4bb1e1ca019cb95e782e550b3b838a42_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4bb1e1ca019cb95e782e550b3b838a42_JaffaCakes118
Size

284KB
MD5

4bb1e1ca019cb95e782e550b3b838a42
SHA1

e60ada782c2ee95f328e340fda3f1fb4b309f393
SHA256

92d74751854ad20d2df3c7fdb903bd17dee30eb9d3936b536b8a263221369f92
SHA512

7a862327aae811184936ca99b921c652727afed641ee39f20e4ecd7c8d9c2145a699e0910aa6e76e86652dc96c134ec0f33b946930e38e7c422fcdf5f218f7bd
SSDEEP

3072:eKLqI9c6kJOJ8c7KFHPt81BK92y9i4VWznc1oiDdB1ZV7aQPtJPzz9lg8z:DqXAacEV8279ikWznCxdB1v7Y8z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bb1e1ca019cb95e782e550b3b838a42_JaffaCakes118

Files

4bb1e1ca019cb95e782e550b3b838a42_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad1ca2181f9ec0dbbc5aa3e0cd91d86c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\temp\bot_august_2010\winrun\Release\winrun.pdb

Imports

wininet

HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
ReadFile
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
MoveFileA
DeleteFileA
Sleep
CloseHandle
TerminateProcess
WaitForSingleObject
OpenProcess
GetFullPathNameA
GetStartupInfoA
GetLastError
CreateMutexA
Process32Next
Process32First
GetCurrentProcessId
CreateToolhelp32Snapshot
WideCharToMultiByte
HeapFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetProcAddress
LoadLibraryA
GetFileAttributesA
GetModuleFileNameA
GetCurrentThreadId
CreateProcessA
CreateEventA
GetTickCount
ReleaseSemaphore
GetTempPathA
CreateDirectoryA
GetSystemTimeAsFileTime
SetEvent
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
CreateFileA
GetFullPathNameW
GetModuleFileNameW
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
MultiByteToWideChar
CompareStringW
CompareStringA
InitializeCriticalSection
DeleteCriticalSection
RaiseException
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetTimeZoneInformation
HeapSize
HeapReAlloc
SetUnhandledExceptionFilter
GetOEMCP
QueryPerformanceCounter
TlsFree
SetLastError
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
CreateThread
ExitThread
GetCPInfo
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
TlsAlloc
GetSystemInfo
TlsGetValue
TlsSetValue
ResetEvent
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
RtlUnwind
ExitProcess
VirtualProtect
VirtualAlloc
VirtualQuery
GetModuleHandleA
GetCommandLineA
LCMapStringA
LCMapStringW

user32

PostQuitMessage
DefWindowProcA
CreateWindowExA
UpdateWindow
LoadCursorA
RegisterClassExA
UnhookWindowsHookEx
IsWindowVisible
ShowWindow
CallNextHookEx
SetWindowsHookExA
PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
StringFromIID
CoCreateGuid
CoUninitialize

oleaut32

SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad1ca2181f9ec0dbbc5aa3e0cd91d86c

Headers

File Characteristics

PDB Paths

Imports

wininet

version

kernel32

user32

ole32

oleaut32

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 11KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 11KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 48KB - Virtual size: 47KB