19ee17d2ee9e55774971f7c48cafb56e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

19ee17d2ee9e55774971f7c48cafb56e_JaffaCakes118
Size

37KB
MD5

19ee17d2ee9e55774971f7c48cafb56e
SHA1

4b4a2ac5ad200037f611cdefee23c655f37d8ddc
SHA256

c601dee4ca685406be75c2d569bb4c7680c1090b10a6137e86964c227df86f9b
SHA512

c65890ea32278030d90dee8504ef08b2be6e7695b55a2a08e46c457e8e37fbebfafdedf078b062e7d503e3a970c8d603fa148a9a228512253323bdd1a6a74830
SSDEEP

768:AjLlziHY5/alQnhL9rkh9y6Rc8Jdopf9kk6yQoqjSubFGvDQhYkT:kLl49y6Rkpf9J2oqLFgD/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19ee17d2ee9e55774971f7c48cafb56e_JaffaCakes118

Files

19ee17d2ee9e55774971f7c48cafb56e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

44390d5abe22ef6d6ce4fe96116f9236

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
GetCurrentThread
GetCurrentProcess
CloseHandle
GlobalMemoryStatus
GetVersionExA
GetProcAddress
GetSystemInfo
GetDriveTypeA
lstrcpyA
lstrcatA
CreateToolhelp32Snapshot
FindNextFileA
GetLastError
FindClose
CreateThread
CreateFileA
Sleep
GetModuleHandleA
WriteFile
GetProcessHeap
HeapAlloc
HeapFree
OpenMutexA
CreateMutexA
TerminateThread
DeleteFileA
MoveFileA
CopyFileA
GetTickCount
GetComputerNameA
LocalAlloc
Process32First
OpenProcess
FindFirstFileA
TerminateProcess
GetStartupInfoA

user32

ToUnicodeEx
GetKeyState
GetKeyboardState
DispatchMessageA
TranslateMessage
GetMessageA
GetWindowTextA
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExA
wsprintfA
ShowWindow
MessageBoxA
CreateDialogParamA
DestroyWindow
SendMessageA
IsWindow
GetDesktopWindow
GetSystemMetrics
GetWindow
IsWindowVisible
ReleaseDC
GetDC
SetWindowTextA
PostQuitMessage
CallNextHookEx
ToAsciiEx

gdi32

CreateDIBSection
SaveDC
SelectObject
BitBlt
RestoreDC
DeleteObject
SetDIBits
CreateCompatibleBitmap
GetDIBits
GetObjectA
GetDeviceCaps
CreateCompatibleDC
CreateDCA
DeleteDC

advapi32

GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
QueryServiceConfigA
OpenServiceA
EnumServicesStatusA
OpenSCManagerA
CloseServiceHandle
StartServiceA
ControlService
QueryServiceStatusEx

shell32

ShellExecuteA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_snprintf
_ftol
realloc
calloc
wcscmp
ftell
fseek
fread
fopen
fclose
sprintf
printf
free
malloc
fwrite

ws2_32

WSAAsyncSelect
WSAStartup
socket
htons
inet_addr
inet_ntoa
gethostbyname
ntohs
closesocket
recvfrom
WSAIoctl
bind
WSAGetLastError
gethostname
WSACleanup
recv
send
connect

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

gdiplus

GdiplusShutdown
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipLoadImageFromFile
GdiplusStartup
GdipFree
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipDisposeImage

iphlpapi

GetTcpTable

Exports

Exports

?KeyEvent@@YGJHIJ@Z

Sections

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44390d5abe22ef6d6ce4fe96116f9236

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ws2_32

avicap32

gdiplus

iphlpapi

Exports

Exports

Sections

.data Size: 36KB - Virtual size: 35KB

.rsrc Size: 512B - Virtual size: 288B

.data
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 512B - Virtual size: 288B