004d66aa34d87aa401f81e007b299b1f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

004d66aa34d87aa401f81e007b299b1f_JaffaCakes118
Size

188KB
MD5

004d66aa34d87aa401f81e007b299b1f
SHA1

7a545d4168525b72d313c53e3afc17646535118a
SHA256

79e981b50ded489cc04872a10b5922377513e2dda160700d8239d80105b2c9fd
SHA512

1e483f7757e63b2701521d4e84e872368f6fd6d2ba541f95acb0f5e23092e3094ad9e0b51fdd41238ed62b16d4631b08550722d2f1fe426ec0f893d15fe2ae69
SSDEEP

3072:exge5uKcFs6A21jNOYbuDGo2UMvnry/1IsjtTBflLn8T:exge5ub+UHObG9Jvn+/GsjtTBd8T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
004d66aa34d87aa401f81e007b299b1f_JaffaCakes118

Files

004d66aa34d87aa401f81e007b299b1f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1dda8f9e76c68ad2779e4f8a181887f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
FindClose
FindFirstFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
TerminateThread
WaitForSingleObject
GetModuleFileNameA
CreateThread
GetSystemDirectoryA
ResetEvent
WaitForMultipleObjects
SetFilePointer
GetShortPathNameA
TerminateProcess
OpenProcess
CreateDirectoryA
GetFileSize
GetTickCount
SetFileAttributesA
GetFileAttributesA
GetTempPathA
CreateFileA
ReadFile
DeleteFileA
SetEvent
OpenEventA
CloseHandle
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
AddAtomA
WriteFile
GetStartupInfoA
GetModuleHandleA
GlobalAlloc
GlobalFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
HeapLock
HeapWalk
HeapUnlock
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetExitCodeProcess
CreatePipe
GetCurrentProcess
DuplicateHandle
CreateProcessA
GetDriveTypeA
GetVolumeInformationA
GetLongPathNameA
GetCurrentProcessId
FindNextFileA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeThread
Sleep

user32

IsWindow
PostThreadMessageA
GetMessageA
GetWindowTextA
GetWindowLongA
GetWindowThreadProcessId
GetWindow
GetDesktopWindow
PostMessageA
FindWindowA
GetSystemMetrics
DestroyWindow
SendMessageA
AnyPopup

advapi32

RegOpenKeyExA
AbortSystemShutdownA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA

shell32

SHFileOperationA
ShellExecuteA

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile
GdipFree
GdipAlloc

mfc42

ord3626
ord640
ord665
ord1979
ord5186
ord354
ord5785
ord1641
ord1640
ord323
ord800
ord1601
ord537
ord3663
ord3571
ord2414

msvcrt

memset
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
_onexit
_controlfp
_exit
_strset
_strupr
strcpy
strstr
strcmp
__CxxFrameHandler
sprintf
memcpy
wcscmp
free
pow
malloc
_purecall
_ftol
rand
srand
memcmp
strchr
strlen
strrchr
_except_handler3
_CxxThrowException

psapi

EnumProcessModules
GetModuleFileNameExA

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetObjectA
CreateDCA
GetDIBits

ole32

StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitialize

ws2_32

shutdown
getsockname
recvfrom
connect
send
recv
WSACleanup
WSAStartup
gethostbyname
gethostname
closesocket
WSAIoctl
socket
bind
htons
sendto
ntohs
WSAGetLastError

winmm

timeSetEvent
timeKillEvent

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1dda8f9e76c68ad2779e4f8a181887f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

gdiplus

mfc42

msvcrt

psapi

gdi32

ole32

ws2_32

winmm

avicap32

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 9KB