1a7efbb3d83a460328ec58fc4b019438_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1a7efbb3d83a460328ec58fc4b019438_JaffaCakes118
Size

228KB
MD5

1a7efbb3d83a460328ec58fc4b019438
SHA1

c54cc4d70cf9afa9a8744dcbba531aa96239f877
SHA256

95d9f341c0d13ebb714fe8e57345f16a050dd07f30b164b81399e66b0a6b02cc
SHA512

b7dcc0ab6c9cd2f28eeb32ca5cd6ad721da79833331439e8609f599f36bf7e6ca335c78de2e5b6f88ada0e48de988dbded66025e6157839d6c186fb2e48c78e0
SSDEEP

3072:/tm54M2KHhaD2LbN57mHPoWCkY1R5b/7GBAnunVIZcoh7xTlLo:/tm5ZHF37oKkY1RtSBJKZcoPxo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a7efbb3d83a460328ec58fc4b019438_JaffaCakes118

Files

1a7efbb3d83a460328ec58fc4b019438_JaffaCakes118
.exe windows:4 windows x86 arch:x86

804ebaca84e0dab03193c33b140b2671

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Downloads\Sira\WildMedia\WinFetcher\Release\WinFetcher.pdb

Imports

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

kernel32

InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetModuleFileNameA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
WaitForSingleObject
GetLastError
GetProcessHeap
WideCharToMultiByte
HeapFree
lstrlenA
HeapAlloc
DeleteFileA
HeapReAlloc
InterlockedDecrement
SetFileAttributesA
CopyFileA
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
Sleep
CloseHandle
WriteFile
CreateFileA
GetTempPathA
lstrlenW
LeaveCriticalSection
GetVersion
lstrcmpiA
GetCurrentThreadId
CreateThread
CreateEventA
lstrcpynA
lstrcpyA
lstrcatA
InterlockedIncrement
SetEvent
IsDBCSLeadByte
LoadLibraryExA
GetModuleHandleA
GetCommandLineA
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCurrentProcess
RemoveDirectoryA
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
EnterCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
TlsSetValue
TlsGetValue
LCMapStringA
LCMapStringW
WinExec
LocalFree
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
ReadFile
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetTickCount
GetCurrentProcessId
SetUnhandledExceptionFilter
SetFilePointer
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr

user32

PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage
CharNextA
CharUpperA
SetTimer
wsprintfA

comdlg32

GetFileTitleA

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegCloseKey

shell32

SHGetMalloc
ShellExecuteA
SHGetDesktopFolder
SHGetPathFromIDListA

ole32

CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoCreateGuid

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocStringLen
VariantClear
VariantInit
VariantCopy
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

shlwapi

PathFileExistsA
PathFindExtensionA

ws2_32

WSASocketA
closesocket
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSAConnect
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

804ebaca84e0dab03193c33b140b2671

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 664B