30e739ec8502f2ef61517fad85fb4d02_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30e739ec8502f2ef61517fad85fb4d02_JaffaCakes118
Size

543KB
MD5

30e739ec8502f2ef61517fad85fb4d02
SHA1

8635c2b965cf4ffa1f5c36727760942725ee17fb
SHA256

95b61000afa90d4d9360a4394160aa6257b9eb173d5d65e73cd8a7782c0f4c11
SHA512

a7e36cc193e75c5c0422f5419be8e967533e04af5426add8ffbd26573620dfa8eb21305cbdd518901486e367f886441eabbf626d84c02da5488f6f2ddefcc0a2
SSDEEP

12288:wet32YRyg++CFiNO5eqgea+/SmOjH3YMInPgssd1lWeIY9JUeOXgjXy6:w2Xtfd1D3YMyP41lDImJUeGsXd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30e739ec8502f2ef61517fad85fb4d02_JaffaCakes118

Files

30e739ec8502f2ef61517fad85fb4d02_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ddbd50b0947319d109c43d495431eee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
lstrcpyW
FlushInstructionCache
GetCurrentProcess
DebugBreak
OutputDebugStringW
lstrlenA
GetLastError
CreateMutexW
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
GetVersionExW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
GetFileSizeEx
GetPrivateProfileIntW
GetPrivateProfileStringW
GetExitCodeProcess
GetFileSize
TerminateProcess
GetSystemDirectoryW
CopyFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetTickCount
OpenProcess
LoadLibraryW
FreeLibrary
WideCharToMultiByte
GetVersion
MulDiv
WritePrivateProfileStringW
MultiByteToWideChar
GetModuleFileNameW
GetLongPathNameW
GetSystemTimeAsFileTime
GetExitCodeThread
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InterlockedIncrement
lstrlenW
TryEnterCriticalSection
CreateEventA
GetSystemDirectoryA
LocalAlloc
QueryPerformanceCounter
SetEnvironmentVariableA
GetOEMCP
GetACP
GetLocaleInfoW
SetEndOfFile
FindClose
LoadLibraryA
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
GetTempPathW
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetUnhandledExceptionFilter
GetStartupInfoA
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
UnhandledExceptionFilter
HeapSize
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
ExitProcess
GetStartupInfoW
GetModuleHandleA
IsBadReadPtr
HeapReAlloc
RtlUnwind
GetTimeZoneInformation
ExitThread
OpenThread
GetEnvironmentVariableW
SetEnvironmentVariableW
TlsFree
FormatMessageW
GetSystemTime
GetFileType
InterlockedExchange
LocalFree
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
CreateThread
TerminateThread
FindFirstFileW
GetFullPathNameW
SetLastError
FindNextFileW
FindResourceW
SizeofResource
LoadResource
CreateFileW
LockResource
WriteFile
ResumeThread
Sleep
GetCurrentProcessId
GetTempFileNameW
RemoveDirectoryW
DeleteFileW
GetFileTime
FlushFileBuffers
TlsAlloc
TlsGetValue
TlsSetValue
GetLocalTime
CreateDirectoryW
ResetEvent
GetFileAttributesExW
MoveFileW
CreateFileA
MoveFileExW
CreateEventW
SetEvent
ReleaseMutex
GetFileAttributesW
SetFilePointer
WaitForSingleObject
SetProcessWorkingSetSize
GetUserDefaultLCID
InterlockedDecrement

user32

GetActiveWindow
DialogBoxParamW
LoadStringW
SetForegroundWindow
UpdateWindow
PostMessageW
SetWindowLongW
wvsprintfW
CharNextW
DestroyWindow
DefWindowProcW
MessageBoxW
SendMessageW
PeekMessageW
GetMessageW
DispatchMessageW
ShowWindow
TranslateMessage
BeginPaint
EndPaint
SetCursor
GetSysColor
GetDC
ReleaseDC
GetWindowTextW
InflateRect
GetScrollInfo
MoveWindow
GetScrollRange
GetScrollPos
SetScrollPos
SetFocus
SetScrollInfo
ShowScrollBar
GetCursorPos
ScreenToClient
DrawTextW
GetSystemMenu
EnableMenuItem
DestroyMenu
GetWindowPlacement
SetWindowPlacement
BringWindowToTop
LoadIconW
PostQuitMessage
IsDialogMessageW
KillTimer
SetTimer
CreateWindowExW
CallWindowProcW
InvalidateRect
RedrawWindow
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
IsWindow
IsWindowVisible
IsIconic
ExitWindowsEx
EnableWindow
OffsetRect
GetDlgItem
PtInRect
CopyRect
CharLowerW
SetDlgItemTextW
CharUpperW
GetSystemMetrics
LoadImageW
SetWindowTextW
GetParent
GetWindowLongW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
EndDialog

gdi32

BitBlt
GetDeviceCaps
SetBkColor
ExtTextOutW
CreateCompatibleDC
DeleteDC
SetBkMode
SelectObject
SetTextColor
CreateFontIndirectW
DeleteObject
CreateCompatibleBitmap

advapi32

RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW

shell32

Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW
ord165
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHCreateDirectoryExW

ole32

CLSIDFromProgID
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CLSIDFromString
CoUninitialize
CoCreateInstance

oleaut32

OleLoadPicture
SysFreeString
VariantClear
SysAllocString

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathCombineW
SHGetValueW
PathFindFileNameW
PathIsRootW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

ws2_32

inet_ntoa
gethostname
gethostbyname
closesocket
select
recvfrom
inet_addr
sendto
WSAGetLastError
ioctlsocket
setsockopt
htonl
accept
htons
bind
listen
WSAStartup
WSACloseEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSACreateEvent
__WSAFDIsSet
socket
ntohl
ntohs
send
connect
recv
WSAEventSelect
WSACleanup

setupapi

SetupIterateCabinetW

psapi

GetModuleFileNameExW
EnumProcessModules

Sections

.text
Size: 488KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ddbd50b0947319d109c43d495431eee

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

comctl32

msimg32

ws2_32

setupapi

psapi

Sections

.text Size: 488KB - Virtual size: 484KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 40KB - Virtual size: 51KB

.rsrc Size: 60KB - Virtual size: 58KB

.text
Size: 488KB - Virtual size: 484KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 40KB - Virtual size: 51KB

.rsrc
Size: 60KB - Virtual size: 58KB