49fb685c7adfd64c02878c5022b17bcc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

49fb685c7adfd64c02878c5022b17bcc_JaffaCakes118
Size

198KB
MD5

49fb685c7adfd64c02878c5022b17bcc
SHA1

39a401c388c832666bb40438e30565e1863e08a5
SHA256

4c106a284174626fec2ca1c52448e376c6596f2a855af7811e4c8e20e086384c
SHA512

49d517416f687346d30caa8407d0bfa06745317c79d3e29dffd3486eb0cef44f4993f3030bdd6d2b4dd1d6d5f558f7b8c60cae54b5b8384fafd064f03e30ac09
SSDEEP

3072:gsBf3zJ/nRuznircpSMngAd1CSVlAOJBAOJRDQJHPcyWzplizgxs0:ZPz6zppqAISVlAOXAOz8PcyukgP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49fb685c7adfd64c02878c5022b17bcc_JaffaCakes118

Files

49fb685c7adfd64c02878c5022b17bcc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92cb4bc57a6127475ebedbe75fa88274

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
memmove
strncpy
strlen
strcpy
strcat
memcmp
_stricmp
longjmp
_setjmp3
fseek
ftell
fread
sprintf
strcmp
strncmp
fclose
fabs
ceil
malloc
floor
free
exit
__p__iob
fprintf
getenv
sscanf

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
HeapAlloc
HeapFree
FreeLibrary
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
InitializeCriticalSection
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
CreateFileA
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
ReadFile
GetTickCount
MulDiv
DeleteFileA
FindClose
FindFirstFileA
GetLastError
FindNextFileA
HeapReAlloc
SetLastError
TlsAlloc
GlobalAlloc
GlobalFree
LoadLibraryA
GetProcAddress
GetVersionExA

comctl32

InitCommonControls
InitCommonControlsEx
ImageList_Destroy
ImageList_Remove
ImageList_AddMasked
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon

user32

CharUpperA
MessageBoxA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
SendMessageA
CreateWindowExA
DestroyWindow
GetWindowTextLengthA
GetWindowTextA
ShowWindow
SetWindowTextA
GetWindowLongA
GetClientRect
FillRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
RedrawWindow
LoadCursorA
RegisterClassExA
SetClassLongA
InvalidateRect
GetWindowRect
ScreenToClient
GetIconInfo
SetWindowPos
UpdateWindow
ReleaseCapture
BeginPaint
DrawStateA
EndPaint
SetCapture
GetSystemMetrics
GetSysColor
GetSysColorBrush
GetWindow
RemovePropA
SetPropA
GetParent
GetPropA
MapWindowPoints
MoveWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassA
AdjustWindowRectEx
CreateAcceleratorTableA
SetFocus
GetFocus
EnumChildWindows
PostMessageA
DefFrameProcA
SetCursorPos
LoadImageA
SetCursor
SystemParametersInfoA
GetKeyState
GetCursorPos
IsChild
GetClassNameA
DestroyIcon
CreateIconFromResourceEx
CreateIconFromResource

gdi32

DeleteObject
CreateDCA
GetDeviceCaps
CreateFontA
DeleteDC
GetObjectType
GetStockObject
GetObjectA
SetBkColor
SetTextColor
CreateSolidBrush
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
StretchBlt
SetDIBits
CreateDIBSection
GetDIBits
BitBlt
CreateBitmap
SetPixel

advapi32

RegOpenKeyA
RegConnectRegistryA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA

ole32

CoInitialize
RevokeDragDrop

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteExA

wsock32

closesocket
WSACleanup
WSAStartup

Sections

.code
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92cb4bc57a6127475ebedbe75fa88274

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

user32

gdi32

advapi32

ole32

shell32

wsock32

Sections

.code Size: 9KB - Virtual size: 8KB

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 108KB - Virtual size: 109KB

.rsrc Size: 1024B - Virtual size: 964B

.code
Size: 9KB - Virtual size: 8KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 108KB - Virtual size: 109KB

.rsrc
Size: 1024B - Virtual size: 964B