1839d5481525e66ccedebe345111cf9e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1839d5481525e66ccedebe345111cf9e_JaffaCakes118
Size

304KB
MD5

1839d5481525e66ccedebe345111cf9e
SHA1

21f1e765be7aba32d372595a0bd1f610a8d8b0fd
SHA256

c518d33576c65754db21079628e34a94d5001790445f261b211027b5f6609060
SHA512

daed326041a7e9ab0f7e006145b242a733bb7ca551670804dc4230dbea5016b7855e459caa63e39ed6eb595b30e106bdb3ac9e7d35f581a4440f3b29162f36d0
SSDEEP

6144:DWG7HXcBSMCyhqDj0EpEv1YbTiw2Dd2fU:0SMCyh5Epw1Y7U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1839d5481525e66ccedebe345111cf9e_JaffaCakes118

Files

1839d5481525e66ccedebe345111cf9e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e8c34380d6166133f833c84a2e21e95e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
ResetEvent
WaitForMultipleObjects
Sleep
GetModuleFileNameA
CopyFileA
CreateMutexA
InitializeCriticalSection
DeleteCriticalSection
CreateToolhelp32Snapshot
Process32First
TerminateProcess
OpenProcess
Process32Next
WaitForSingleObject
TerminateThread
GetCurrentThreadId
GetCurrentProcess
GetSystemDirectoryA
SetEvent
EnterCriticalSection
LeaveCriticalSection
GetComputerNameA
lstrcmpiA
GetDiskFreeSpaceExA
GlobalMemoryStatus
SetLastError
GetTempPathA
RemoveDirectoryA
CreateDirectoryA
DeleteFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
GetLastError
FindClose
GetLogicalDrives
GetDriveTypeA
ExitProcess
UnmapViewOfFile
GetVersionExA
CloseHandle
MapViewOfFile
LocalFree
FreeLibrary
LoadLibraryA
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
SetStdHandle
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
HeapSize
HeapReAlloc
GetACP
GetCurrentThread
GetWindowsDirectoryA
GetVolumeInformationA
GetDiskFreeSpaceA
lstrlenA
GetCurrentProcessId
FreeEnvironmentStringsA
GetEnvironmentStrings
GetModuleHandleA
GetPriorityClass
GetProcessVersion
GetProcessTimes
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
lstrlenW
DuplicateHandle
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
lstrcpyA
lstrcpynA
GetFullPathNameA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcatA
GetVersion
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GetFileAttributesA
GetFileSize
GetFileTime
GetCPInfo
GetOEMCP
RtlUnwind
CreateThread
ExitThread
GetStartupInfoA
GetCommandLineA
HeapFree
HeapAlloc
RaiseException
GetTimeZoneInformation

user32

GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
CallNextHookEx
SetWindowsHookExA
DestroyWindow
GetKeyState
GetDlgCtrlID
GetDlgItem
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetParent
GetTopWindow
EnableWindow
CopyRect
AdjustWindowRectEx
SetFocus
GetFocus
GetDesktopWindow
GetSysColor
MapWindowPoints
PostMessageA
LoadStringA
ClientToScreen
TabbedTextOutA
GrayStringA
GetMenuState
GetClassNameA
PtInRect
ReleaseDC
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetWindowTextA
GetSysColorBrush
DestroyMenu
GetDC
GetClassLongA
GetWindowDC
IsWindow
SendMessageTimeoutA
EnumWindows
GetWindowThreadProcessId
GetWindowLongA
GetWindow
MessageBoxA
ExitWindowsEx
DispatchMessageA
TranslateMessage
GetMessageA
RegisterClassExA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
CreateWindowExA
SendMessageA
DefWindowProcA
EndPaint
EnumDisplaySettingsA
PeekMessageA
DrawTextA
GetClientRect
BeginPaint
SetTimer
PostQuitMessage
keybd_event
mouse_event

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
SetBkColor
GetClipBox
CreateICA
DeleteObject
CreateBitmap
Escape
ExtTextOutA
GetDIBits
RealizePalette
SelectPalette
GetStockObject
DeleteDC
GetTextMetricsA
GetObjectA
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
SetBkMode
SetTextColor
CreateFontIndirectA
TextOutA
RectVisible
PtVisible

ws2_32

WSAWaitForMultipleEvents
WSAResetEvent
WSAGetOverlappedResult
closesocket
shutdown
listen
bind
WSASocketA
inet_addr
gethostbyname
htons
WSAGetLastError
connect
select
__WSAFDIsSet
WSASetLastError
WSACloseEvent
WSAEventSelect
WSACreateEvent
WSACleanup
WSAStartup
WSASetEvent
gethostname
WSASend
WSARecv
inet_ntoa
WSAAccept
ioctlsocket
WSAEnumNetworkEvents

advapi32

RegOpenKeyA
GetTokenInformation
OpenThreadToken
OpenServiceA
CloseServiceHandle
ControlService
QueryServiceConfigA
QueryServiceStatus
OpenSCManagerA
UnlockServiceDatabase
EnumServicesStatusA
EnumDependentServicesA
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
RegCloseKey
RegQueryInfoKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyA
RegEnumKeyA
LookupAccountSidA
RegQueryValueExA
RegEnumValueA

shell32

SHGetFileInfoA
ShellExecuteA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

ole32

CoCreateGuid

oleaut32

VarBstrFromDate
VariantClear

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8c34380d6166133f833c84a2e21e95e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

advapi32

shell32

comdlg32

winspool.drv

comctl32

ole32

oleaut32

Sections

.text Size: 136KB - Virtual size: 132KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 20KB - Virtual size: 31KB

.rsrc Size: 120KB - Virtual size: 117KB

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 20KB - Virtual size: 31KB

.rsrc
Size: 120KB - Virtual size: 117KB