24bfeaf7c9e9faa1ee5502868bdc9911_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24bfeaf7c9e9faa1ee5502868bdc9911_JaffaCakes118
Size

748KB
MD5

24bfeaf7c9e9faa1ee5502868bdc9911
SHA1

c4cea369ac90e16fc49c0356d33207597693756e
SHA256

6f270c18d9546047c80ea30cf4d16e1645860faadf3d3ecf2571e2a9e94eb409
SHA512

39208864c83b7c19faad8be04207a6c197e62be0fb58847af113f1961f6b808b7b066ca8072ccac14109b8b937ff359c9a13b294a55b67fe7bfebd783665c876
SSDEEP

12288:vOU/qzbMTOmr3D9O3P2vOpPrxTutfi8wDwOVkRjD3/6tAdu6tsu83nDOeDYXkQHJ:v3qzoTOmr3D9O3P2vOpPrxTd8wE/NXkU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24bfeaf7c9e9faa1ee5502868bdc9911_JaffaCakes118

Files

24bfeaf7c9e9faa1ee5502868bdc9911_JaffaCakes118
.exe windows:4 windows x86 arch:x86

09ce15f75bd2b2dec4c24aaeae5defcc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ntohl
htonl
ioctlsocket
gethostbyname
WSAGetLastError
gethostbyaddr
gethostname
inet_addr
connect
WSAStartup
select
htons
shutdown
setsockopt
recv
bind
socket
__WSAFDIsSet
WSASetLastError
closesocket
send
listen
accept
ntohs

wininet

InternetGetConnectedState
InternetConnectA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
DeleteUrlCacheEntry
RetrieveUrlCacheEntryStreamA
FindNextUrlCacheGroup
FindFirstUrlCacheGroup
UnlockUrlCacheEntryStream
DeleteUrlCacheGroup
ReadUrlCacheEntryStream
FindFirstUrlCacheEntryA
HttpQueryInfoA
FindCloseUrlCache
FindNextUrlCacheEntryA

comctl32

ImageList_LoadImageA

rpcrt4

UuidCreate

winmm

midiInGetNumDevs
waveInGetNumDevs
auxGetNumDevs
joyGetNumDevs
mixerGetNumDevs
midiOutGetNumDevs
waveOutGetNumDevs

kernel32

HeapDestroy
HeapSize
HeapCreate
VirtualFree
CompareStringA
TerminateProcess
HeapReAlloc
GetOEMCP
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetCPInfo
FreeLibrary
GetTickCount
LeaveCriticalSection
GetLastError
GetProcAddress
EnterCriticalSection
LoadLibraryA
WaitForSingleObject
OpenProcess
Sleep
CreateProcessA
CreateDirectoryA
GetStartupInfoA
RemoveDirectoryA
CopyFileA
GetTempFileNameA
OpenMutexA
CloseHandle
GetCurrentProcessId
GetTempPathA
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetLocalTime
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
SetEvent
CreateSemaphoreA
ReleaseSemaphore
WaitForMultipleObjects
ResumeThread
IsBadReadPtr
GetFileAttributesA
GetModuleFileNameA
CreateFileA
SetFilePointer
WriteFile
ExitProcess
GetModuleHandleA
FindResourceA
LoadResource
SizeofResource
LockResource
IsBadWritePtr
CreateEventA
MoveFileA
OpenEventA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
CreateMutexA
ReleaseMutex
GetCurrentThreadId
MulDiv
InterlockedExchange
SetConsoleCtrlHandler
MoveFileExA
SetFileAttributesA
WritePrivateProfileStringA
GetSystemDefaultLangID
GlobalMemoryStatus
GetUserDefaultLCID
GetLogicalDrives
GetSystemDefaultLCID
GetDriveTypeA
WideCharToMultiByte
GetTimeZoneInformation
FindFirstFileA
FindClose
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
lstrcmpiA
GetVersionExA
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
LocalFileTimeToFileTime
ResetEvent
GetComputerNameA
GetCurrentProcess
GetCurrentThread
SetLastError
GetSystemInfo
lstrlenA
RaiseException
HeapFree
MultiByteToWideChar
GetACP
GetLocaleInfoA
FindNextFileA
GetDiskFreeSpaceA
ExitThread
CreateThread
GetTimeFormatA
GetDateFormatA
GetCommandLineA
FlushFileBuffers
SetFileTime
HeapAlloc
VirtualProtect
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetStdHandle
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
EnumSystemLocalesA
IsValidLocale
VirtualAlloc
VirtualQuery
RtlUnwind
IsValidCodePage
IsBadCodePtr
SetEndOfFile
ReadFile
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
LocalFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetUserDefaultLangID
PeekNamedPipe

user32

SetDlgItemTextA
IsDialogMessageA
GetWindowRect
CreateDialogParamA
SetWindowLongA
GetWindowLongA
GetDlgItem
SetWindowPos
MoveWindow
GetWindowThreadProcessId
EndPaint
SetWindowRgn
SetTimer
KillTimer
DrawTextA
GetClientRect
DestroyMenu
BeginPaint
GetDC
SetFocus
ReleaseDC
RemoveMenu
PostMessageA
GetCursorPos
GetDesktopWindow
FindWindowA
DestroyWindow
RegisterClassExA
PostQuitMessage
RegisterWindowMessageA
GetMenu
TranslateAcceleratorA
LoadAcceleratorsA
CallWindowProcA
CheckMenuItem
GetClassNameA
SetActiveWindow
TrackPopupMenu
GetSubMenu
SetForegroundWindow
SendMessageA
EnableWindow
EndDialog
MsgWaitForMultipleObjects
TranslateMessage
CreateWindowExA
PeekMessageA
DefWindowProcA
ShowWindow
SetWindowTextA
UpdateWindow
LoadCursorA
IsWindow
PostThreadMessageA
DispatchMessageA
MessageBoxA
SetWindowsHookExA
UnhookWindowsHookEx
SetDlgItemInt
EnumWindows
ExitWindowsEx
LoadMenuA
LoadIconA
InvalidateRect
CallNextHookEx
GetMessageA

gdi32

BitBlt
SetTextColor
DeleteDC
CreateDIBSection
CreateFontA
GetDeviceCaps
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CombineRgn
CreateRectRgn
GetStockObject

comdlg32

GetSaveFileNameA
FindTextA

advapi32

RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueExA
RegEnumValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExA
RegOpenKeyA
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegNotifyChangeKeyValue
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegEnumKeyA

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
OleRun
CoInitialize
CoUninitialize

oleaut32

VariantInit
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SysStringLen
SysAllocString
SysFreeString
VariantClear

shlwapi

SHCopyKeyA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

??0CNGCTraceProxy@@QAE@ABV0@@Z
??0CNGCTraceProxy@@QAE@XZ
??4CNGCTraceProxy@@QAEAAV0@ABV0@@Z
??_7CNGCTraceProxy@@6B@

Sections

.text
Size: 552KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09ce15f75bd2b2dec4c24aaeae5defcc

Headers

File Characteristics

Imports

wsock32

wininet

comctl32

rpcrt4

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

Exports

Exports

Sections

.text Size: 552KB - Virtual size: 549KB

.rdata Size: 160KB - Virtual size: 158KB

.data Size: 16KB - Virtual size: 169KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 552KB - Virtual size: 549KB

.rdata
Size: 160KB - Virtual size: 158KB

.data
Size: 16KB - Virtual size: 169KB

.rsrc
Size: 16KB - Virtual size: 12KB