49f0804f6bca7aaf517d709d5483316f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

49f0804f6bca7aaf517d709d5483316f_JaffaCakes118
Size

143KB
MD5

49f0804f6bca7aaf517d709d5483316f
SHA1

1586159c1c76ecc68eebd10876e4051cb7a8e4e6
SHA256

9a8cbaa4f0cc68e7849ce7dd4e90244c236ae5775fe3ebc9eb89c1cbd80c7d02
SHA512

516c94dda3b72179f892b6749c1efb5203bb4ab1ccf6f7752afd576727f656dd2a4249e18668bac7ad9070274290a995fc1d5bd5e7114fcd1d7cdf99a0be0889
SSDEEP

3072:ZcDKbs7WQCpDhqCIDZYD+FJ4YPIS8A4oTgPlE15jxdiH:Zcmb8ShQZo+FJCSP4oTgPwdu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49f0804f6bca7aaf517d709d5483316f_JaffaCakes118

Files

49f0804f6bca7aaf517d709d5483316f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ae176eb1be869bbbdf537dec60631796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
CreateFileW
WriteFile
CloseHandle
WideCharToMultiByte
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointer
lstrlenA
CreateProcessW
Sleep
GetComputerNameW
LockResource
FindResourceExW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
LoadLibraryW
GetCurrentProcess
SizeofResource
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
SetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
MultiByteToWideChar
GetLastError
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange

user32

GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
CharNextW
SetTimer
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
SetWindowPos
GetSysColor
GetClassNameW
IsWindow
SendMessageW
GetDlgItem
EndDialog
PostQuitMessage
FindWindowExW
UnregisterClassA
KillTimer
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
ShowWindow
CreateDialogParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush

advapi32

RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleUninitialize
CoUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2

oleaut32

VariantChangeType
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
InternetOpenW

netapi32

Netbios

ws2_32

closesocket
recv
send
connect
WSACleanup
gethostbyname
socket
WSAStartup
htons

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae176eb1be869bbbdf537dec60631796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

netapi32

ws2_32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 232B

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 232B