4431bc95650d755ad72c805b78275805_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4431bc95650d755ad72c805b78275805_JaffaCakes118
Size

302KB
MD5

4431bc95650d755ad72c805b78275805
SHA1

07d930fdba4be9e919d0e99959b56c285fc02647
SHA256

ff81b8eab8480f78959a925c0072105d41733ae2ec1fe95024e7549ead55dd5a
SHA512

60fae23e82ed730586b367e19835c2f6fbce9960f0f78dbaa92c085040edbd96a32ea0aeadac9429abcb7055023f85daf2d7e533642383fcb151ba1c246459e4
SSDEEP

3072:qj2JhnU2Fa8qDfI+IlvuCeJVQuUnBBtNGyVVO5CHf47BLSkO1m1pmb3BYXp58Qyt:5na8qapOJVynTVkkHf4fO1wwkwUs0o9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4431bc95650d755ad72c805b78275805_JaffaCakes118

Files

4431bc95650d755ad72c805b78275805_JaffaCakes118
.exe windows:4 windows x86 arch:x86

22a43ffde07486216b426986c4077790

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\Client\bin\Release\msbb.pdb

Imports

comctl32

ord17

rpcrt4

UuidCreate

wininet

InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
InternetReadFile

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

InterlockedDecrement
InterlockedIncrement
DeleteFileA
SetFileAttributesA
FreeLibrary
GetProcAddress
LoadLibraryExA
CopyFileA
GetSystemTimeAsFileTime
GetLastError
Sleep
GetCurrentProcessId
GetWindowsDirectoryA
GetModuleFileNameA
WaitForSingleObject
OpenProcess
CloseHandle
TerminateProcess
OpenFile
FindClose
FindFirstFileA
RemoveDirectoryA
GetFileAttributesA
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
GetShortPathNameA
MoveFileExA
OutputDebugStringA
FindNextFileA
TerminateThread
LoadLibraryA
CreateThread
CreateEventA
MultiByteToWideChar
lstrcpyA
lstrlenW
HeapFree
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
FileTimeToSystemTime
GetTickCount
SetEvent
SetThreadPriority
GetCurrentThread
MoveFileA
GetTempFileNameA
GetTempPathA
ResumeThread
GetPrivateProfileStringA
GetModuleHandleA
CompareFileTime
SystemTimeToFileTime
GetVersion
ResetEvent
SetLastError
GlobalFree
GlobalHandle
lstrcpynA
GlobalAddAtomA
CreateProcessA
OpenEventA
lstrcatA
GlobalDeleteAtom
GlobalGetAtomNameA
CreateDirectoryA
GetSystemDirectoryA
GetOEMCP
GetUserDefaultLangID
GetSystemDefaultLangID
GetDiskFreeSpaceExA
GlobalMemoryStatus
CreateMutexA
ReleaseMutex
FlushFileBuffers
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
ReadProcessMemory
DosDateTimeToFileTime
GetComputerNameA
GetVolumeInformationA
GetDriveTypeA
SetErrorMode
GetTimeZoneInformation
GetCurrentThreadId
lstrlenA
WideCharToMultiByte
lstrcmpA
GetProcessHeap
HeapAlloc
GetCurrentProcess
FlushInstructionCache
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
ExitProcess
DebugBreak
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetLocalTime

user32

PeekMessageA
PostQuitMessage
GetSystemMetrics
GetWindowRect
EndDialog
GetDlgItemTextA
DialogBoxParamA
SendDlgItemMessageA
DdeFreeStringHandle
DdeDisconnect
DdeConnect
DdeDisconnectList
DdeQueryNextServer
DdeFreeDataHandle
DdeClientTransaction
DdeConnectList
DdeCreateStringHandleA
DdeQueryStringA
DdeInitializeA
DdeUninitialize
DdeNameService
ShowWindow
DialogBoxIndirectParamA
CreateDialogIndirectParamA
GetActiveWindow
SetWindowContextHelpId
MapDialogRect
UpdateWindow
CopyRect
MoveWindow
ScreenToClient
ClientToScreen
SetCursor
RemovePropA
DrawTextA
GetUpdateRect
WindowFromPoint
GetDlgCtrlID
GetPropA
SetPropA
SendMessageTimeoutA
EnumWindows
WaitForInputIdle
CreateAcceleratorTableA
MsgWaitForMultipleObjects
CharUpperA
ExitWindowsEx
EnumChildWindows
IsDlgButtonChecked
ReleaseCapture
GetSysColor
CallWindowProcA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
SendMessageA
AdjustWindowRectEx
KillTimer
GetClientRect
GetWindowLongA
SetWindowPos
SetForegroundWindow
RegisterWindowMessageA
FindWindowA
MessageBoxA
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
CreateWindowExA
RegisterClassExA
UnregisterClassA
DestroyWindow
LoadCursorA
wsprintfA
GetClassInfoExA
IsWindow
SetTimer
PostMessageA
SetWindowLongA
CharNextA
wvsprintfA
CharLowerA
DefWindowProcA
GetParent
GetClassNameA
CharLowerBuffA
SetDlgItemTextA
GetDlgItem
RedrawWindow
DestroyAcceleratorTable
GetFocus
IsChild
GetWindow
SetFocus
BeginPaint
EndPaint
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
FillRect
GetWindowThreadProcessId
SetCapture
GetMenu

gdi32

SetBkColor
SetBkMode
SetTextColor
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
ExtTextOutA
DeleteObject

advapi32

RegSetKeySecurity
RegCreateKeyExA
RegOpenKeyA
RegGetKeySecurity
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

OleLockRunning
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
CoGetClassObject
CLSIDFromProgID
CLSIDFromString

oleaut32

SysAllocStringLen
VariantClear
SysAllocString
SysStringLen
VariantInit
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysFreeString

shlwapi

SHDeleteKeyA

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22a43ffde07486216b426986c4077790

Headers

File Characteristics

PDB Paths

Imports

comctl32

rpcrt4

wininet

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 266KB - Virtual size: 265KB

.data Size: 21KB - Virtual size: 26KB

.rsrc Size: 14KB - Virtual size: 13KB

.text
Size: 266KB - Virtual size: 265KB

.data
Size: 21KB - Virtual size: 26KB

.rsrc
Size: 14KB - Virtual size: 13KB