2577e6b53a27673402eba288d535f7c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2577e6b53a27673402eba288d535f7c5_JaffaCakes118
Size

166KB
MD5

2577e6b53a27673402eba288d535f7c5
SHA1

ee22c04eb9e1da8334a167a18143b7658a999677
SHA256

5a2a309d1db790d7a063d824c33d1be5b9b5a1f546b0ee92ae044fb22e32e041
SHA512

2b94a1db990d4dcf6d4c751572fe17099bb5787d58a7d86390cc8f7571b816a1bed3b50d4fc30885aa99a1a628f02db47bcd6032a96650d11bc043d684b93a25
SSDEEP

3072:o7/4qSDnnL5N6y1M/FLvsQM+TE6GscnQMh8Y+ZceXc2un:Rqa1N6y1M/FYgGs0QMh8jcewn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2577e6b53a27673402eba288d535f7c5_JaffaCakes118

Files

2577e6b53a27673402eba288d535f7c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fe21d8ce61c4c0eeb522afb12bb57872

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\dev\phtrunk_code\MessageCheck\Release\MessageCheck.pdb

Imports

wininet

HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA

kernel32

GetUserGeoID
Sleep
MultiByteToWideChar
GetSystemTimeAsFileTime
GetFileAttributesW
CreateFileW
CreateDirectoryW
WideCharToMultiByte
CloseHandle
ReleaseMutex
CreateMutexA
WaitForSingleObject
FormatMessageA
GetLastError
SetProcessWorkingSetSize
GetCurrentProcess
GetCommandLineW
WriteFile
SetStdHandle
GetUserDefaultLangID
LCMapStringA
IsBadCodePtr
GetOEMCP
GetACP
RtlUnwind
GetLocaleInfoA
GetCPInfo
GetStringTypeW
GetStringTypeA
LoadLibraryA
SetFilePointer
InitializeCriticalSection
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
TlsAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
FlushFileBuffers
LCMapStringW
HeapSize
TerminateProcess
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue
TlsSetValue
SetLastError
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
RaiseException
GetProcAddress
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
QueryPerformanceCounter
GetTickCount
TlsFree

user32

CreatePopupMenu
LoadImageA
LoadIconA
LoadCursorA
RegisterClassExW
CreateWindowExW
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxW
SetWindowsHookExA
UnhookWindowsHookEx
PostQuitMessage
DestroyWindow
DefWindowProcA
GetKeyState
GetCursorPos
CallNextHookEx
AppendMenuW
GetMessagePos
SetForegroundWindow
TrackPopupMenu
SendMessageA
PostMessageA
KillTimer
SetTimer
MessageBoxA

advapi32

RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
GetUserNameW

shell32

ShellExecuteA
SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fe21d8ce61c4c0eeb522afb12bb57872

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 28KB - Virtual size: 104KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 28KB - Virtual size: 104KB