296565ed0e910b8a96035cb22fc9bb33_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

296565ed0e910b8a96035cb22fc9bb33_JaffaCakes118
Size

600KB
MD5

296565ed0e910b8a96035cb22fc9bb33
SHA1

9e0081060253e5b2c6ffa57b04d52f096d8e6e91
SHA256

a2738727f9b43b7544830b8876a5d8252450cd7982c63d94c0f3df9b5c084bae
SHA512

12bcb9730f56ef0bbd49a4764af906062cb73ab519adc5418d613a4c8215fba758f319b07913dbcf59b47dd571fcd982ff02a438beb5306d6b783f0c28812644
SSDEEP

12288:ygqx/oR//FxIklFCCDpnDC3PdSJBDJlsA3XF7iIp7XWPoD52oWm:5qx/oRHPjlbJm3POHlP407XFWm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296565ed0e910b8a96035cb22fc9bb33_JaffaCakes118

Files

296565ed0e910b8a96035cb22fc9bb33_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df48f324caedf77f198f3b4e3b989e63

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\uhnjtgone

Imports

kernel32

CompareStringA
GetCommandLineA
TerminateProcess
WritePrivateProfileStringW
GetProcAddress
GetConsoleMode
FindResourceExW
WriteConsoleInputW
UnhandledExceptionFilter
SetComputerNameA
GetLocaleInfoA
LockResource
CreateMutexA
GetCurrentThread
FindFirstFileExW
ReadFileEx
CreateEventA
InterlockedIncrement
GetLastError
GetDriveTypeW
LCMapStringA
ReadConsoleOutputCharacterW
GetUserDefaultLCID
RtlZeroMemory
SetHandleCount
VirtualQuery
lstrcatW
LocalAlloc
HeapReAlloc
GetCommandLineW
SetStdHandle
GetDateFormatA
GetPrivateProfileSectionNamesA
GetPrivateProfileStructA
TlsAlloc
GetFileType
VirtualAlloc
FindNextFileA
GetConsoleScreenBufferInfo
RtlUnwind
GetModuleHandleA
IsDebuggerPresent
lstrcpyW
GetStartupInfoA
CompareStringW
GetProcAddress
FindResourceA
EnumSystemLocalesA
GetStringTypeW
IsValidCodePage
SetConsoleCtrlHandler
CreateFileA
InterlockedExchange
GetEnvironmentStrings
TlsGetValue
SetFilePointer
GetCurrentProcess
GetStringTypeA
Sleep
FreeLibraryAndExitThread
IsValidLocale
lstrcmpi
HeapSize
ReadFile
WriteConsoleOutputCharacterW
GetConsoleOutputCP
GetEnvironmentStringsW
HeapCreate
GetLongPathNameA
WritePrivateProfileStructA
DeleteCriticalSection
GetVolumeInformationW
HeapDestroy
WritePrivateProfileSectionW
GetCPInfo
LCMapStringW
GetModuleFileNameA
FreeLibrary
EnumDateFormatsExW
VirtualFree
InterlockedCompareExchange
GetDiskFreeSpaceA
WriteConsoleW
GetSystemTimeAsFileTime
GetCurrentProcessId
WriteConsoleA
SetThreadIdealProcessor
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetStringTypeExA
SetUnhandledExceptionFilter
WideCharToMultiByte
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
QueryPerformanceCounter
OutputDebugStringA
GetModuleFileNameW
lstrlen
GetPrivateProfileIntA
SetConsoleMode
TlsFree
GetTickCount
SetThreadAffinityMask
WriteFile
SetLastError
OpenEventW
SetEnvironmentVariableA
FlushConsoleInputBuffer
RtlMoveMemory
InterlockedDecrement
GetTimeZoneInformation
HeapAlloc
GetCurrentThreadId
MoveFileExW
GetACP
MultiByteToWideChar
GetSystemDefaultLCID
MoveFileA
GetDiskFreeSpaceExA
ExitProcess
GetTimeFormatA
TlsSetValue
GetLocaleInfoW
OpenMutexA
GetOEMCP
HeapFree
lstrcmpiW
GetVersionExA
GetFileAttributesExA
GetConsoleCP
LoadLibraryA
AllocConsole
FlushFileBuffers
FreeEnvironmentStringsA
WriteProfileStringW
GetStdHandle

wininet

InternetAlgIdToStringA
ReadUrlCacheEntryStream
GopherGetLocatorTypeA
InternetGetConnectedStateExA
InternetCheckConnectionA
GopherFindFirstFileA
InternetTimeToSystemTime
DeleteUrlCacheContainerW
InternetGetConnectedStateExW

user32

DefFrameProcW
ScrollWindowEx
CloseClipboard
SetProcessWindowStation
GetFocus
SetCapture
SetFocus
RegisterClassExA
DialogBoxParamA
GetClipCursor
SetScrollRange
WINNLSEnableIME
TranslateAccelerator
GetGuiResources
CharLowerW
DefDlgProcW
DefWindowProcW
MessageBoxA
InsertMenuItemW
ShowWindow
DestroyWindow
IsWindowUnicode
MessageBoxW
CheckMenuRadioItem
InsertMenuW
DrawMenuBar
RegisterClassA
CreateAcceleratorTableA
BeginDeferWindowPos
SetDoubleClickTime
RegisterClipboardFormatW
LoadMenuIndirectA
TranslateAcceleratorA
LoadImageW
GetMenuDefaultItem
RemovePropA
TranslateMDISysAccel
DestroyCursor
GetWindowTextLengthA
WaitMessage
GetUserObjectInformationA
GetDC
EnableMenuItem
GetQueueStatus
CopyImage
SetSystemCursor
MessageBoxExA
SetForegroundWindow
DdeReconnect
SetDlgItemInt
CreateDialogParamA
CreateWindowExW
CascadeWindows
GetMenu
AppendMenuA
DdeNameService
SetCaretBlinkTime
EnumThreadWindows
BeginPaint
LoadCursorA
DrawFocusRect
GetSysColor
DrawIconEx
SendNotifyMessageA
VkKeyScanExA
IsCharLowerW
WINNLSGetEnableStatus
SetShellWindow
GetTabbedTextExtentW
SetActiveWindow

comctl32

ImageList_Duplicate
ImageList_LoadImage
ImageList_Merge
ImageList_Remove
CreatePropertySheetPage
ImageList_AddIcon
ImageList_Add
InitCommonControlsEx
ImageList_GetFlags

Sections

.text
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df48f324caedf77f198f3b4e3b989e63

Headers

File Characteristics

PDB Paths

Imports

kernel32

wininet

user32

comctl32

Sections

.text Size: 220KB - Virtual size: 217KB

.rdata Size: 240KB - Virtual size: 239KB

.data Size: 120KB - Virtual size: 150KB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: 220KB - Virtual size: 217KB

.rdata
Size: 240KB - Virtual size: 239KB

.data
Size: 120KB - Virtual size: 150KB

.rsrc
Size: 16KB - Virtual size: 13KB