0b9c3b793dc96e06f5af5c36769d7070_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b9c3b793dc96e06f5af5c36769d7070_JaffaCakes118
Size

10.3MB
MD5

0b9c3b793dc96e06f5af5c36769d7070
SHA1

d89301048b300ddfee554a2975d38c312275bfe4
SHA256

b1aae0f6a4467a907599edf24c5c3d3de27edc89f342c4f4263ebb64f3a2be24
SHA512

88db1d573477bb4218dde0e69a84ae968c9d667ea818a166ba8154bb56e3c41ac488432a429f0154f2ffa9dbdbd6957a9d6c7e1d732645bbf151fa3815846706
SSDEEP

196608:L0eGJc5z4fCKYTMUQ4cZkz3qtlEvO70mOHfxEhZRJLx0Xhw2wap:L4Jc5z4aQ5izazExJEhZRYQap

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b9c3b793dc96e06f5af5c36769d7070_JaffaCakes118

Files

0b9c3b793dc96e06f5af5c36769d7070_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2f04f8919f6790546c792f4acbacc370

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
malloc
free
fopen
fread
fwrite
ftell
fseek
fclose
ferror
time
srand
rand
strncpy
_strnicmp
strncmp
_strdup
strlen
longjmp
_setjmp3
strcpy
atoi
sprintf
strstr
strcmp
fabs
ceil
floor
localtime
mktime
gmtime
abort
_snprintf
__p__iob
fprintf
_CIpow
strtod

kernel32

GetModuleHandleA
HeapCreate
GetModuleFileNameA
HeapDestroy
ExitProcess
HeapAlloc
HeapFree
SetFileAttributesA
CreateFileA
SetFileTime
CloseHandle
SystemTimeToFileTime
LocalFileTimeToFileTime
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CreateThread
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
Sleep
GetTickCount
GetVersionExA
SetLastError
TlsAlloc
GlobalAlloc
GlobalFree
MulDiv
GetTempPathA
DeleteFileA
GetLocalTime
WriteFile
ReadFile
SetFilePointer
HeapReAlloc

comctl32

InitCommonControls
InitCommonControlsEx

user32

SetTimer
KillTimer
OemToCharA
CharUpperA
MessageBoxA
SendMessageA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
DestroyWindow
SetWindowTextA
InvalidateRect
UpdateWindow
GetClientRect
GetIconInfo
DrawStateA
GetFocus
GetSysColorBrush
FrameRect
DrawFocusRect
GetWindowLongA
GetDC
GetWindowRect
ValidateRect
ReleaseDC
CallWindowProcA
CreateWindowExA
SetWindowLongA
GetParent
MapWindowPoints
ScreenToClient
RedrawWindow
SetWindowPos
ReleaseCapture
BeginPaint
EndPaint
SetCapture
GetSystemMetrics
GetSysColor
SetCursor
FillRect
GetWindowTextA
GetCapture
DefWindowProcA
LoadCursorA
ShowWindow
RemovePropA
SetPropA
GetPropA
MoveWindow
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassA
AdjustWindowRectEx
CreateAcceleratorTableA
SetCursorPos
LoadImageA
SystemParametersInfoA
GetKeyState
PostMessageA
GetCursorPos
SetFocus
IsChild
GetClassNameA
EnumChildWindows
DefFrameProcA
DestroyIcon
CreateIconFromResourceEx
CreateIconFromResource

gdi32

GetStockObject
CreateRectRgn
SelectClipRgn
GetObjectA
GetObjectType
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
SetBkColor
SetTextColor
CreateRectRgnIndirect
SetBkMode
TextOutA
GetTextExtentPoint32A
CreatePen
MoveToEx
LineTo
CreateSolidBrush
SetDIBits
CreateDIBSection
GetDIBits
CreateBitmap
SetPixel
CreateDCA
GetDeviceCaps
CreateFontA

oleaut32

SysAllocString

imagehlp

MakeSureDirectoryPathExists

ole32

CoTaskMemFree
CoInitialize
RevokeDragDrop

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
connect
ioctlsocket
recvfrom
recv
send
sendto
WSAGetLastError

shell32

ShellExecuteA

winmm

timeBeginPeriod
timeEndPeriod

shlwapi

SHStrDupA

Sections

.code
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f04f8919f6790546c792f4acbacc370

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

user32

gdi32

oleaut32

imagehlp

ole32

wsock32

shell32

winmm

shlwapi

Sections

.code Size: 7KB - Virtual size: 6KB

.text Size: 147KB - Virtual size: 146KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 66KB - Virtual size: 67KB

.rsrc Size: 7KB - Virtual size: 6KB

.code
Size: 7KB - Virtual size: 6KB

.text
Size: 147KB - Virtual size: 146KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 66KB - Virtual size: 67KB

.rsrc
Size: 7KB - Virtual size: 6KB