4aeb7df065b2ea6a3c1e9208ca821c80_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4aeb7df065b2ea6a3c1e9208ca821c80_JaffaCakes118
Size

260KB
MD5

4aeb7df065b2ea6a3c1e9208ca821c80
SHA1

528f30c57f01635e044718445da292c8aaca018f
SHA256

d11e652961551f56a0330baad8bdbbae73d41907c325d4ed55f31929c22ca562
SHA512

7ac35eb55754cf0b6870793c44ad72be1d08444da6ba4a3a913cd9462c5d72c9a45b6c75a1051125d391a2b2d621a35a16cc06da8aa6add4b9b1b3c721679288
SSDEEP

3072:uBHmlf4JqkWxb1bQwYZwHf1T+WyJzidk/0xWn8/ib8cJ8bBvHveDzDpvF7tTBfo7:jxf1JyJz6iWj28xNfve7pvF7tTBwRV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4aeb7df065b2ea6a3c1e9208ca821c80_JaffaCakes118

Files

4aeb7df065b2ea6a3c1e9208ca821c80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3fb6c9f25ea1c7b9e858920fa5f47a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
GetModuleFileNameExA
EnumPageFilesA

kernel32

GetSystemDirectoryA
GetWindowsDirectoryA
FindClose
FindFirstFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
TerminateThread
WaitForSingleObject
GetModuleFileNameA
GetTempPathA
WriteFile
ResetEvent
WaitForMultipleObjects
SetFilePointer
GetShortPathNameA
TerminateProcess
OpenProcess
CreateDirectoryA
GetFileSize
GetTickCount
SetFileAttributesA
GetFileAttributesA
CreateFileA
ReadFile
DeleteFileA
SetEvent
OpenEventA
CloseHandle
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
AddAtomA
Sleep
CreateThread
GetStartupInfoA
GetModuleHandleA
GlobalAlloc
GlobalFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
HeapLock
HeapWalk
HeapUnlock
HeapFree
HeapAlloc
CreatePipe
GetCurrentProcess
GetExitCodeProcess
DuplicateHandle
CreateProcessA
GetDriveTypeA
GetVolumeInformationA
GetLongPathNameA
GetCurrentProcessId
FindNextFileA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeThread
HeapCreate
HeapDestroy

user32

AnyPopup
MessageBoxA
IsWindow
SendMessageA
DestroyWindow
PostThreadMessageA
GetMessageA
GetWindowTextA
GetWindowLongA
GetWindowThreadProcessId
GetWindow
GetDesktopWindow
PostMessageA
FindWindowA
GetSystemMetrics

gdi32

GetObjectA
BeginPath
CreateCompatibleBitmap
CreateDCA
BitBlt
CreateCompatibleDC
GetDIBits

advapi32

RegQueryInfoKeyA
AbortSystemShutdownA
RegCloseKey
RegOpenKeyExA
RegEnumValueA

shell32

ShellExecuteA
SHFormatDrive
SHFileOperationA

ws2_32

WSACreateEvent
connect
send
shutdown
getsockname
recvfrom
WSAGetLastError
ntohs
recv
WSACleanup
WSAStartup
gethostbyname
gethostname
closesocket
WSAIoctl
socket
bind
htons
sendto

gdiplus

GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipFree
GdipLoadImageFromFile
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage

mfc42

ord3626
ord3663
ord2414
ord640
ord665
ord1979
ord5186
ord354
ord5785
ord1641
ord1640
ord323
ord800
ord1601
ord537
ord3571

msvcrt

malloc
pow
free
wcscmp
_strupr
_strset
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
_purecall
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_ftol
rand
srand
memcmp
strchr
strlen
strrchr
_CxxThrowException
memset
strcpy
strstr
strcmp
__CxxFrameHandler
sprintf
__getmainargs
memcpy

ole32

StringFromGUID2
CoInitialize
CoUninitialize
CoCreateGuid

winmm

timeSetEvent
timeKillEvent

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3fb6c9f25ea1c7b9e858920fa5f47a7

Headers

File Characteristics

Imports

psapi

kernel32

user32

gdi32

advapi32

shell32

ws2_32

gdiplus

mfc42

msvcrt

ole32

winmm

avicap32

Sections

.text Size: 212KB - Virtual size: 209KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 212KB - Virtual size: 209KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 9KB