37fd783af87b030500007393ca138d34_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37fd783af87b030500007393ca138d34_JaffaCakes118
Size

481KB
MD5

37fd783af87b030500007393ca138d34
SHA1

a11feb9f43d6c2ad69e6162835c9127e17ad161a
SHA256

c917fc92933e3d82825eec09656e67dce3dd37e455db11137b5db2469fe77eb5
SHA512

91b23d10d90369d9db13fc948e60c975d01e1341bcd3a88eb4cecee1852357f8ca0fafc23183658a32fc61cc83062bac857619a8c768f600f3289318b0ed84c5
SSDEEP

12288:0woPJKKSzJV4op4E/fUlrzHnStN9BNFden4OgbI7F1lQLuX9:0w+JKKSzP4op4E/fUlrzHnStN9BNuG6j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37fd783af87b030500007393ca138d34_JaffaCakes118

Files

37fd783af87b030500007393ca138d34_JaffaCakes118
.exe windows:4 windows x86 arch:x86

52ef0f2017b31c23a692b7e22a3ec4e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragFinish
DragQueryFileA
SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoTaskMemFree
CoInitialize
CoGetMalloc
CoCreateInstance
CLSIDFromString

psapi

EnumProcessModules
GetModuleFileNameExA

setupapi

SetupDiGetClassDescriptionA
SetupDiGetClassImageIndex
SetupDiDestroyDeviceInfoList
SetupDiDestroyClassImageList
SetupDiGetClassImageList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

wintrust

CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust

wininet

InternetReadFile
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

CreateStatusWindowA
ImageList_Create
ImageList_Destroy
InitCommonControls
ImageList_Add

comdlg32

FindTextA
GetSaveFileNameA
GetOpenFileNameA

user32

SetWindowLongA
SetTimer
SetMenuItemBitmaps
SetLayeredWindowAttributes
SetForegroundWindow
SetClassLongA
SendMessageA
SendDlgItemMessageA
RegisterWindowMessageA
RegisterHotKey
RegisterClassExA
PostQuitMessage
PostMessageA
MoveWindow
MessageBoxA
LoadStringA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsWindowVisible
IsWindow
IsDlgButtonChecked
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowLongA
GetSysColor
SetWindowTextA
GetMenuState
GetDlgItem
GetDesktopWindow
GetCursorPos
GetClientRect
FindWindowA
ExitWindowsEx
EndDialog
EnableWindow
EnableMenuItem
DispatchMessageA
DialogBoxParamA
DestroyWindow
DestroyIcon
DefWindowProcA
CreateWindowExA
CreatePopupMenu
CreateDialogParamA
CopyRect
CheckMenuItem
CheckDlgButton
CharUpperBuffA
CharLowerBuffA
CallWindowProcA
BringWindowToTop
AppendMenuA
AnimateWindow
wsprintfA
ShowWindow
TrackPopupMenu
TranslateMessage
UpdateWindow
keybd_event
BeginPaint
DialogBoxIndirectParamA
DrawEdge
EndPaint
SetFocus
GetMessageA

kernel32

GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetSystemDirectoryA
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MoveFileExA
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
OutputDebugStringA
Process32Next
ReadDirectoryChangesW
ReadFile
ReadProcessMemory
GetPrivateProfileIntA
RtlMoveMemory
RtlZeroMemory
SearchPathA
SetEndOfFile
SetEvent
SetFileAttributesA
SetFilePointer
SetUnhandledExceptionFilter
SizeofResource
Sleep
SystemTimeToFileTime
TerminateThread
UnmapViewOfFile
VirtualAllocEx
VirtualFreeEx
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
lstrlenW
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
CloseHandle
CopyFileA
CompareFileTime
CreateDirectoryA
CreateEventA
CreateFileA
CreateEventW
CreateFileMappingA
CreateMutexA
CreateProcessA
CreateRemoteThread
ResetEvent
CreateThread
DeleteFileA
DeviceIoControl
DosDateTimeToFileTime
DuplicateHandle
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FormatMessageA
FreeLibrary
GetACP
GetBinaryTypeA
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetDriveTypeA
GetFileAttributesA
GetFileSize
GetFileTime
GetLastError
OpenEventA
GetLocalTime

gdi32

DeleteObject
CreateFontIndirectA
SetTextColor

advapi32

StartServiceA
RevertToSelf
RegSetValueExA
RegSaveKeyA
RegReplaceKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey
OpenServiceA
OpenSCManagerA
OpenProcessToken
LookupPrivilegeValueA
LookupPrivilegeNameA
ImpersonateLoggedOnUser
GetTokenInformation
DeleteService
CreateServiceA
ConvertSidToStringSidA
ControlService
CloseServiceHandle
AdjustTokenPrivileges

ws2_32

inet_ntoa
ntohs
htons

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52ef0f2017b31c23a692b7e22a3ec4e8

Headers

File Characteristics

Imports

shell32

ole32

psapi

setupapi

wintrust

wininet

version

comctl32

comdlg32

user32

kernel32

gdi32

advapi32

ws2_32

Sections

.text Size: 243KB - Virtual size: 242KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 2KB - Virtual size: 96KB

.rsrc Size: 155KB - Virtual size: 154KB

.text
Size: 243KB - Virtual size: 242KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 2KB - Virtual size: 96KB

.rsrc
Size: 155KB - Virtual size: 154KB