029e855d2eb3098d64c87ade6de0e1ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

029e855d2eb3098d64c87ade6de0e1ac_JaffaCakes118
Size

280KB
MD5

029e855d2eb3098d64c87ade6de0e1ac
SHA1

9d19edb3b2917149fc84e0285da01e4a582eac58
SHA256

b597c7893182c134682fe4445a1de30381af652614d0b1240577c953c96bd730
SHA512

9aed2d89b9f060eb99f77b4be21716b21047d8bb8b008a57052c722874646787bbe277956c51f2749f490e8b379747e3966bee1502da6f9adcdd6fd16db8c415
SSDEEP

6144:5mGwi+HezDCjx9+GvgohfZUZV/UWbQwMo0SbijS0/2EFtB:8HP9BLUXcWb9P0qgd/DF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
029e855d2eb3098d64c87ade6de0e1ac_JaffaCakes118

Files

029e855d2eb3098d64c87ade6de0e1ac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

164c6b239a138705f05db550a3cff7a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
VirtualProtectEx
GlobalMemoryStatus
InitializeCriticalSection
UnlockFileEx
OpenMutexA
GlobalFindAtomA
EnumCalendarInfoA
SetConsoleCP
SetHandleCount
GetPrivateProfileStructA
WriteConsoleOutputW
GetNamedPipeHandleStateW
SuspendThread
GlobalGetAtomNameW
GetCalendarInfoA
GetThreadContext
FreeConsole
EnumSystemLocalesW
UnmapViewOfFile
GetCompressedFileSizeA
FindResourceExW
ReadDirectoryChangesW
CreateSemaphoreA
EnumCalendarInfoExW
SetConsoleActiveScreenBuffer
ConnectNamedPipe
SetConsoleCtrlHandler
SetConsoleOutputCP
LocalFree
WaitForSingleObjectEx
GetSystemDirectoryW
lstrcmpiA
ReadConsoleInputW
CreateDirectoryW
WriteProfileSectionA
VirtualLock
CreateWaitableTimerA
CreateFileA
SetSystemTime
GetTimeZoneInformation
CreateMutexA
EnumCalendarInfoExA
GetMailslotInfo
GlobalAlloc
CopyFileA
GetSystemDefaultLangID
MoveFileW
FindFirstChangeNotificationA
CommConfigDialogW
GetVersionExA
InterlockedIncrement
ReadConsoleA
DebugActiveProcess
HeapWalk
GetProcessHeaps
GetProfileIntW
SetLocalTime
GetTimeFormatA
OutputDebugStringW
SetFilePointer
CreateDirectoryExA
LoadResource
BeginUpdateResourceA
GetAtomNameW
GetFileAttributesExA
EnumCalendarInfoW
ReadFileScatter
lstrcpyW
SetEvent
GetLongPathNameW
ReadConsoleOutputW
GetLocalTime
FreeLibraryAndExitThread
GetFileSize
FindResourceA
SetThreadLocale
GetCommandLineW

user32

GetClipboardViewer
HideCaret
GetWindowTextW
LoadIconA
GetTopWindow
DefWindowProcW
CreateWindowStationW
DialogBoxParamA
LoadMenuW
SetWindowWord
CharToOemA
SetSysColors
DdeCreateDataHandle
SetMenuInfo
CreateIconFromResourceEx
GrayStringA
SetCursorPos
RegisterWindowMessageA
CloseWindow
GetWindowModuleFileNameW
IsDialogMessageW
ShowWindowAsync
LookupIconIdFromDirectoryEx
GetTabbedTextExtentW
CharToOemBuffW
MapVirtualKeyW
SetPropA

