28746d17392fbfd8a1f07cd68ae9de6e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

28746d17392fbfd8a1f07cd68ae9de6e_JaffaCakes118
Size

192KB
MD5

28746d17392fbfd8a1f07cd68ae9de6e
SHA1

72914baf00b7ed351735a31ed760a903a1125977
SHA256

d394f726ccd7103ae689b0fa986b1a7cf5d3f883e2e261218918cd245786eac8
SHA512

af3ed93c940cb4e4b2719c22f8a23fad93dc09a28899b78df7792abaa1aa765e4dc776c5b5aac16986d79c0f464a1af6d10283503d4917dbcdc060e8e71753e6
SSDEEP

3072:wxs7I+ZYk4Rtr+2kkOoLcu8kSobE9keHFy0v6MDkc5j4G+ilVIjRCoDeH7twa21K:rdK+LE81zV5jBoSH210KQM5q6y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28746d17392fbfd8a1f07cd68ae9de6e_JaffaCakes118

Files

28746d17392fbfd8a1f07cd68ae9de6e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16a8e301b3edf1ff525b53bd04195635

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Release\BestClick.pdb

Imports

kernel32

lstrcpynA
IsDBCSLeadByte
GetCurrentThreadId
Sleep
ExitProcess
Beep
ReadFile
GetFileSize
CreateFileA
GetSystemDirectoryA
WriteFile
DeleteFileA
WinExec
GetProcAddress
LoadLibraryA
MoveFileA
GetTempFileNameA
SetPriorityClass
OpenProcess
GetCurrentProcessId
SetThreadPriority
GetCurrentThread
CreateProcessA
CopyFileA
MoveFileExA
ReleaseMutex
CreateMutexA
WriteProcessMemory
ReadProcessMemory
SetWaitableTimer
CreateWaitableTimerA
GetTickCount
OutputDebugStringA
LockFile
SetCommMask
IsProcessorFeaturePresent
SetEvent
WriteTapemark
RequestDeviceWakeup
WritePrivateProfileStringA
GetLocalTime
SetFilePointer
CreateEventA
ResetEvent
GetFileType
OpenMutexA
SetThreadPriorityBoost
OpenFileMappingA
TerminateThread
lstrcmpiA
LockResource
FindResourceExA
GetTempPathA
LoadLibraryExA
FindResourceA
LoadResource
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
GetStartupInfoA
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
SizeofResource
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
lstrcmpA
FlushInstructionCache
HeapAlloc
MulDiv
GetLastError
lstrlenW
GlobalLock
GlobalUnlock
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateThread
GlobalAlloc
WaitForSingleObject
CloseHandle
FreeLibrary
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTime
SystemTimeToFileTime
GetCurrentProcess
GetNamedPipeInfo
EndUpdateResourceW
GetProcessWorkingSetSize

user32

GetWindowLongA
UnregisterClassA
GetClipboardData
GetKeyState
DefWindowProcA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
GetSysColor
SetWindowLongA
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
WaitForInputIdle
IsWindowVisible
GetSysColorBrush
SetRect
CharLowerBuffA
GetWindowRect
ClientToScreen
PostMessageA
GetThreadDesktop
MessageBoxA
ReleaseCapture
SetCapture
FillRect
GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
GetDesktopWindow
CallWindowProcA
EndPaint
BeginPaint
GetWindow
IsChild
GetFocus
DestroyAcceleratorTable
SendMessageA
IsWindow
GetDlgItem
RedrawWindow
DestroyWindow
SetWindowPos
GetClassNameA
GetParent
CharNextA
CreateAcceleratorTableA
CreateWindowExA
wsprintfA
SetThreadDesktop
FindWindowExA
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageA
CreateDesktopA
SetFocus

gdi32

SelectObject
DeleteObject
PatBlt
BeginPath
SetPolyFillMode
CreateRectRgn
RemoveFontResourceA
SelectClipPath
DeleteDC
CreateEllipticRgn
GetTextAlign
GetArcDirection
GdiSetBatchLimit
RestoreDC
CreateDIBSection
SetPixel
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
CreateSolidBrush
GetBkColor
EndDoc
GetPixel
Chord
GetEnhMetaFileA
CreateDiscardableBitmap

advapi32

DecryptFileA
RegNotifyChangeKeyValue
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
AreAllAccessesGranted

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning

oleaut32

LoadTypeLi
VarUI4FromStr
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
DispCallFunc
SafeArrayUnlock
SafeArrayLock
VarBstrCmp
SafeArrayDestroy
SafeArrayCreate
VariantCopyInd
SafeArrayRedim
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

PathFindExtensionW
PathFindExtensionA

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage

wininet

DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache

ws2_32

connect
send
htons
closesocket
WSAStartup
WSACleanup
gethostbyname
socket
select
ioctlsocket
recv

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16a8e301b3edf1ff525b53bd04195635

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

gdiplus

wininet

ws2_32

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 16B

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 16B