3cc9e6f68bb29c63f54c1bfad7aaf704_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3cc9e6f68bb29c63f54c1bfad7aaf704_JaffaCakes118
Size

4.7MB
MD5

3cc9e6f68bb29c63f54c1bfad7aaf704
SHA1

0ee4b2ec16849b6a95b322c285809f5e0b1462cc
SHA256

4182a9148fee8a7aff3a48ab1529cc735875fdd719f3d019dfbaefbad4a6503f
SHA512

32aa0520bff3d760d4a478427297101f9ad00f204eb83653e64fd0adbf538b68b77c44fced3abdb68e8193414e5df4579ac183a520fb598c25958b24725b7abd
SSDEEP

98304:bwYx5LSMWs6J43/29lR7aRMex5YY8AuyUKKtd0hSXpp5SFIabbxZGrn/+wBb3BNb:tx5LSMz6J4WlR7aRMeDYY8AuyUT34SX3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cc9e6f68bb29c63f54c1bfad7aaf704_JaffaCakes118

Files

3cc9e6f68bb29c63f54c1bfad7aaf704_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2259633fc8fcf441acf3b2205f7cba6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
_strnicmp
strncmp
strncpy
_strdup
free
memmove
strlen
strcpy
strcat
longjmp
_setjmp3
fseek
ftell
malloc
fread
fclose
fopen
sprintf
strcmp
localtime
mktime
gmtime
exit
_iob
fprintf
getenv
sscanf

kernel32

GetModuleHandleA
HeapCreate
GetModuleFileNameA
CreateFileA
DeviceIoControl
CloseHandle
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
GetDriveTypeA
HeapDestroy
ExitProcess
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
SetThreadContext
ResumeThread
TerminateProcess
GetFileAttributesA
ReadFile
GetLastError
WriteFile
SetFilePointer
GetVersion
GlobalAlloc
GlobalFree
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateMutexA
FreeLibrary
GetProcAddress
HeapFree
HeapAlloc
QueryPerformanceFrequency
LoadLibraryA
GetComputerNameA
GetTempPathA
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CreateThread
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
GetTickCount
Sleep
WideCharToMultiByte
FindFirstFileA
FindClose
DeleteFileA
FindNextFileA
MoveFileA
CreateDirectoryA
GetLocalTime
GetFileSize
SetEndOfFile
HeapReAlloc

crtdll

fputc
sprintf
free
malloc
strerror
fflush
_errno
fopen
fread
fprintf
_vsnprintf
fwrite
ftell
fseek
fclose
clearerr
_fdopen
rand
srand
time
_initterm

comctl32

InitCommonControls
InitCommonControlsEx

user32

CharToOemA
FillRect
ShowCursor
InvalidateRect
ShowWindow
BeginPaint
EndPaint
DefWindowProcA
LoadIconA
RegisterClassExA
CreateWindowExA
MessageBoxA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
DestroyIcon
CreateIconFromResourceEx
CreateIconFromResource
GetIconInfo
SendMessageA
GetWindowLongA
GetWindowRect
ScreenToClient
RedrawWindow
SetWindowPos
UpdateWindow
ReleaseCapture
DrawStateA
SetCapture
CallWindowProcA
GetSystemMetrics
SetWindowLongA
DestroyWindow
RemovePropA
SetPropA
GetParent
GetPropA
PostMessageA
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadCursorA
RegisterClassA
AdjustWindowRect
GetActiveWindow
CreateAcceleratorTableA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
SetCursorPos
LoadImageA
SetCursor
MapWindowPoints
MoveWindow
SystemParametersInfoA
GetKeyState
GetCursorPos
GetClientRect
EnumChildWindows
DefFrameProcA
SetFocus
GetFocus
IsChild
GetClassNameA

gdi32

GetStockObject
CreateSolidBrush
CreatePen
DeleteObject
GetObjectType
CreateCompatibleDC
SetDIBits
DeleteDC
GetObjectA
CreateDCA
CreateCompatibleBitmap
CreateDIBSection

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegConnectRegistryA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
GetUserNameA

ole32

CoInitialize
RevokeDragDrop

shell32

ShellExecuteExA

winmm

timeEndPeriod

wininet

InternetGetConnectedState

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
connect
ioctlsocket
recv
recvfrom
send
sendto
WSAGetLastError

ntdll

ZwUnmapViewOfSection

Sections

.code
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.5MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2259633fc8fcf441acf3b2205f7cba6c

Headers

File Characteristics

Imports

msvcrt

kernel32

crtdll

comctl32

user32

gdi32

advapi32

ole32

shell32

winmm

wininet

wsock32

ntdll

Sections

.code Size: 13KB - Virtual size: 12KB

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 4.5MB - Virtual size: 4.8MB

.rsrc Size: 2KB - Virtual size: 2KB

.code
Size: 13KB - Virtual size: 12KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 4.5MB - Virtual size: 4.8MB

.rsrc
Size: 2KB - Virtual size: 2KB