0038d2dcacebee3132096194965df99d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0038d2dcacebee3132096194965df99d_JaffaCakes118
Size

452KB
MD5

0038d2dcacebee3132096194965df99d
SHA1

b1044e591221ce9bc6783db2c1ec07c9b3d3bf88
SHA256

8d5629fcbb8d2c896300f7bf190fc1aa3050843c324f25ffd7970c4d403ae338
SHA512

b1acebdd253a46dab122282b69eccbd252a3a2887c1c44505352c6ed6163d9ee1139dad7332de6a83e15dc4e879374a74ec6ad84d092b0a40b3e8bc69c6a74a5
SSDEEP

6144:cp5f2/Teqm1PbHIvzRXGQOJkyw3LK5KkZxh4c7lbN/N6N7:cC/69IvztTOJkRLK5RZxic7lbNi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0038d2dcacebee3132096194965df99d_JaffaCakes118

Files

0038d2dcacebee3132096194965df99d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

84038263cf4375fa0942913965bd3db8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetFileAttributesA
Process32Next
Module32Next
GetFileAttributesExA
Module32First
Process32First
CreateToolhelp32Snapshot
FreeResource
SizeofResource
LockResource
WritePrivateProfileStringA
GetTempFileNameA
LoadResource
FindResourceA
LoadLibraryW
GetLastError
LocalFree
LocalAlloc
CreateFileW
DeleteFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
InterlockedIncrement
CreateEventA
GetWindowsDirectoryA
CreateFileA
ReadFile
WriteFile
GetProcAddress
MoveFileExA
SetFileAttributesA
GetTickCount
CreateProcessA
CloseHandle
lstrlenA
GetTempPathA
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
GetModuleHandleA
SetUnhandledExceptionFilter
GetCommandLineA
InterlockedDecrement
EnterCriticalSection
GetCurrentThreadId
GetStartupInfoA
VirtualProtect
SetLastError
DeviceIoControl
ExpandEnvironmentStringsA
GetLongPathNameW
lstrlenW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LoadLibraryExA
GetLongPathNameA
OutputDebugStringA
DebugBreak
WaitForSingleObject
GetModuleFileNameA
SetEvent
CopyFileA
CreateDirectoryA
GetVolumeInformationA
GetLogicalDrives
GetDriveTypeA
LoadLibraryExW
MultiByteToWideChar
LeaveCriticalSection
GetEnvironmentVariableA
FindFirstFileA
GetShortPathNameA
MoveFileA
FindNextFileA
RemoveDirectoryA
OpenProcess
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
TerminateProcess
WideCharToMultiByte
ReadProcessMemory
lstrcmpiA
GetSystemDirectoryA
SetFilePointer
GetFileSize
SearchPathW
Sleep
DuplicateHandle
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateThread
GetCurrentProcessId
GetVersionExA
FindClose

user32

LoadStringA
CreateDialogParamA
ShowWindow
PeekMessageA
GetMessageA
TranslateMessage
MessageBoxA
GetActiveWindow
DestroyWindow
IsDialogMessageA
SetWindowLongA
GetWindowTextLengthA
DispatchMessageA
CharNextA
wvsprintfA
EndDialog
SetDlgItemTextA
DialogBoxParamA
PostMessageA
BeginPaint
ScreenToClient
DrawTextA
EndPaint
PostQuitMessage
GetWindowLongA
GetWindowThreadProcessId
FindWindowA
FindWindowExA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
LoadImageA
SendMessageA
SetWindowTextA
GetDlgItem
EnableWindow
DefWindowProcA

gdi32

SelectObject
SetBkMode
SetTextColor
GetStockObject

shell32

ShellExecuteA
SHGetSpecialFolderPathA
CommandLineToArgvW
SHGetFolderPathA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

comctl32

InitCommonControlsEx

msvcrt

_mbstok
_mbsicmp
_mbslwr
tolower
_CxxThrowException
_mbschr
_mbsnbicmp
sscanf
mbstowcs
_stricmp
_mbsnbcpy
malloc
memcpy
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
_mbsnbcmp
_strlwr
fputs
strrchr
_vsnprintf
fopen
rewind
fgets
_strnicmp
fseek
fprintf
fclose
_osver
_except_handler3
_snprintf
atoi
_ismbcdigit
wcslen
_beginthread
_purecall
_mbsrchr
sprintf
strstr
??2@YAPAXI@Z
memmove
realloc
setlocale
_mbsstr
free
__CxxFrameHandler
_mbscmp

shlwapi

SHGetValueA
PathFileExistsA
PathCombineA
StrStrIA
SHDeleteKeyA
wnsprintfA
StrChrW
StrStrIW
SHSetValueA
SHDeleteValueA
PathAppendA
PathIsDirectoryA
StrCmpNIA

urlmon

URLDownloadToFileA

wininet

HttpOpenRequestA
InternetCloseHandle
HttpSendRequestA
InternetOpenA
InternetConnectA

psapi

GetModuleInformation

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

advapi32

SetNamedSecurityInfoA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
ControlService
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
RegEnumValueA
RegQueryValueExA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
RegDeleteValueA
RegEnumKeyExA
RegCreateKeyExA
RegEnumKeyA
DeleteAce
GetExplicitEntriesFromAclA
GetUserNameA

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 328KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KAO
Size: 581B - Virtual size: 581B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84038263cf4375fa0942913965bd3db8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

comctl32

msvcrt

shlwapi

urlmon

wininet

psapi

version

advapi32

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 328KB - Virtual size: 326KB

.KAO Size: 581B - Virtual size: 581B

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 328KB - Virtual size: 326KB

.KAO
Size: 581B - Virtual size: 581B