271732c9a29d99a0aee30ce2a9638a45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

271732c9a29d99a0aee30ce2a9638a45_JaffaCakes118
Size

390KB
MD5

271732c9a29d99a0aee30ce2a9638a45
SHA1

c83e806ee7a5d12c2fdb28afd807d3408304c950
SHA256

5865cb0f3fa9564b79a1a67c758f488b94e8ad87ef12f3bb5788ab8392b73a71
SHA512

8ba33e3e7285060e20660012ed06a7a40f01b73c2df1cd93fd81d366fbdb51aac34fa41de2d9a138ed0cba1bf57ecb97e5e80912b0a6d26a931353a399a010a0
SSDEEP

6144:t6jzB3bbDQ2eJe0f1FoJRHRZgMz7msxqNPN6Sz4y6RiY/4Lp6SBcccccrBcccccv:t6j5QB5f1Fo9VKVEy8Axz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
271732c9a29d99a0aee30ce2a9638a45_JaffaCakes118

Files

271732c9a29d99a0aee30ce2a9638a45_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d83eee3ecd2baf3f30a055f3c27ca86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
CopyFileA
CreateProcessA
Sleep
RemoveDirectoryA
DeleteFileA
OpenProcess
GetCurrentProcessId
GetTempFileNameA
GetTempPathA
LoadLibraryA
GetVersionExA
CreateEventA
FreeLibrary
lstrcatA
GetWindowsDirectoryA
FormatMessageA
FindResourceExA
GetComputerNameA
MulDiv
lstrlenW
lstrcmpiW
GetStartupInfoA
GetModuleHandleA
CreateThread
WaitForSingleObject
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
LoadResource
LockResource
lstrcmpiA
OutputDebugStringA
WideCharToMultiByte
GetDriveTypeA
GetVolumeInformationA
DeviceIoControl
lstrcpyA
CompareStringA
lstrcpynA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetLastError
GetFileSize
SetFilePointer
CloseHandle
WriteFile
ReadFile
CreateFileA
lstrlenA
MultiByteToWideChar
SetLastError
GetProcAddress

user32

CreateWindowExA
RegisterClassA
InvalidateRect
wsprintfW
SetFocus
CopyRect
wsprintfA
wvsprintfA
LoadIconA
ReleaseCapture
PostMessageA
SetCapture
PeekMessageA
DispatchMessageA
TranslateMessage
DestroyWindow
MessageBoxW
UpdateWindow
CreateDialogParamA
SetWindowTextA
GetWindowTextA
PostThreadMessageA
GetMessageA
CreateDialogIndirectParamA
CharUpperA
EndPaint
FillRect
GetClientRect
BeginPaint
SetWindowPos
GetSystemMetrics
AdjustWindowRect
ReleaseDC
GetDC
GetDlgItem
GetDlgCtrlID
EndDialog
SetWindowLongA
ScreenToClient
GetWindowRect
SendMessageA
DialogBoxParamA
ShowWindow
MapWindowPoints
SetCursor
LoadCursorA
DrawFocusRect
ChildWindowFromPoint
DefWindowProcA
OffsetRect
GetWindowDC
IsDialogMessageA
EnableWindow
GetWindowLongA

gdi32

SetTextColor
CreateFontA
GetDeviceCaps
StretchDIBits
CreateBrushIndirect
SetBkMode
CreateCompatibleBitmap
LineTo
MoveToEx
CreatePen
GetTextColor
GetTextMetricsA
CreateDIBPatternBrushPt
CreateDIBSection
GetDIBits
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
DeleteDC
CreateRectRgn
GetTextExtentPoint32W
SelectClipRgn
DeleteObject

advapi32

RegQueryValueExA
RegSetValueA
GetUserNameA
RegQueryValueW
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CoRegisterClassObject
CoRevokeClassObject
OleUninitialize
OleInitialize
CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromProgID
OleCreate
StringFromIID
CoTaskMemFree

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear

shlwapi

SHDeleteKeyA

msvcrt

_itoa
_stricmp
_strnicmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_itow
memmove
wcsncmp
_wcsicmp
_ftol
__p___argc
wcscpy
__p___argv
atoi
wcslen
wcsncpy
strncpy
_purecall
strrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler

wininet

InternetGetConnectedState
InternetCombineUrlA

wsock32

WSAStartup
WSACleanup
select
socket
htons
connect
inet_ntoa
closesocket
ioctlsocket
gethostbyname
send
recv

sensapi

IsNetworkAlive

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comctl32

ord17

usp10

ScriptItemize
ScriptGetProperties
ScriptPlace
ScriptShape
ScriptGetFontProperties
ScriptFreeCache
ScriptTextOut
ScriptGetLogicalWidths
ScriptBreak
ScriptJustify

Exports

Exports

_miCryptBlobClear@4
_miCryptBlobCopy@8
_miCryptBlobInit@8
_miCryptHashBuffer@12
_miCryptUUDecode@12
_miCryptUUEncode@12
_miCryptVerifySignature@20

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d83eee3ecd2baf3f30a055f3c27ca86

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcrt

wininet

wsock32

sensapi

version

comctl32

usp10

Exports

Exports

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 20KB - Virtual size: 16KB