4cb1e493ffc87672e5d12b852474001a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4cb1e493ffc87672e5d12b852474001a_JaffaCakes118
Size

142KB
MD5

4cb1e493ffc87672e5d12b852474001a
SHA1

2a11a6b29107b86fbaac2a97fdbc666f96cf6615
SHA256

6216f884bb18a4de28bfd718c621b211741b35884747fd2e5b8346d73e703ffa
SHA512

74a3ebe53acc1b3554565f6a496bacd0fc2ed3eb180a814aa2eb3cebfb6ce1c05980e777cb34483ec3c217245985c9a4920ddc513c946f8d0591c3d9dd6ca1df
SSDEEP

3072:dDVQH/d/M0/o6qvvju2PIPpW80Mej9JyD:dDVe/d/d/o6qHClPfZeJe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cb1e493ffc87672e5d12b852474001a_JaffaCakes118

Files

4cb1e493ffc87672e5d12b852474001a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

371330e5de2773b9f773efa2ff14fd55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
WSAStartup
inet_addr
htons
WSACleanup
recv
socket
closesocket
gethostbyname
send

kernel32

MulDiv
RtlMoveMemory
GetProcAddress
LockResource
ExitProcess
GetCommandLineW
CreateMutexW
lstrcmpA
lstrlenA
lstrcpynA
GetModuleHandleW
VirtualFree
OpenProcess
SizeofResource
TerminateThread
Sleep
GetVersionExW
lstrcpynW
TerminateProcess
lstrcatA
lstrcmpW
lstrlenW
GetStartupInfoW
GetLastError
VirtualAlloc
lstrcatW
GetCurrentThreadId
CloseHandle
lstrcpyW
RtlZeroMemory
CreateThread
lstrcpyA
LoadLibraryW
GetProcessHeap
HeapFree
HeapAlloc
LoadResource
FreeLibrary
FindResourceW
FreeResource
WideCharToMultiByte

user32

MessageBoxW
UnhookWindowsHookEx
SetWindowsHookExW
CreateWindowExW
FindWindowExW
CreateDialogParamW
ReleaseCapture
SetMenu
ShowWindow
LoadStringW
GetCursorPos
SetWindowPos
GetSysColor
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
EnableMenuItem
SetClassLongW
SystemParametersInfoW
GetWindowTextW
AppendMenuW
GetWindowLongW
SetRect
GetWindowTextA
LoadIconW
RegisterClassExW
wsprintfW
SetFocus
GetClientRect
FindWindowW
IsWindowEnabled
CreateIconFromResourceEx
LoadCursorW
AttachThreadInput
TrackMouseEvent
DialogBoxParamW
SetForegroundWindow
KillTimer
UnregisterClassW
SetCapture
FillRect
TrackPopupMenu
SendDlgItemMessageA
LockSetForegroundWindow
GetWindowRect
SetTimer
GetWindowTextLengthW
SetCursor
DestroyWindow
MapWindowPoints
EnableWindow
DestroyMenu
SetWindowTextW
DestroyIcon
CallWindowProcW
DefWindowProcW
GetWindowThreadProcessId
GetDC
ReleaseDC
SendMessageW
CreatePopupMenu

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetTextExtentPoint32W
SetTextColor
SelectObject
GetDeviceCaps
DeleteDC
CreateSolidBrush
GetStockObject
TextOutW
GetObjectW
CreateFontW
SetBkMode

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW
Shell_NotifyIconW

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

371330e5de2773b9f773efa2ff14fd55

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 11KB

.tls Size: 5KB - Virtual size: 5KB

.rsrc Size: 116KB - Virtual size: 116KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 11KB

.tls
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 116KB - Virtual size: 116KB