1c20617896969ea590d2414331813801_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c20617896969ea590d2414331813801_JaffaCakes118
Size

1.2MB
MD5

1c20617896969ea590d2414331813801
SHA1

48f5cde2251935de4de8478365351b62f6ea1762
SHA256

cdc6eeb1d7701c6183fb6f9e27f89de65714c655ad87b902c8b922876e966838
SHA512

fa4b7e2b2ae75dfb8fc78c5b1d66a04eabc9f44b15450e98e6f40f0f832128f47bbbd64412376457b3a858748c612c95b2e189c7fd327cdd0a5d8db7451b54ad
SSDEEP

12288:nKa3x4u1N20j7zYqBHvHfvLAx67GAMFHgHegjc8iA7H:nKYWjgoi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c20617896969ea590d2414331813801_JaffaCakes118

Files

1c20617896969ea590d2414331813801_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9016a0e816dae3948c3ece82666558b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\bak\SkinLogin\Release\SkinLogin.pdb

Imports

kernel32

CreateProcessA
TerminateProcess
ReadFile
FindFirstFileA
RemoveDirectoryA
FindNextFileA
ResumeThread
DeleteFileA
LeaveCriticalSection
DeleteCriticalSection
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
GetVersion
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
DeviceIoControl
CreateFileA
MultiByteToWideChar
InterlockedDecrement
WaitForSingleObject
GetCurrentDirectoryA
CreateMutexA
GetLastError
lstrlenA
LoadLibraryExA
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalFree
GlobalAlloc
WriteProcessMemory
CloseHandle
GetExitCodeThread
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
VirtualFree
HeapCreate
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoA
GetCPInfo
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
VirtualAllocEx
OpenProcess
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
HeapReAlloc
VirtualAlloc
CreateRemoteThread
GetCurrentProcessId
HeapFree
HeapAlloc
GetModuleHandleW
Sleep
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineA
EnterCriticalSection

user32

GetClientRect
MessageBoxA
GetDlgItemTextA
UpdateWindow
DispatchMessageA
ShowWindow
DefWindowProcA
GetDlgItem
TranslateMessage
SendMessageA
SetFocus
SetForegroundWindow
PostQuitMessage
CreateDialogParamA
GetMessageA
DestroyWindow
FindWindowA
LoadImageA
SendDlgItemMessageA
SetDlgItemTextA
EndPaint
BeginPaint
SetWindowLongA
PostMessageA
RegisterClassExA
DrawTextA
GetWindowLongA
SetWindowPos
LoadCursorA
SetTimer
KillTimer
InvalidateRect
UnregisterClassA
CreateWindowExA

gdi32

CreateCompatibleDC
CreateFontA
SetTextColor
SetBkMode
BitBlt
DeleteDC
DeleteObject
SelectObject
GetObjectA

advapi32

OpenSCManagerA
CloseServiceHandle
DeleteService
CreateServiceA
ControlService
OpenServiceA
StartServiceA

ole32

OleCreate
OleSetContainedObject
CoInitialize
CoUninitialize
OleInitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocStringLen
SysAllocString

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetReadFile

comctl32

_TrackMouseEvent

urlmon

URLDownloadToFileA

wsock32

WSACleanup
gethostbyname
WSAStartup

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

hid

HidD_GetAttributes

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9016a0e816dae3948c3ece82666558b1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

comctl32

urlmon

wsock32

setupapi

hid

Sections

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 17KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 17KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 11KB - Virtual size: 10KB