4ccb994956f7dfdd93b704056d47bc64_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4ccb994956f7dfdd93b704056d47bc64_JaffaCakes118
Size

340KB
MD5

4ccb994956f7dfdd93b704056d47bc64
SHA1

3ac97501a664502442c901f3767c6fe4d92aa227
SHA256

497f35bc8afc757f2ff014a4aa598252885779a430228ed0c063585d960c5bb4
SHA512

055a745f619ff331b7815d5d6dd8b77fc70815b4b32fb9a06831743494a7863446408aa3f413eff592d8e72dae74b84106dea5fca72612ad81401a52bbd04232
SSDEEP

3072:N5FupZbfMIMuT2adzRI8NVaEtWbwqOwHdBfqqYJs178JxYJIkNRyZ7f5nHNPKPe+:N5FKWIV2SRrUTH6Js1MCIkHylfKm5tt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ccb994956f7dfdd93b704056d47bc64_JaffaCakes118

Files

4ccb994956f7dfdd93b704056d47bc64_JaffaCakes118
.exe windows:4 windows x86 arch:x86

84040e0b5822c4e905c933ec10c7b346

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\evyrxwtmr\xebaxoetb\sncvmt\

Imports

wininet

HttpAddRequestHeadersW
InternetErrorDlg
InternetCrackUrlA
InternetTimeFromSystemTime
InternetGoOnlineW
FtpFindFirstFileW
RunOnceUrlCache
HttpEndRequestA

comctl32

ImageList_Write
ImageList_Draw
ImageList_SetFlags
InitCommonControlsEx
ImageList_DragEnter
ImageList_DragLeave
ImageList_GetImageCount
InitMUILanguage
ImageList_GetFlags
ImageList_SetImageCount
ImageList_ReplaceIcon
CreateStatusWindowW
ImageList_SetOverlayImage
ImageList_Read
ImageList_BeginDrag
ImageList_GetIcon
CreateToolbarEx
ImageList_GetBkColor
CreateStatusWindowA

advapi32

RegSaveKeyA
CryptDestroyHash
InitiateSystemShutdownW
CryptGenRandom
RegEnumKeyExA
CryptGetUserKey
RegCreateKeyA
RegNotifyChangeKeyValue
RegEnumValueW
RegOpenKeyExW
AbortSystemShutdownA
CryptSetProviderA
CryptAcquireContextW
RegOpenKeyW
RegReplaceKeyW
CryptDestroyKey
RegQueryMultipleValuesA
RegSetValueA
CryptAcquireContextA
DuplicateTokenEx
LookupPrivilegeValueA
CryptDuplicateHash
CryptDeriveKey
RegQueryValueW

user32

LoadCursorFromFileW
GetSysColorBrush
ImpersonateDdeClientWindow
GetMenuStringA
InvertRect
CreateWindowExW
MessageBeep
EnumDesktopsA
SetMessageQueue
GetDlgItemTextW
ChangeDisplaySettingsW
CallMsgFilter
InsertMenuA
RealChildWindowFromPoint
GetClientRect
DefDlgProcW
DrawFrameControl
EnumPropsA
SetShellWindow
DrawFrame
SendDlgItemMessageW
SetWindowRgn
ScrollDC
GetAsyncKeyState
IsDialogMessageA
SetParent
EnumDisplaySettingsA
GetWindowPlacement
SetDlgItemInt
EnumDesktopWindows
RemoveMenu
GetMenuInfo
SendDlgItemMessageA
UnregisterDeviceNotification
ChildWindowFromPoint
CharToOemA
EnumDisplayDevicesA
SetDlgItemTextW
CreateDialogParamA
GetParent
RegisterClassA
RegisterClassExA
DlgDirSelectExA
CopyImage
IsCharUpperW
IntersectRect
DdeClientTransaction
GetMenuContextHelpId
CallMsgFilterW
DefFrameProcW
GetCapture
DrawStateA
CharUpperBuffA
RedrawWindow

kernel32

CompareStringW
GetConsoleCursorInfo
ExitProcess
EnterCriticalSection
SetStdHandle
HeapAlloc
LeaveCriticalSection
WideCharToMultiByte
GetCurrentThreadId
LoadLibraryA
VirtualQuery
GetCommandLineA
LockResource
GetLocalTime
FreeLibraryAndExitThread
GetFileType
WriteProfileStringW
TlsGetValue
FreeEnvironmentStringsW
GlobalLock
CompareStringA
FindFirstFileExA
CreateMutexA
TlsFree
HeapCreate
RemoveDirectoryA
GetCurrentProcess
GetThreadContext
DeleteCriticalSection
GlobalFree
FlushFileBuffers
GetCalendarInfoW
GetTimeZoneInformation
QueryPerformanceCounter
GetSystemTime
GetAtomNameW
FindNextFileW
GetVersion
RtlZeroMemory
GetLastError
GetEnvironmentStringsW
GetPrivateProfileStructW
InterlockedExchange
VirtualAlloc
GetModuleFileNameA
GetCalendarInfoA
GetCPInfo
GetACP
LocalReAlloc
CreateSemaphoreW
MoveFileW
InterlockedIncrement
FoldStringA
GlobalAlloc
GetLongPathNameA
CloseHandle
WriteFile
GetFullPathNameW
RtlFillMemory
InterlockedDecrement
CreateFileW
OpenEventW
GetCompressedFileSizeW
AllocConsole
Sleep
HeapFree
ReadFile
VirtualProtectEx
RtlUnwind
ConnectNamedPipe
WriteFileEx
SetFilePointer
lstrcat
ExpandEnvironmentStringsA
WriteConsoleInputW
GetProcAddress
GetStartupInfoA
VirtualFree
EnumCalendarInfoExA
GetEnvironmentStrings
GetStringTypeW
MultiByteToWideChar
GetOEMCP
IsBadWritePtr
TlsAlloc
GetCurrentThread
HeapDestroy
GlobalCompact
GlobalHandle
SetHandleCount
SetEnvironmentVariableA
InitializeCriticalSection
GetConsoleOutputCP
SetLastError
lstrcpyA
EnumDateFormatsExA
SetCurrentDirectoryW
EnumDateFormatsExW
lstrcmpiA
LCMapStringW
GetStdHandle
OpenMutexA
EnumSystemLocalesW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
FreeEnvironmentStringsA
GetModuleHandleA
SetConsoleActiveScreenBuffer
FormatMessageW
TlsSetValue
GetCurrentProcessId
TerminateProcess
EnumSystemCodePagesW
GetStringTypeA
GetProfileIntA
LCMapStringA
HeapReAlloc

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84040e0b5822c4e905c933ec10c7b346

Headers

File Characteristics

PDB Paths

Imports

wininet

comctl32

advapi32

user32

kernel32

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 88KB - Virtual size: 101KB

.rsrc Size: 112KB - Virtual size: 108KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 88KB - Virtual size: 101KB

.rsrc
Size: 112KB - Virtual size: 108KB