48997c9fb6270f9ec5ee919494676b27_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

48997c9fb6270f9ec5ee919494676b27_JaffaCakes118
Size

585KB
MD5

48997c9fb6270f9ec5ee919494676b27
SHA1

4c63411e9a3869280130bacc2ccd9912d0d57d5b
SHA256

6422a8f672b87c9471b848ac9bf993cf3cc9e608b591543a16bd478a17f09270
SHA512

09a4e52e0fccee0c0351de72a0ccc711aaf42db12626202fd09a77bf040b29392e27f20e66737459d502be5075fe2c4d317f6de0540a4b9a413a9c20e03f9844
SSDEEP

12288:+fU4nXa8CsN0WMJtMb2+o+Y50kN0dU2cYH4Fl5X3e8p:+fRXvQtMqFr50sX33

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48997c9fb6270f9ec5ee919494676b27_JaffaCakes118

Files

48997c9fb6270f9ec5ee919494676b27_JaffaCakes118
.exe windows:4 windows x86 arch:x86

15e649d17c3ec0870c9f91b68f91fd16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
CreateDirectoryW
GetFileAttributesW
CopyFileW
WriteFile
CloseHandle
lstrcpynW
GetModuleHandleW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
MulDiv
lstrcmpW
CompareStringW
GlobalHandle
GlobalFree
SetLastError
GlobalLock
GlobalUnlock
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
LoadLibraryW
LCMapStringW
LCMapStringA
IsValidCodePage
GetCurrentThreadId
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
IsDebuggerPresent
UnhandledExceptionFilter
VirtualQuery
GetModuleHandleA
VirtualProtect
GetStartupInfoW
RtlUnwind
ReleaseSemaphore
CreateSemaphoreW
OpenProcess
SetUnhandledExceptionFilter
GlobalSize
TerminateProcess
GetProcAddress
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
FormatMessageW
LocalAlloc
LocalFree
WideCharToMultiByte
GetShortPathNameW
CreateThread
Sleep
GetTempPathW
GetConsoleCP
CreateFileW
MultiByteToWideChar
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InterlockedExchangeAdd
GetSystemDirectoryW
WaitForMultipleObjects
GetTickCount
WaitForMultipleObjectsEx
GetVersionExW
GetSystemInfo
SetEndOfFile
GetFileSize
FlushFileBuffers
ReadFile
ReleaseMutex
OpenMutexW
CreateMutexW
GetCommandLineW
lstrlenA
SetFilePointer
OutputDebugStringW
GetCurrentProcessId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetOEMCP
RaiseException
GetLocalTime
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

EnableMenuItem
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CharNextW
DefWindowProcW
GetWindowLongW
DestroyMenu
CreateWindowExW
GetSystemMenu
MoveWindow
SetWindowPos
GetClientRect
DestroyWindow
GetWindow
GetParent
GetDlgItem
DispatchMessageW
DispatchMessageA
TranslateMessage
GetMessageW
GetMessageA
SetWindowLongW
EndDialog
MapDialogRect
wsprintfW
FindWindowW
ExitWindowsEx
GetMenuItemCount
GetMenuItemID
GetActiveWindow
GetSystemMetrics
LoadImageW
CreateAcceleratorTableW
AdjustWindowRectEx
KillTimer
SetTimer
GetMenu
DestroyAcceleratorTable
GetDesktopWindow
IsChild
RedrawWindow
InvalidateRgn
ClientToScreen
GetClassNameW
FillRect
MessageBoxW
OffsetRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetSysColor
GetFocus
GetCapture
ReleaseCapture
GetCursorPos
PtInRect
SetCursor
DrawTextW
DrawFocusRect
CallWindowProcW
IsWindow
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
DialogBoxIndirectParamW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
SetRectEmpty
GetWindowRect
SystemParametersInfoW
MapWindowPoints
IsDialogMessageW
SetWindowContextHelpId
SendMessageW
UnregisterClassA
MsgWaitForMultipleObjectsEx
PeekMessageW
IsWindowUnicode

gdi32

GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
SetTextColor
SelectObject
GetObjectW
SetBkMode
GetStockObject
DeleteDC
DeleteObject
CreateSolidBrush

advapi32

TraceMessage
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegEnumValueW

shell32

ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

OleLoadFromStream
CoInitialize
CoUninitialize
OleSaveToStream
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CLSIDFromString
GetHGlobalFromStream
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysAllocStringByteLen
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
VarUI4FromStr
VariantClear
VariantInit
SysAllocString
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayUnlock
SafeArrayCreate
OleCreateFontIndirect
VariantCopyInd
SysAllocStringLen
SysFreeString
SysStringLen

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathIsUNCServerW
PathAppendW

comctl32

InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent
ImageList_GetIconSize

gdiplus

GdipCloneImage
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipLoadImageFromStream
GdipDisposeImage

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetConnectW
HttpSendRequestW
HttpQueryInfoW

psapi

GetModuleBaseNameW

userenv

UnloadUserProfile

imagehlp

MapFileAndCheckSumW

Sections

.text
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 915KB - Virtual size: 915KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15e649d17c3ec0870c9f91b68f91fd16

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

psapi

userenv

imagehlp

Sections

.text Size: 322KB - Virtual size: 321KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 14KB - Virtual size: 22KB

.rsrc Size: 915KB - Virtual size: 915KB

.text
Size: 322KB - Virtual size: 321KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 14KB - Virtual size: 22KB

.rsrc
Size: 915KB - Virtual size: 915KB