0b1fdab44749412cc462b8996ac16c7a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b1fdab44749412cc462b8996ac16c7a_JaffaCakes118
Size

5.8MB
MD5

0b1fdab44749412cc462b8996ac16c7a
SHA1

071d59b023ccb097db15bf27b77f7b5ddb72e607
SHA256

92ec403d6cce5e25b8af50015dae48472c473aba8835ca0713c8dc76c3059846
SHA512

15dc87e964317fa25c7377ca14315b5845c0ba1709eadb41feb6343e17592fb057dcb369a50f78056d3f1253aa4f6813f9a47ee4efbe7c968d84b704d02f8b48
SSDEEP

98304:w9bR12bmBXKFBOSh02QgTVWJOdbrllYZMW8KgoN4aH6o42JV250w1o93Z5vE9KdG:w7BKBbh02tTsIxrgZr88NxaE21KZaCUt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b1fdab44749412cc462b8996ac16c7a_JaffaCakes118

Files

0b1fdab44749412cc462b8996ac16c7a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

083e6b466b10758d18ee6eb64923478d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DragShowNolock
ord17
CreateStatusWindowW

shell32

SHAddToRecentDocs
SHGetPathFromIDListA
Shell_NotifyIconW

ws2_32

recvfrom
inet_ntoa
getpeername
WSASetBlockingHook
WSADuplicateSocketA

kernel32

FreeEnvironmentStringsA
CreateDirectoryA
_lclose
LoadLibraryExA
TryEnterCriticalSection
SetProcessShutdownParameters
GetCommConfig
LocalFileTimeToFileTime
CreateNamedPipeW
ReadFile
GetCPInfo
GetFullPathNameA
GlobalFlags
GetBinaryTypeA
lstrcpyA
GetPrivateProfileStringA
GetLogicalDriveStringsA
GetDriveTypeW
IsBadStringPtrA
lstrcatW
VirtualUnlock
GetCurrentProcessId
lstrcmpA
OutputDebugStringA
SetupComm
_lopen
GetFileType
CreateEventA
SetFileAttributesA
OpenMutexA
GetFileAttributesA
GetPrivateProfileStringW
SetCommMask
WriteConsoleOutputCharacterA
FindCloseChangeNotification
SetConsoleMode
FreeLibrary
SetStdHandle
GetVersion
ConnectNamedPipe
GetTempFileNameA
SetErrorMode
ReadConsoleA
GetLocaleInfoW
_hread
GetProfileStringA
GetSystemTime
FindResourceExA
CreateProcessA
SetThreadLocale
IsDBCSLeadByteEx
UnhandledExceptionFilter
VirtualAllocEx
FileTimeToLocalFileTime
GetOEMCP
SetConsoleWindowInfo
GetSystemDirectoryW
WritePrivateProfileStructA
IsValidLocale
IsBadWritePtr
SetMailslotInfo
GetStringTypeExW
SetSystemTime
GetWindowsDirectoryA
DeleteCriticalSection
GetACP
GetAtomNameA
SuspendThread
CopyFileExW
MoveFileExA
SetFileTime
CloseHandle
PeekNamedPipe
GetEnvironmentStringsW
DuplicateHandle
GlobalDeleteAtom
lstrcpynA
LocalSize
RemoveDirectoryA
GetSystemDefaultLangID
ExitProcess
LocalReAlloc
DebugBreak
WriteProcessMemory
RaiseException
EnumSystemCodePagesW
GetVolumeInformationW
GetProcessHeap
EndUpdateResourceA
TlsGetValue
ExitThread
GetNumberFormatW
ExpandEnvironmentStringsW
SwitchToFiber
AreFileApisANSI
CreateDirectoryW
GetOverlappedResult
GlobalFindAtomA
FillConsoleOutputCharacterA
_lread
GetModuleHandleA
VirtualLock
SetEvent
GetDiskFreeSpaceExA
UnmapViewOfFile
WaitNamedPipeA
FindNextChangeNotification

user32

SetMenuItemBitmaps
GetMenuItemInfoA
IsDlgButtonChecked
SetLastErrorEx
CreateCursor
GetKeyNameTextA
DefDlgProcW
GetUpdateRect
GetPropW
IsClipboardFormatAvailable
GetWindow
SetMenu
CharNextExA
SetKeyboardState
ChildWindowFromPoint
GetScrollPos
ShowCursor
ChangeDisplaySettingsExA
RemoveMenu
EnableScrollBar
LoadImageA
EnumThreadWindows
CharLowerW
FindWindowExW
CharUpperBuffW
DrawTextA
SubtractRect
ModifyMenuW
GetMenuItemID
ShowWindow
TranslateMDISysAccel
CharPrevA
PeekMessageA
SwitchToThisWindow
KillTimer
SendMessageCallbackW
GetMenuStringW
SendMessageW
WindowFromDC
ModifyMenuA
DestroyCursor
RegisterClassW
SetWindowTextW
LoadMenuIndirectW
SetDlgItemTextA
GetWindowLongA
ToAscii
SetClassLongA
MonitorFromPoint
OpenWindowStationA
MapVirtualKeyExW

advapi32

GetAce
RegDeleteValueW
InitializeSid
RegOpenKeyExA
RegCreateKeyExW
NotifyChangeEventLog
RegDeleteKeyW
SetSecurityDescriptorSacl
LookupAccountNameW
CryptSetHashParam
SetEntriesInAclA
RegUnLoadKeyA
RegEnumKeyW
OpenServiceA
SetTokenInformation
LookupPrivilegeValueW
GetPrivateObjectSecurity
RegDeleteKeyA
AllocateLocallyUniqueId
RegSetValueA
LookupPrivilegeNameA
SetServiceStatus
DeregisterEventSource
LockServiceDatabase
BuildTrusteeWithNameW
GetSecurityDescriptorSacl
CryptDeriveKey
ImpersonateSelf
CryptVerifySignatureA
CryptGetProvParam
RegQueryValueA
ObjectCloseAuditAlarmA
CreateProcessAsUserA
StartServiceCtrlDispatcherA
StartServiceA
RegNotifyChangeKeyValue

msvcrt

swprintf
wcsncat
_fsopen
__p___argc
_strdup
_wcslwr
_kbhit
sprintf
putchar
longjmp
_wtoi
fputs
bsearch
remove
towlower
_mbsicmp
realloc
_itoa
_wcsnset
_wstrtime
_close
free
_ui64tow
_getdcwd
_wfreopen
iswctype
_wfullpath
wctomb
_cexit
_wcsrev
setlocale
_flushall
puts
strrchr
ungetc
_ecvt
_chdir
memmove
_sopen
vprintf

Sections

.text
Size: 5KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

083e6b466b10758d18ee6eb64923478d

Headers

File Characteristics

Imports

comctl32

shell32

ws2_32

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 5KB - Virtual size: 225KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 5.5MB - Virtual size: 5.5MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 5KB - Virtual size: 225KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 5.5MB - Virtual size: 5.5MB

.rsrc
Size: 17KB - Virtual size: 16KB