044a92ad24175d451ce4e118d0f6e311_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

044a92ad24175d451ce4e118d0f6e311_JaffaCakes118
Size

36KB
MD5

044a92ad24175d451ce4e118d0f6e311
SHA1

4c4411076b882184574f2290100a65326866b9bb
SHA256

9cb009bc717d5745e5749d478a3ce74772a5cc7efec7edd6a993deea1031eae7
SHA512

bdb58d391a5a8c195ce038268eb6e64a578f5c21bbf381ad5400d3adbb02fc4dbbad9b463d1ac800501e7cb1faab8d682babbac05258b91a791a27a8e2de5ea6
SSDEEP

768:w8aczlMsXJRP+vrZ/M0xIOWTLGGcbRa7nEnOj/g785:3thMsXJRmvr5MeZRRa7x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
044a92ad24175d451ce4e118d0f6e311_JaffaCakes118

Files

044a92ad24175d451ce4e118d0f6e311_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3cf71ce6b0937d1735f0422822e967f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

mfc42

ord1105
ord535
ord6930
ord537
ord941
ord858
ord4129
ord5683
ord6928
ord4277
ord801
ord6143
ord541
ord940
ord6283
ord6282
ord540
ord2818
ord354
ord823
ord5861
ord825
ord665
ord3790
ord860
ord1247
ord2820
ord3811
ord837
ord920
ord1575
ord6877
ord800
ord5216
ord3810

msvcrt

memset
__CxxFrameHandler
strcpy
atoi
atol
sprintf
_splitpath
_ftol
memcpy
_stricmp
free
malloc
realloc
memcmp
_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
exit
_XcptFilter
_exit
_onexit
__dllonexit
_acmdln

kernel32

GetStartupInfoA
lstrcatA
lstrcpyA
InitializeCriticalSection
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleHandleA
GetShortPathNameA
MultiByteToWideChar
lstrlenW
GetCommandLineA
lstrcmpiA
WaitForSingleObject
lstrlenA
SetLastError
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetLastError
MoveFileExA
DeleteFileA
GetCurrentThreadId
WinExec
CreateProcessA
CreateToolhelp32Snapshot
Process32First
CloseHandle
Sleep
GetModuleFileNameA
GetSystemDirectoryA
GetTempPathA
Process32Next

user32

TranslateMessage
GetMessageA
KillTimer
PostThreadMessageA
SetTimer
CharNextA
LoadStringA
DispatchMessageA

advapi32

OpenServiceA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
CloseServiceHandle
RegDeleteKeyA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteValueA
StartServiceCtrlDispatcherA
RegOpenKeyExA

ole32

CoRevokeClassObject
CoCreateInstance
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
LoadTypeLi
SysAllocString
RegisterTypeLi
VarUI4FromStr

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3cf71ce6b0937d1735f0422822e967f

Headers

File Characteristics

Imports

wininet

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 2KB