18a5bbaecbd7cc3cc5f20ca30124ea52_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

18a5bbaecbd7cc3cc5f20ca30124ea52_JaffaCakes118
Size

224KB
MD5

18a5bbaecbd7cc3cc5f20ca30124ea52
SHA1

37e6e72596a41a56d822fa73486c547c11a247e5
SHA256

48b162ed091ecb7d3c4b9a82ab1bd84d0e428c9008ccaddeb0988d9623a75927
SHA512

d4bf8347fdcbb0e7212c13d63d47a9cf43089ee3bd7dca45e1c8c1b02cc78b1e216de92299516d2b4c0bbee7ce5faad3cd2f2a4641002611307a3d5dc3bf097e
SSDEEP

3072:p+FzP+RIch7JjGHr+yZgnNKhGFJZ1FgJ6yDu4Dwn+lnDH/zb+NO7FELdIqsl9JK:rmcLCHr+SgnNKhGFkdDZxDeI6pxyk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18a5bbaecbd7cc3cc5f20ca30124ea52_JaffaCakes118

Files

18a5bbaecbd7cc3cc5f20ca30124ea52_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16ed3de0a077c6e63d3f2758eaa39ed2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\onidev\hsp3dev\hsprt\Release\hsprt.pdb

Imports

comctl32

ord17

kernel32

SetEndOfFile
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualQuery
VirtualProtect
GetCPInfo
GetOEMCP
GetACP
HeapSize
WriteFile
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ReadFile
CloseHandle
LCMapStringW
LCMapStringA
SetFilePointer
GetCurrentProcess
TerminateProcess
ExitProcess
SetUnhandledExceptionFilter
GetVersionExA
GetStartupInfoA
GetModuleHandleA
SetCurrentDirectoryA
SetEnvironmentVariableA
CreateDirectoryA
GetLastError
HeapReAlloc
GetFullPathNameA
GetCurrentDirectoryA
GetDriveTypeA
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetLocalTime
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
GetShortPathNameA
GlobalLock
GlobalUnlock
MulDiv
GlobalAlloc
GlobalFree
GetCommandLineA
Sleep
GetTickCount
GetSystemInfo
GlobalMemoryStatus
GetVersion
GetComputerNameA
GetWindowsDirectoryA
GetSystemDirectoryA
WinExec
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetProcAddress
GetModuleFileNameA
FreeEnvironmentStringsW
FlushFileBuffers
CreateFileA
GetLocaleInfoA
GetCurrentThreadId
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA

user32

ReleaseDC
GetSystemMetrics
GetDC
PostMessageA
IsWindowEnabled
SetFocus
GetFocus
GetDlgItemTextA
GetDlgCtrlID
IsDlgButtonChecked
UnregisterClassA
LoadIconA
LoadCursorA
RegisterClassA
DefWindowProcA
SetWindowLongA
InvalidateRect
BeginPaint
EndPaint
GetClientRect
FillRect
GetSysColor
MoveWindow
SetWindowTextA
GetActiveWindow
GetWindowLongA
FindWindowA
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowRect
SetActiveWindow
SetWindowPos
GetAsyncKeyState
GetCursorPos
SetCursorPos
ShowCursor
MessageBoxA
EnumDisplaySettingsA
ChangeDisplaySettingsA
CreateWindowExA
ShowWindow
SendMessageA
DestroyWindow

gdi32

CreateDIBSection
CreateCompatibleDC
Rectangle
DeleteDC
SetStretchBltMode
StretchBlt
Ellipse
MoveToEx
LineTo
SetPixel
GetPixel
GetTextExtentPoint32A
TextOutA
SetDIBColorTable
CreatePalette
SetBkMode
SetTextColor
CreateSolidBrush
CreatePen
GetStockObject
CreateFontIndirectA
GetTextMetricsA
SelectObject
DeleteObject
SelectPalette
RealizePalette
BitBlt
GetDeviceCaps

comdlg32

GetSaveFileNameA
ChooseColorA
GetOpenFileNameA

advapi32

GetUserNameA

shell32

ShellExecuteExA
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoCreateInstance
IIDFromString
CLSIDFromProgID
OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoUninitialize
CoInitializeEx

oleaut32

SysAllocStringByteLen
OleLoadPicture
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
VariantClear
VariantInit
SafeArrayAccessData
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayCreate
SysFreeString
VariantChangeType
VariantCopyInd
VariantCopy
SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype

winmm

sndPlaySoundA
mciSendStringA

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16ed3de0a077c6e63d3f2758eaa39ed2

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winmm

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB