1bfbeb31a95cba5d1d3e608949735593_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1bfbeb31a95cba5d1d3e608949735593_JaffaCakes118
Size

292KB
MD5

1bfbeb31a95cba5d1d3e608949735593
SHA1

f5553d3c71b84700867b8491d26bd1e8e42ac4d6
SHA256

ff471b8aa9733e4743939f251a71d72ecbbde346e52dd564c0e239cab894cc9b
SHA512

6a9c66c50a4592a7894688cf5a54a93f64ca1a36efe211c2ba535c8ccdc701cb6f7fadbbfd44e4953f1851508052c192863f200d2f76e49d7467421f64e6e7c7
SSDEEP

6144:mVsa9LAKP0KtMYQpNxb4WGNwFlFzY4IWHZVa4:0saeKPR2dNxkJNKlg+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bfbeb31a95cba5d1d3e608949735593_JaffaCakes118

Files

1bfbeb31a95cba5d1d3e608949735593_JaffaCakes118
.exe windows:4 windows x86 arch:x86

892037cbaa120485cb9f0fecbc522215

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
wcsrchr
_allshr
_chkstk
toupper
strstr
tolower
isspace
ZwSetInformationFile
_allmul
_alldiv
_allrem
wcsncpy
_atoi64
wcscmp
memchr
isdigit
atoi
_vsnprintf
sprintf
_aulldiv
wcscpy
wcscat
ZwOpenMutant
ZwCreateMutant
strncpy
memmove
_snwprintf
ZwWaitForSingleObject
ZwSetEvent
ZwClose
_stricmp
_wcsicmp
_strnicmp
ZwCreateEvent
wcslen

comctl32

ord17

kernel32

GetFileSize
GetWindowsDirectoryW
SetFilePointer
OpenEventW
GetCurrentProcess
GetModuleHandleA
ReleaseMutex
CreateMutexW
GetCurrentThreadId
SetLastError
GetSystemTimeAsFileTime
GlobalFree
GlobalAlloc
CreateFileW
GetSystemTime
GetEnvironmentVariableW
GetLongPathNameW
CreateDirectoryW
FindFirstFileW
SetFileAttributesW
FindNextFileW
FindClose
DefineDosDeviceW
GetStartupInfoA
CloseHandle
GetProcAddress
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
Sleep
InterlockedExchange
GetCurrentProcessId
GetVersion
ExitProcess
TerminateThread
GetCommandLineW
GetModuleFileNameW
WriteFile
ReadFile
LoadLibraryW
GetTickCount
WaitForSingleObject
OpenProcess
SetThreadPriority
GetCurrentThread
DisconnectNamedPipe
FlushFileBuffers
GetLastError
ConnectNamedPipe
CreateNamedPipeW
LoadLibraryExW
FreeLibrary
GetLocalTime
SystemTimeToFileTime
LocalFree
FormatMessageA
CreateEventW
SetEvent
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
RemoveDirectoryW
GetFileAttributesW

user32

SetWindowLongW
GetDlgItemTextW
IsDlgButtonChecked
EndDialog
GetWindowLongW
EnableWindow
ShowWindow
SetWindowPos
CreateDialogParamW
DialogBoxParamW
GetScrollInfo
SetDlgItemInt
GetThreadDesktop
SetWindowTextW
GetDlgItemInt
LoadIconW
RegisterWindowMessageW
SendMessageTimeoutW
GetWindowThreadProcessId
CloseDesktop
EnumDesktopWindows
OpenDesktopW
GetProcessWindowStation
EnumDesktopsW
DestroyMenu
PostThreadMessageW
TrackPopupMenu
CheckDlgButton
SetForegroundWindow
SetMenuDefaultItem
EnableMenuItem
GetSubMenu
LoadMenuW
EnumWindows
GetForegroundWindow
OpenInputDesktop
DefWindowProcW
UnregisterHotKey
RegisterHotKey
DestroyWindow
TranslateMessage
DispatchMessageW
GetMessageW
CreateWindowExW
MsgWaitForMultipleObjects
PeekMessageW
GetUserObjectInformationW
RegisterClassW
CharLowerW
LoadStringW
MessageBoxW
FindWindowW
PostMessageW
wsprintfW
SendDlgItemMessageW
GetDlgItem
SetDlgItemTextW
GetCursorPos
SendMessageW
SetThreadDesktop

advapi32

AdjustTokenPrivileges
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegSetValueExW

shell32

Shell_NotifyIconW

ws2_32

select
connect
htons
ioctlsocket
WSAGetLastError
socket
closesocket
shutdown
setsockopt
listen
bind
ntohs
accept
recv
send
getsockname
getpeername
inet_addr
WSAStartup
inet_ntoa
gethostbyname
getsockopt

msvcrt

??2@YAPAXI@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_CxxThrowException
??1exception@@UAE@XZ
_purecall
_beginthread
_beginthreadex
free
malloc
_itow
_except_handler3
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__CxxFrameHandler

shlwapi

SHDeleteKeyW
PathMatchSpecW

Sections

.text
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

892037cbaa120485cb9f0fecbc522215

Headers

File Characteristics

Imports

ntdll

comctl32

kernel32

user32

advapi32

shell32

ws2_32

msvcrt

shlwapi

Sections

.text Size: 237KB - Virtual size: 237KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 11KB - Virtual size: 12KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 237KB - Virtual size: 237KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 10KB - Virtual size: 10KB