4aba9fc0c20cbd4e493110d6a5ce23ea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4aba9fc0c20cbd4e493110d6a5ce23ea_JaffaCakes118
Size

140KB
MD5

4aba9fc0c20cbd4e493110d6a5ce23ea
SHA1

5874bec18e855c1ca73c88097bf8b290a22ef403
SHA256

3b32ebd4fd908a5159f420612c479ea3dbd7ef53caa90b3dbebfbe13ea0741d6
SHA512

ef8e4891ea4b17f4ef202c97efe84e1063215f657c7680476899c6d0ce8abc066edf9e6fa1d3a83bbb84d4426b7b8ca4573cfc1652d3f28a2830bc100985ef46
SSDEEP

1536:AOk582qSxaXM7++hqvJh1K1aDSrev4REYbp32hUJRQjPAobkgU1t7/B+5q0A23wE:xk582pxa4qL3YunAorMQ52t8x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4aba9fc0c20cbd4e493110d6a5ce23ea_JaffaCakes118

Files

4aba9fc0c20cbd4e493110d6a5ce23ea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4c1517a9f68c41dce7e1ea813dd4abac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\dddddddddddddddddddddddddddddddddddddddddddd\birdseye.pdb

Imports

ws2_32

select
__WSAFDIsSet
connect
WSAStartup
htons
WSACleanup
recv
socket
closesocket
gethostbyname
send

urlmon

URLDownloadToFileA

kernel32

LoadLibraryA
lstrlenA
WideCharToMultiByte
CompareStringW
MultiByteToWideChar
InterlockedExchange
GetLastError
CompareStringA
Sleep
WaitForSingleObject
TerminateThread
PeekNamedPipe
WriteFile
CreateProcessA
TerminateProcess
GetComputerNameA
CreatePipe
CloseHandle
FindResourceA
LoadResource
FindResourceExA
SizeofResource
LeaveCriticalSection
EnterCriticalSection
LockResource
SetFilePointer
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetFileType
SetHandleCount
HeapSize
InterlockedDecrement
SetEnvironmentVariableA
GetThreadLocale
GetConsoleCP
GetConsoleMode
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InitializeCriticalSection
GetLocaleInfoA
CreateFileA
ReadFile
InterlockedIncrement
TlsFree
TlsSetValue
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentThreadId
GetStringTypeW
GetStringTypeA
FlushFileBuffers
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetSystemInfo
VirtualQuery
DeleteFileA
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
ExitThread
ResumeThread
CreateThread
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
SetLastError

user32

UnregisterClassA
GetDC
GetSystemMetrics
GetForegroundWindow
GetWindowTextA
GetAsyncKeyState
GetActiveWindow

gdi32

BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
DeleteObject

advapi32

RegOpenKeyExA
RegQueryValueExA
GetUserNameA

shlwapi

PathFindExtensionW
PathFindExtensionA

gdiplus

GdiplusStartup
GdipCloneImage
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipFree
GdiplusShutdown
GdipGetImageEncodersSize

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c1517a9f68c41dce7e1ea813dd4abac

Headers

File Characteristics

PDB Paths

Imports

ws2_32

urlmon

kernel32

user32

gdi32

advapi32

shlwapi

gdiplus

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 46KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 46KB

.rsrc
Size: 4KB - Virtual size: 176B