41c8e4f6a721ff80696989a6535b8283_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41c8e4f6a721ff80696989a6535b8283_JaffaCakes118
Size

216KB
MD5

41c8e4f6a721ff80696989a6535b8283
SHA1

097f8c1987f00f67afdfaaa98fcaf3338480fc46
SHA256

8de5865c8d1cc20f83fbff5afb1417fcec0310171458da131665b5e64d1ea44b
SHA512

fc9fc109b35b192933879dfdbf26dc906008cc17decb22de6221b2fe3577919b691a0396fb2570c7a7b880cec35c75c46364af74c088466049c2b2746c93d030
SSDEEP

3072:44GPId0Z0QKNm54lGuGjs9lvzmp4oJUEJfzz0lssz:nOHud454GuGjWhzmpFsz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41c8e4f6a721ff80696989a6535b8283_JaffaCakes118

Files

41c8e4f6a721ff80696989a6535b8283_JaffaCakes118
.exe windows:4 windows x86 arch:x86

56ee4c00b730e96f504a2e7d50fc2ef9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\temp\bot_august_2010\winrun\Release\winrun.pdb

Imports

wininet

HttpSendRequestA
InternetOpenA
InternetReadFile
InternetCloseHandle
InternetConnectA
HttpOpenRequestA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
ReadFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FreeLibrary
WideCharToMultiByte
GetCurrentProcessId
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
LoadLibraryA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLastError
GetFileAttributesA
GetModuleFileNameA
MoveFileA
DeleteFileA
Sleep
TerminateProcess
WaitForSingleObject
OpenProcess
GetFullPathNameA
GetStartupInfoA
CreateMutexA
CreateEventA
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
GetTickCount
SetEvent
ReleaseSemaphore
GetTempPathA
CreateDirectoryA
GetSystemTimeAsFileTime
GetCurrentThreadId
CreateProcessA
CreateFileA
GetFullPathNameW
GetModuleFileNameW
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
MultiByteToWideChar
RaiseException
InitializeCriticalSection
DeleteCriticalSection
CompareStringA
CompareStringW
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetFilePointer
FlushFileBuffers
WriteFile
HeapSize
GetTimeZoneInformation
IsBadWritePtr
HeapReAlloc
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
TlsFree
SetLastError
GetOEMCP
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
CreateThread
ExitThread
GetCPInfo
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
TlsAlloc
GetSystemInfo
TlsGetValue
TlsSetValue
ResetEvent
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
GetModuleHandleA
GetCommandLineA
LCMapStringA
LCMapStringW

user32

LoadCursorA
RegisterClassExA
DefWindowProcA
PostQuitMessage
CreateWindowExA
UpdateWindow
SetWindowsHookExA
UnhookWindowsHookEx
IsWindowVisible
ShowWindow
CallNextHookEx
PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
StringFromIID
CoCreateGuid
CoUninitialize

oleaut32

SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56ee4c00b730e96f504a2e7d50fc2ef9

Headers

File Characteristics

PDB Paths

Imports

wininet

version

kernel32

user32

ole32

oleaut32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 11KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 11KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 48KB - Virtual size: 47KB