0d667d5ea5a5e268886092089b576d70_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d667d5ea5a5e268886092089b576d70_JaffaCakes118
Size

300KB
MD5

0d667d5ea5a5e268886092089b576d70
SHA1

b04a6bdd9c0c634f4ca861a26091c12f402d7d04
SHA256

c21c9c3fa9698bf711a7d82edfa2468939a8537b2965cac88f7e4504665604a4
SHA512

26499ad729c0d93e32f59d3a21a25c3f10395462cc29df2c062d2bb214746074cdb58a6a537364e04fd906e25ec954f4a523c49213373185e21501db101dc2b9
SSDEEP

6144:qCv/kBf9IMpbHGuiZi+eJWAyGs/VSyO0TOfgPKyFBr:FtMpbmu1+TGsdPAwKy7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d667d5ea5a5e268886092089b576d70_JaffaCakes118

Files

0d667d5ea5a5e268886092089b576d70_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45f0f9f22eb126b9ec0954fb1d508bd4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetWriteFileExW
InternetCanonicalizeUrlA
GopherGetAttributeA
FtpGetFileW
GetUrlCacheEntryInfoExW

advapi32

CryptSetHashParam
CryptDuplicateHash
CryptSetProviderA
RegReplaceKeyA
CryptGenKey
CryptSetProvParam
RegDeleteValueA
RegEnumKeyW
CryptVerifySignatureA
CryptContextAddRef
InitiateSystemShutdownA
LookupPrivilegeDisplayNameA
LookupAccountNameA
LookupPrivilegeValueW
RegSetKeySecurity
RegLoadKeyW
RegOpenKeyExW
CryptGenRandom

user32

SetMenuDefaultItem
SendMessageTimeoutA
IsMenu
ClientToScreen
SetFocus
DdeKeepStringHandle
DispatchMessageA
DlgDirListW
DdeConnectList
PostThreadMessageW
DrawTextExW
IsCharLowerA
SetDlgItemTextA
UnhookWindowsHookEx
MessageBoxW
TrackMouseEvent
SetDlgItemTextW
EnumChildWindows
GetClassNameA
IsCharUpperW
DestroyWindow
ToUnicodeEx
ScrollWindowEx
CreateWindowExW
SetMenuItemInfoW
DefWindowProcW
DdeCmpStringHandles
CreateDesktopW
PaintDesktop
ChangeDisplaySettingsExA
GetAsyncKeyState
OpenWindowStationA
GetKeyNameTextA
GetParent
InvertRect
OpenIcon
SetUserObjectInformationW
GetWindowContextHelpId
RegisterClassExA
LoadKeyboardLayoutW
GetMenuCheckMarkDimensions
ShowWindow
CopyIcon
MapVirtualKeyExW
LoadBitmapW
GetKeyboardType
GetShellWindow
GetKeyboardLayoutNameW
GetWindowModuleFileNameW
GetClassLongA
GetMessageExtraInfo
RegisterClassA
UnhookWindowsHook

kernel32

SetStdHandle
ReadFile
TlsFree
FreeEnvironmentStringsW
EnterCriticalSection
GetStringTypeW
SetLocaleInfoW
WriteFile
GetTickCount
HeapAlloc
GetCPInfo
InterlockedExchange
TlsAlloc
InitializeCriticalSection
GetStringTypeA
lstrcpy
RtlUnwind
InterlockedCompareExchange
FindNextChangeNotification
SetConsoleCP
GetCurrentProcessId
GetLongPathNameA
GetProcAddress
GetTimeZoneInformation
GetProcessAffinityMask
InterlockedExchangeAdd
VirtualFree
DeleteCriticalSection
InterlockedIncrement
GetEnvironmentStrings
GetLocaleInfoW
ReadConsoleW
GetCurrentThread
CreatePipe
HeapDestroy
TlsGetValue
MultiByteToWideChar
SetEnvironmentVariableA
SetVolumeLabelA
SetEndOfFile
GetEnvironmentStringsW
GetLastError
WriteConsoleOutputCharacterA
VirtualQuery
LoadLibraryW
HeapFree
GetModuleFileNameA
VirtualFreeEx
TlsSetValue
GetACP
GetThreadContext
SetFileTime
SetConsoleCursorInfo
SetFileAttributesA
ExitProcess
FreeEnvironmentStringsA
MoveFileW
OpenFileMappingW
GetStartupInfoA
GetStdHandle
WideCharToMultiByte
GetSystemTimeAdjustment
HeapCreate
GetOEMCP
GetConsoleScreenBufferInfo
SetLastError
CreateEventA
LCMapStringW
SetFilePointer
GlobalSize
PulseEvent
RemoveDirectoryW
SetHandleCount
SetPriorityClass
TerminateProcess
GetSystemTimeAsFileTime
ReadConsoleOutputW
UnhandledExceptionFilter
LoadLibraryA
LCMapStringA
WriteConsoleOutputCharacterW
GetSystemTime
SetConsoleCursorPosition
GetPrivateProfileIntA
GetStringTypeExA
GetCommandLineW
HeapReAlloc
GetCommandLineA
SetCurrentDirectoryA
GetLocalTime
QueryPerformanceCounter
RtlZeroMemory
LeaveCriticalSection
lstrcpynW
GetFileType
GetCurrentThreadId
InterlockedDecrement
GetCurrentProcess
CompareStringA
CompareStringW
CreateMutexA
GetLogicalDriveStringsA
GetVersion
GetModuleHandleA
GetLongPathNameW
FlushFileBuffers
CloseHandle
OpenMutexA
VirtualAlloc
IsBadWritePtr

comctl32

ImageList_DrawIndirect
ImageList_LoadImageW
ImageList_DragMove
CreatePropertySheetPageA
ImageList_DragEnter
CreateToolbar
ImageList_SetFilter
ImageList_SetImageCount
ImageList_GetImageInfo
CreateUpDownControl
CreateStatusWindowA
ImageList_Draw
InitCommonControlsEx
ImageList_AddIcon
DrawStatusTextA
ImageList_SetFlags
GetEffectiveClientRect
CreatePropertySheetPageW
ImageList_Create
ImageList_SetOverlayImage
ImageList_GetImageRect
DrawStatusText
ImageList_SetBkColor
_TrackMouseEvent
ImageList_Duplicate

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45f0f9f22eb126b9ec0954fb1d508bd4

Headers

File Characteristics

Imports

wininet

advapi32

user32

kernel32

comctl32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 92KB - Virtual size: 97KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 92KB - Virtual size: 97KB

.rsrc
Size: 12KB - Virtual size: 10KB