4138fae6522cf611cc69942836a71218_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4138fae6522cf611cc69942836a71218_JaffaCakes118
Size

696KB
MD5

4138fae6522cf611cc69942836a71218
SHA1

2e6d022c09119cff75cbeee4fe3d0cdcba4b43f1
SHA256

277392eb26dccb19c6986975366a056416e2a113812789234266ac2d7205fab3
SHA512

0ce233f2651bfbd8e807fc0b7cc396cbe36df2bc2d8941c911eb4aa219e7681481a00d8dd2666e18241082cddc91a6724fe167457c1cd7bd1b76fa66cd60a03e
SSDEEP

12288:pxzZX+uGminlcad7xH/ISeJZecWuDdm7k77Y3QCbjlzPqU8VshGTTkaZKD/4Jble:pxzZX0mOcnSKecWux17Y3QszAVssYz6J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4138fae6522cf611cc69942836a71218_JaffaCakes118

Files

4138fae6522cf611cc69942836a71218_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12d275f8565495c582d13be560d08cea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\qstp\aecdgib\merirhstqh\blp

Imports

kernel32

lstrlenA
FindFirstFileW
TlsFree
CommConfigDialogW
GetVersion
OpenMutexA
IsBadWritePtr
CreateNamedPipeA
GetACP
SetEvent
FreeEnvironmentStringsA
GetStringTypeA
GetCPInfo
GetSystemTime
PulseEvent
LeaveCriticalSection
TlsAlloc
GetCurrencyFormatA
GetStringTypeW
HeapAlloc
GetFileAttributesExW
SetComputerNameA
ConvertDefaultLocale
VirtualFree
SetUnhandledExceptionFilter
lstrcmpiA
CompareStringW
InterlockedDecrement
GetEnvironmentStringsW
WriteConsoleInputW
HeapCreate
GetProcAddress
GetLastError
InterlockedIncrement
LCMapStringA
RtlUnwind
SetEnvironmentVariableA
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoA
TlsSetValue
GlobalFindAtomA
FileTimeToDosDateTime
InterlockedCompareExchange
GetStdHandle
GetEnvironmentStrings
GetTimeFormatW
FreeEnvironmentStringsW
LoadLibraryA
GetCurrentThread
WriteFile
CreateMutexW
GetProcAddress
GetSystemTimeAsFileTime
GetFileType
InterlockedExchange
GetEnvironmentVariableA
DeleteCriticalSection
lstrcpyA
HeapFree
RtlMoveMemory
CreateMutexA
GetCurrentProcess
ReadFile
SetFilePointer
GetModuleFileNameW
GetOEMCP
GetLocalTime
LockFile
GetThreadPriority
GetDiskFreeSpaceExA
GetLocaleInfoA
CloseHandle
SetSystemTime
CompareStringA
SetConsoleCursorInfo
EnterCriticalSection
RtlZeroMemory
EnumSystemCodePagesW
SetLastError
GetStringTypeExW
LCMapStringW
VirtualQuery
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
LocalFlags
SetWaitableTimer
CreateFileW
GetSystemInfo
GetModuleFileNameA
HeapLock
HeapReAlloc
VirtualAlloc
SetCriticalSectionSpinCount
GetShortPathNameA
ExitProcess
GetNumberFormatA
GetConsoleTitleW
InitializeCriticalSection
GetTimeZoneInformation
WriteConsoleInputA
WaitForDebugEvent
UnhandledExceptionFilter
HeapDestroy
CreateDirectoryExW
SetHandleCount
WideCharToMultiByte
SetStdHandle
TlsGetValue
TerminateProcess
FileTimeToLocalFileTime
TryEnterCriticalSection
WriteConsoleOutputCharacterA
DebugActiveProcess
HeapValidate
MultiByteToWideChar
CreateFileMappingA
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetCommandLineA

comctl32

ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_Write
ImageList_GetDragImage
ImageList_Copy
ImageList_GetIcon
ImageList_LoadImageA
ImageList_GetImageRect
ImageList_GetImageCount
DrawStatusText
CreatePropertySheetPageA
CreateToolbarEx
CreateToolbar
ImageList_GetImageInfo
ImageList_Read
ImageList_Create
InitCommonControlsEx

user32

RealGetWindowClass
GetProcessDefaultLayout
FlashWindow
SetClipboardData
GetWindowThreadProcessId
SendInput
GetAltTabInfo
GetIconInfo
DrawTextA
SetTimer
CharNextExA
DdeConnect
BeginPaint
GetDlgItemTextA
LoadKeyboardLayoutW
BlockInput
GetWindowModuleFileNameA
TabbedTextOutA
GetMenuStringW
UnregisterClassW
RegisterHotKey
DrawFrameControl
SetWindowTextA
GetClipboardData
DlgDirListComboBoxA
GetWindowRect
GetDC
SetRect
CreateWindowExA
MessageBoxA
ShowWindowAsync
DefWindowProcW
OpenClipboard
GetAsyncKeyState
SetWindowPlacement
GetSystemMetrics
GetWindowTextA
CreateIconIndirect
SendMessageW
RegisterClassA
CreateDialogIndirectParamA
GetScrollPos
ShowWindow
ArrangeIconicWindows
DestroyCaret
RegisterWindowMessageW
IsDialogMessage
SetThreadDesktop
InsertMenuItemA
GetMonitorInfoA
DdeQueryConvInfo
InsertMenuW
AnyPopup
EnumDisplayMonitors
VkKeyScanExA
GetSystemMenu
DestroyWindow
ValidateRgn
DrawIcon
SetWindowsHookA
CharUpperBuffA
RegisterClassExA
GetClassLongA
DdeCmpStringHandles
SetProcessDefaultLayout
LockWindowUpdate
CheckMenuRadioItem
DrawFrame

wininet

GopherFindFirstFileA
InternetQueryFortezzaStatus
SetUrlCacheEntryInfoA
InternetConnectW
InternetQueryDataAvailable

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12d275f8565495c582d13be560d08cea

Headers

File Characteristics

PDB Paths

Imports

kernel32

comctl32

user32

wininet

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 452KB - Virtual size: 451KB

.data Size: 136KB - Virtual size: 163KB

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 452KB - Virtual size: 451KB

.data
Size: 136KB - Virtual size: 163KB

.rsrc
Size: 32KB - Virtual size: 28KB