3b3534d99c73aedfe16a2cfadb48e33f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3b3534d99c73aedfe16a2cfadb48e33f_JaffaCakes118
Size

198KB
MD5

3b3534d99c73aedfe16a2cfadb48e33f
SHA1

6d4238062e038caef8a9682e72e12645e50960e9
SHA256

367639dbb3bb03ec1cdd5295a989744c66d80aece37673d7e5d05f8b2d4a0fcf
SHA512

8c23f7b3cdca4efb921477074d3070ae957f5080b07fd290f989ecbe587968ba5b1c6ecd235d1a00f8dc0baf75ca3c71af2847a69b95d136795dbf3610610ce0
SSDEEP

3072:Qfg67oec17fsCom5DGGKUK+Y5zJRbi7ejSOXE7Sri0ZJ7bymo6YfS89yH9WG5Awc:QSsiJGvUpYdTy30lJNYftEH9WG5D/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b3534d99c73aedfe16a2cfadb48e33f_JaffaCakes118

Files

3b3534d99c73aedfe16a2cfadb48e33f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df1ecc5640ff074bb93532a2afdff806

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

StrCmpNIA
StrPBrkA
StrRChrW
StrRChrA
StrStrIW
StrToIntExW
wvnsprintfW
wvnsprintfA
StrCmpW
StrStrW
StrStrIA
StrToIntExA
StrCmpNA
StrChrA
StrChrIA
wnsprintfW
wnsprintfA
StrStrA

ws2_32

select
inet_addr
WSAStartup
setsockopt
socket
send
getsockopt
recv
getsockname
gethostbyname
inet_ntoa
shutdown
closesocket
connect
htons
ioctlsocket
WSAGetLastError
sendto

kernel32

GetLocaleInfoW
SetStdHandle
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
QueryPerformanceCounter
GetModuleFileNameA
IsBadCodePtr
HeapSize
VirtualFree
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
GetCurrentProcess
TerminateProcess
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
GetVersion
Sleep
CreateThread
GetCurrentThreadId
CreateMutexA
CloseHandle
OpenMutexA
ExitProcess
ExitThread
TerminateThread
OpenThread
HeapCreate
HeapAlloc
HeapReAlloc
IsBadReadPtr
HeapFree
IsBadWritePtr
WriteFile
SetFilePointer
CreateFileA
GetTickCount
WaitForSingleObject
ReleaseMutex
lstrcmpA
SystemTimeToFileTime
GetLocalTime
GetSystemTime
GetTimeZoneInformation
MultiByteToWideChar
lstrcmpW
lstrlenW
GlobalFree
GlobalAlloc
DeviceIoControl
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
CreateProcessA
GetEnvironmentVariableA
GetCurrentProcessId
lstrcmpiW
DeleteCriticalSection
LeaveCriticalSection
GetLastError
EnterCriticalSection
lstrlenA
lstrcpyA
lstrcpynA
RaiseException
InitializeCriticalSection
lstrcatA
lstrcpyW
lstrcatW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
lstrcmpiA
InterlockedCompareExchange
LocalFree
FormatMessageA
VirtualProtect
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetModuleFileNameW
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
GetProcessHeap
SetLastError
FileTimeToSystemTime
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleCursorPosition
WriteConsoleW
LoadLibraryA
ReadFile
GetFileSize
CreateFileW
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalSize

user32

CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumClipboardFormats
CountClipboardFormats
SetThreadDesktop
CreateDesktopA
SendMessageW
EnumChildWindows
MessageBoxW
GetDesktopWindow
GetWindowTextW
DestroyWindow
PostMessageA
GetDlgItem
GetWindowInfo
GetDlgCtrlID
GetClassNameA
GetAncestor
IsWindow
GetWindowThreadProcessId
CharLowerW
GetDC
wsprintfA
GetClipboardData
MessageBoxA

wininet

GetUrlCacheEntryInfoW
DeleteUrlCacheEntryW

gdiplus

GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetDC
GdipReleaseDC
GdipDrawLineI
GdipFillRectangleI
GdipDrawImageI
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipDeletePrivateFontCollection
GdipCreateFont
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneImage
GdipFree
GdipDrawString
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteFont
GdipPrivateAddMemoryFont
GdipNewPrivateFontCollection
GdipGetFontCollectionFamilyCount
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAlloc

gdi32

GetTextExtentPoint32A

ole32

CoCreateInstance
StringFromCLSID
CreateStreamOnHGlobal
CoInitialize

oleaut32

SysAllocString
VariantInit
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysAllocStringLen
VariantClear
VariantCopy
SysAllocStringByteLen
SysStringByteLen
SafeArrayPutElement
SafeArrayCreate
VariantChangeType
SysStringLen
GetErrorInfo
SysFreeString

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 97.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

df1ecc5640ff074bb93532a2afdff806

Headers

File Characteristics

Imports

advapi32

shlwapi

ws2_32

kernel32

user32

wininet

gdiplus

gdi32

ole32

oleaut32

Sections

.text Size: 193KB - Virtual size: 192KB

.data Size: 18KB - Virtual size: 97.7MB

.text
Size: 193KB - Virtual size: 192KB

.data
Size: 18KB - Virtual size: 97.7MB