08725112ca2ea42f92b100a9130e0b2c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08725112ca2ea42f92b100a9130e0b2c_JaffaCakes118
Size

357KB
MD5

08725112ca2ea42f92b100a9130e0b2c
SHA1

132282c7941d4598bc5b786f094110c60391a644
SHA256

173c09aa491a562c855c5385ba8915187a2103e9e48f6e16069b33b6b2259157
SHA512

4f578272b5b1aeff31fd6f6099405a49b20479e9f8a950a08a13d7df0bc4c96d33ba75097aafb189885ddb19e6884f6ddf1af1df153d83b9a80632b5f7313ce6
SSDEEP

6144:W5Ek8Ji1ENcO1KMV94nW5ov7F7mRTVY0Quq+YnOz65pnXa2ZTxfWTYzz5MFG0iYs:W5ECENcO1TV2nWwMVQuoj5wTYzz5KG0G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08725112ca2ea42f92b100a9130e0b2c_JaffaCakes118

Files

08725112ca2ea42f92b100a9130e0b2c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c6e2fe27e98efb6ef2316501cdd89669

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ToolsBuild\14.1.0.3056\source\release\MicrogamingInstall.pdb

Imports

kernel32

lstrcatA
WideCharToMultiByte
FindClose
GetFileSize
GetVersionExA
MultiByteToWideChar
lstrcpyA
CreateDirectoryA
FindFirstFileA
GetFileAttributesA
lstrcpynA
lstrcpynW
GetFileAttributesW
GetModuleFileNameW
lstrlenW
GetPrivateProfileStringW
OutputDebugStringA
WriteFile
FreeLibrary
LoadLibraryA
LocalFree
DeviceIoControl
GetDriveTypeA
GetVolumeInformationA
SetEvent
CreateFileMappingA
GetExitCodeThread
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
CreateThread
CreateEventA
GetLastError
LeaveCriticalSection
EnterCriticalSection
SetEndOfFile
InitializeCriticalSection
SetLastError
CreateSemaphoreA
CreateFileW
ReadFile
GetProcAddress
ReleaseMutex
DeleteFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
GetStdHandle
GetModuleHandleA
GetComputerNameA
lstrlenA
GetWindowsDirectoryA
FindNextFileA
FormatMessageA
ReleaseSemaphore
SetFilePointer
WaitForSingleObject
GetTempFileNameA
OpenProcess
GetModuleFileNameA
CreateProcessA
CopyFileA
RemoveDirectoryA
DeleteFileA
GetTempPathA
lstrcmpiA
GetCurrentProcessId
CloseHandle
Sleep
CreateFileA
CreateMutexA
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
RaiseException
GetStartupInfoA
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
ExitThread
ExitProcess

user32

MessageBoxW
IsWindowEnabled
MapWindowPoints
UpdateWindow
EnableWindow
GetSystemMetrics
GetWindowLongA
AdjustWindowRect
LoadIconA
DispatchMessageA
InvalidateRect
SetWindowLongA
OffsetRect
PeekMessageA
ChildWindowFromPoint
wvsprintfA
GetActiveWindow
SetFocus
CopyRect
PostThreadMessageA
MessageBoxA
wsprintfA
LoadCursorA
GetDlgCtrlID
ReleaseDC
SetWindowTextA
PostMessageA
wsprintfW
DestroyWindow
CreateWindowExA
GetMessageA
RegisterClassA
ShowWindow
SetWindowPos
DefWindowProcA
GetWindowDC
GetWindowRect
TranslateMessage
IsDialogMessageA

gdi32

DeleteDC
CreateDIBSection
GetDIBits
DeleteObject
SelectObject
BitBlt
CreateCompatibleDC

advapi32

RegQueryValueW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
RegOpenKeyExW
RegSetValueExW
RegSetValueA
RegOpenKeyExA
FreeSid
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
GetUserNameA
RegSetValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFolderPathW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoUninitialize
StringFromIID
CoTaskMemFree
CLSIDFromProgID
OleSetContainedObject
OleCreate
CoCreateGuid

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantCopy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
VariantInit
SysFreeString
SysStringLen
SysAllocStringLen

wsock32

send
closesocket
WSAStartup
WSACleanup
gethostbyname
inet_ntoa
connect
ioctlsocket
select
WSAGetLastError
htons
recv
socket

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

shlwapi

UrlGetPartA
PathAppendW
SHDeleteKeyA

sensapi

IsNetworkAlive

wininet

InternetGetLastResponseInfoA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
HttpOpenRequestA
InternetCombineUrlA
InternetReadFile
InternetConnectA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetGetConnectedState

urlmon

CoInternetGetSession

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6e2fe27e98efb6ef2316501cdd89669

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wsock32

version

shlwapi

sensapi

wininet

urlmon

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 16KB - Virtual size: 35KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 16KB - Virtual size: 35KB

.rsrc
Size: 4KB - Virtual size: 3KB