shell32

DragQueryFile
SHGetPathFromIDListW
SHGetDesktopFolder

wininet

CreateUrlCacheEntryW
InternetQueryDataAvailable
InternetFortezzaCommand
InternetOpenUrlA
GopherCreateLocatorW
HttpEndRequestW
RetrieveUrlCacheEntryStreamA
InternetShowSecurityInfoByURL
CreateUrlCacheGroup
FtpFindFirstFileW
RunOnceUrlCache
UnlockUrlCacheEntryStream
FtpRemoveDirectoryA
InternetTimeFromSystemTime
FtpPutFileEx
InternetGetCertByURLA
InternetAlgIdToStringA
InternetSecurityProtocolToStringA
GopherGetLocatorTypeA
InternetGetConnectedStateExA
ShowClientAuthCerts
InternetCrackUrlW
ShowCertificate
DeleteUrlCacheEntryA
SetUrlCacheEntryInfoW
FtpSetCurrentDirectoryA
CommitUrlCacheEntryA
InternetGetCertByURL
IsUrlCacheEntryExpiredA
RetrieveUrlCacheEntryFileA
InternetUnlockRequestFile
FtpCommandW
FindNextUrlCacheEntryW
InternetCreateUrlW
InternetSetOptionW
FtpGetCurrentDirectoryA
InternetConnectA
FtpCommandA
FindNextUrlCacheContainerA
InternetTimeToSystemTime
FtpPutFileW
InternetLockRequestFile
UnlockUrlCacheEntryFileA
GetUrlCacheEntryInfoExW
SetUrlCacheEntryInfoA
HttpQueryInfoW
InternetSetDialState
FindFirstUrlCacheContainerA
FreeUrlCacheSpaceA
FtpSetCurrentDirectoryW
GetUrlCacheEntryInfoA
InternetSetOptionExW
FindFirstUrlCacheGroup
InternetGetConnectedStateEx
FindFirstUrlCacheContainerW
InternetFindNextFileA
InternetSecurityProtocolToStringW
RetrieveUrlCacheEntryStreamW
InternetGetCookieW
InternetOpenW
FtpRemoveDirectoryW
InternetDialA
InternetWriteFileExW
InternetAutodialHangup
GopherGetLocatorTypeW
GetUrlCacheGroupAttributeW
FtpGetFileSize
DeleteUrlCacheContainerW
InternetGetConnectedState
SetUrlCacheEntryGroup
FindFirstUrlCacheEntryExA
RetrieveUrlCacheEntryFileW
SetUrlCacheEntryGroupW
InternetGoOnline
InternetOpenUrlW
InternetCombineUrlA
InternetConfirmZoneCrossingW
ShowX509EncodedCertificate
FtpCreateDirectoryA
CreateUrlCacheEntryA
FtpGetCurrentDirectoryW
InternetTimeToSystemTimeA
FindFirstUrlCacheEntryExW
FtpPutFileA
InternetReadFileExA
InternetCombineUrlW
RegisterUrlCacheNotification
InternetWriteFile
InternetSetCookieW
SetUrlCacheConfigInfoA
FtpRenameFileA
GopherGetAttributeA
FindCloseUrlCache
LoadUrlCacheContent
GopherGetAttributeW
HttpOpenRequestA
InternetGetLastResponseInfoA
DeleteUrlCacheContainerA
InternetGetConnectedStateExW
CreateUrlCacheContainerA
SetUrlCacheGroupAttributeW
GopherFindFirstFileA
ResumeSuspendedDownload
FindNextUrlCacheEntryExA
InternetQueryFortezzaStatus
HttpSendRequestW
CommitUrlCacheEntryW
InternetCanonicalizeUrlA
GopherOpenFileA
DeleteIE3Cache
InternetCreateUrlA
GopherCreateLocatorA
FtpFindFirstFileA
FtpGetFileEx
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FtpGetFileW
InternetCloseHandle
InternetAutodial
InternetSetOptionA
SetUrlCacheGroupAttributeA
InternetCanonicalizeUrlW
ShowSecurityInfo
FindFirstUrlCacheEntryW
InternetConfirmZoneCrossingA
SetUrlCacheConfigInfoW
InternetGetLastResponseInfoW
ReadUrlCacheEntryStream
HttpSendRequestA
InternetGetCookieA
InternetGoOnlineA
IsHostInProxyBypassList
UnlockUrlCacheEntryFileW
InternetInitializeAutoProxyDll
InternetTimeFromSystemTimeA
InternetConfirmZoneCrossing
DeleteUrlCacheEntryW
GetUrlCacheConfigInfoW
FindNextUrlCacheGroup
FtpRenameFileW
InternetCrackUrlA
InternetDialW
HttpOpenRequestW
InternetQueryOptionA
InternetHangUp
SetUrlCacheHeaderData
InternetTimeToSystemTimeW
FtpDeleteFileW
InternetCheckConnectionA
InternetErrorDlg
IsUrlCacheEntryExpiredW
InternetReadFileExW
UpdateUrlCacheContentPath
FindNextUrlCacheContainerW
GetUrlCacheGroupAttributeA
GetUrlCacheEntryInfoW
HttpSendRequestExW
InternetShowSecurityInfoByURLW
FtpGetFileA
GopherFindFirstFileW
IncrementUrlCacheHeaderData
HttpAddRequestHeadersA
InternetAlgIdToStringW
DetectAutoProxyUrl
InternetAttemptConnect

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

164c6b239a138705f05db550a3cff7a0

Headers

File Characteristics

Imports

kernel32

user32

shell32

wininet

Sections

.text Size: 163KB - Virtual size: 163KB

.data Size: 93KB - Virtual size: 92KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 163KB - Virtual size: 163KB

.data
Size: 93KB - Virtual size: 92KB

.reloc
Size: 22KB - Virtual size: 22KB