31594177adeb4f3496850b646c369604_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31594177adeb4f3496850b646c369604_JaffaCakes118
Size

268KB
MD5

31594177adeb4f3496850b646c369604
SHA1

ecf735df3ea88526418676f4d06409c6c7b31a92
SHA256

3fc7563aeea5d57149b7d1b641d881b14415ad2dadf2827c82958878b8ef105b
SHA512

9c92dd8b871811cefb8de012fe3dac35b5a98f771ed8032d1be1c8c94983f08c5c3ebb80197631bb7ed8df3c3faceade681d9e85671d883a0dc8bc92e3a34e0b
SSDEEP

6144:bxLBH9havd5LP8S53ILAQ8w1Gr6rm36CrHA91AtT:VL9928A3IL/h0HA91I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31594177adeb4f3496850b646c369604_JaffaCakes118

Files

31594177adeb4f3496850b646c369604_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a144e22daeb3524365a6f22f62dfb993

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DragMove
_TrackMouseEvent
CreateToolbarEx
InitCommonControlsEx

wininet

FindFirstUrlCacheEntryW
FindCloseUrlCache
FtpFindFirstFileW
InternetOpenW
FindFirstUrlCacheContainerW
HttpSendRequestExW
InternetCanonicalizeUrlW
HttpQueryInfoW
InternetWriteFileExA

kernel32

UnhandledExceptionFilter
GetCommandLineA
GetCurrentThreadId
GetSystemTime
GetEnvironmentStringsW
SetStdHandle
GetCPInfo
TerminateProcess
GetTickCount
SetLastError
IsDebuggerPresent
lstrcat
HeapReAlloc
GetACP
RtlUnwind
GetTimeZoneInformation
GetFileType
GetDriveTypeW
GetStartupInfoA
LoadLibraryExA
GetOEMCP
VirtualAlloc
FindResourceW
GetStringTypeExW
InterlockedExchange
TlsGetValue
CreateMutexA
WriteConsoleOutputCharacterW
HeapAlloc
GetCurrentProcess
GetStringTypeA
CompareStringA
GetProcAddress
SetFilePointer
InterlockedDecrement
LeaveCriticalSection
FlushFileBuffers
EnumResourceTypesW
SetHandleCount
GetModuleFileNameA
GetLastError
GetCurrentProcessId
OpenMutexA
WideCharToMultiByte
VirtualQuery
HeapDestroy
GetVersion
EnterCriticalSection
ExitProcess
SetEnvironmentVariableA
VirtualFree
GetSystemTimeAsFileTime
GetLocalTime
LocalReAlloc
GetEnvironmentStrings
VirtualUnlock
QueryPerformanceCounter
WriteConsoleInputA
HeapCreate
LoadLibraryA
IsBadWritePtr
GetCurrentThread
RtlMoveMemory
LCMapStringA
GetStringTypeW
TlsAlloc
GetModuleHandleA
ReadFile
GetPrivateProfileIntA
TlsSetValue
LCMapStringW
FreeEnvironmentStringsW
GlobalGetAtomNameW
InterlockedIncrement
FreeEnvironmentStringsA
CompareStringW
SetConsoleCursorPosition
InitializeCriticalSection
TlsFree
WriteFile
CloseHandle
DeleteCriticalSection
HeapFree
SetConsoleMode
GetStdHandle
MultiByteToWideChar
SetWaitableTimer

user32

IsCharAlphaA
GetClassNameA
LoadKeyboardLayoutA
ScreenToClient
DlgDirSelectComboBoxExA
DefFrameProcA
RegisterClassA
CallWindowProcA
RegisterClassExA
DrawStateA
DefWindowProcW
PostQuitMessage
SetWindowPos
CreateWindowExA
MessageBoxW
UnhookWindowsHook
MoveWindow
DestroyWindow
GetWindowThreadProcessId
ShowWindow
ScrollWindow
GetSystemMetrics
IsIconic

advapi32

AbortSystemShutdownW
RegQueryInfoKeyW
CryptGetHashParam
RegSetValueExW
RegQueryValueExW
StartServiceW
CryptDecrypt
CryptContextAddRef

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a144e22daeb3524365a6f22f62dfb993

Headers

File Characteristics

Imports

comctl32

wininet

kernel32

user32

advapi32

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 86KB - Virtual size: 93KB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 86KB - Virtual size: 93KB

.rsrc
Size: 23KB - Virtual size: 23KB