResource
SetEvent
UnmapViewOfFile
OpenEventA
GetModuleHandleA
MapViewOfFileEx
CreateMutexA
WideCharToMultiByte
GetProcAddress
GetDiskFreeSpaceA
SetCommTimeouts
GetDriveTypeA
SetCommState
GetStartupInfoA
RtlUnwind
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
HeapAlloc
HeapFree
GetCommandLineA
GetLocalTime
GetVersion
ReadConsoleInputA
VirtualFree
VirtualAlloc
HeapCreate
IsBadWritePtr
HeapSize
HeapReAlloc
LCMapStringW
TlsSetValue
LCMapStringA
SetLastError
TlsGetValue
GetCurrentThread
RaiseException
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetCPInfo
GetACP
GetOEMCP
SetConsoleCtrlHandler
GetFileAttributesA
GetCurrentProcessId
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
FindClose
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
TlsAlloc
SetEndOfFile
GetLocaleInfoW
lstrlenW
LocalFree
WriteConsoleA
TlsFree
FatalAppExitA
PeekConsoleInputA
GetNumberOfConsoleInputEvents

user32

DefWindowProcA
MoveWindow
GetUpdateRect
GetFocus
GetDC
GetKeyState
GetActiveWindow
GetCapture
GetDlgCtrlID
ChildWindowFromPointEx
GetWindowRect
GetCursorPos
CloseWindow
EndDialog
SetFocus
SetDlgItemTextA
DialogBoxParamA
DialogBoxIndirectParamA
ShowCursor
GetAsyncKeyState
ToAscii
MapVirtualKeyA
GetSystemMetrics
SetWindowPos
DestroyWindow
ReleaseCapture
SetCapture
AdjustWindowRectEx
GetMenu
AdjustWindowRect
GetSysColor
IsDlgButtonChecked
CheckDlgButton
WaitForInputIdle
GetTopWindow
GetForegroundWindow
LoadIconA
SetActiveWindow
RedrawWindow
GetWindowContextHelpId
WinHelpA
ChildWindowFromPoint
LoadCursorA
SetCursor
PostQuitMessage
FindWindowA
SetCursorPos
CreateDialogIndirectParamA
GetKeyNameTextA
ScreenToClient
LockWindowUpdate
MessageBoxA
ReleaseDC
WindowFromPoint
UpdateWindow
SetWindowLongA
GetWindowLongA
ValidateRect
IntersectRect
MessageBoxIndirectA
PeekMessageA
CallWindowProcA
KillTimer
SendDlgItemMessageA
SetTimer
ShowWindow
InvalidateRect
EnableWindow
SendMessageA
GetDlgItem
PostMessageA
wsprintfA
SetRect
ClientToScreen
TranslateMessage
DispatchMessageA
GetClientRect
GetWindow
BringWindowToTop
SetForegroundWindow
CreateWindowExA
RegisterClassA
GetClassNameA
IsWindowVisible
EnumChildWindows
IsWindowEnabled
GetParent
GetNextDlgTabItem
IsDialogMessageA
TranslateAcceleratorA
CharToOemBuffA
BeginPaint
EndPaint
CreateDialogParamA
GetWindowTextA
RegisterHotKey

gdi32

CreateDIBSection
SelectObject
CreateFontIndirectA
GetTextMetricsA
TextOutA
SetTextColor
GetDeviceCaps
SetBkMode
CreateSolidBrush
SetBkColor
GetBkColor
GetBkMode
GetTextColor
RestoreDC
DPtoLP
GetStockObject
SetViewportOrgEx
ModifyWorldTransform
SetWindowOrgEx
SaveDC
SetGraphicsMode
DeleteObject

advapi32

RegQueryInfoKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA

shell32

FindExecutableA

ole32

StgCreateDocfile
CoRevokeClassObject
OleUninitialize
OleInitialize
CoRegisterClassObject
CoDisconnectObject
StringFromGUID2
StgOpenStorage
CoFileTimeNow
StringFromCLSID
CLSIDFromString
OleSaveToStream
OleLoadFromStream
CoCreateInstance
OleRun

oleaut32

SetErrorInfo
LoadTypeLi
SysFreeString
SysAllocString
GetErrorInfo
RegisterActiveObject
VariantChangeType
CreateErrorInfo
VariantClear
VariantInit
RevokeActiveObject

winmm

timeKillEvent
timeEndPeriod
timeGetTime
timeSetEvent
timeBeginPeriod

wsock32

getsockopt
ntohl
htons
recvfrom
htonl
setsockopt
sendto
ntohs
gethostname
WSAStartup
ord1111
WSAAsyncSelect
WSACleanup
WSAGetLastError
inet_addr
socket
bind
closesocket
gethostbyname

ddraw

DirectDrawCreate

dsound

ord1

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

ImageList_DragShowNolock
ord17
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag
ImageList_Destroy
ImageList_EndDrag

imm32

ImmAssociateContext
ImmGetContext
ImmNotifyIME
ImmGetCandidateListA
ImmGetCompositionStringA
ImmSetOpenStatus

binkw32

_BinkSetSoundSystem@8
_BinkOpenDirectSound@4
_BinkGetError@0
_BinkOpen@8
_BinkSetVolume@8
_BinkClose@4
_BinkDDSurfaceType@4
_BinkGoto@12
_BinkPause@8
_BinkNextFrame@4
_BinkCopyToBuffer@28
_BinkDoFrame@4
_BinkWait@4

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 432KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f7bb5b4d0d060adc1152037dad1bb80

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

wsock32

ddraw

dsound

version

comctl32

imm32

binkw32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 196KB - Virtual size: 192KB

.data Size: 432KB - Virtual size: 3.4MB

.rsrc Size: 100KB - Virtual size: 96KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 196KB - Virtual size: 192KB

.data
Size: 432KB - Virtual size: 3.4MB

.rsrc
Size: 100KB - Virtual size: 96KB