4d52810a0390ff496f0feb04c7ec1385_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4d52810a0390ff496f0feb04c7ec1385_JaffaCakes118
Size

320KB
MD5

4d52810a0390ff496f0feb04c7ec1385
SHA1

0708d998fea7ce92dfd99b9d97b753d4b6c6f9f7
SHA256

41ff8c08e0a2e7a051724bc0bfd13b9d9df19fb50f4bf485523c2cc88837ac81
SHA512

68dee08ad0c3bf655e90dcb29188b88e42a34241d8395664443ca5c3cfb842ccb07c2a8dfd2e126cdf3dba3a893bf31358d2a69b6f4fdbe00cf1488324ee4c77
SSDEEP

6144:26lXsWG6puLQsLOLZDdiSVjmC6SEIg4M:26dsc8L3LOLdfiI4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4d52810a0390ff496f0feb04c7ec1385_JaffaCakes118

Files

4d52810a0390ff496f0feb04c7ec1385_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d442a8cd1f169dd38e50a143486ea22d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Documents\2 Storage\GetBot\GetBot\Release\GetBot.pdb

Imports

comctl32

PropertySheetA
InitCommonControlsEx
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create

wininet

HttpQueryInfoA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
HttpOpenRequestA
InternetOpenA
InternetCloseHandle
InternetCombineUrlA
InternetSetOptionA
InternetCrackUrlA
InternetOpenUrlA
InternetCanonicalizeUrlA
InternetAutodial
InternetGetConnectedState
HttpSendRequestA
HttpAddRequestHeadersA

kernel32

GetACP
MultiByteToWideChar
lstrlenW
RaiseException
InterlockedExchange
GetLastError
lstrcmpiA
GetThreadLocale
DeleteCriticalSection
GetVersionExA
FindClose
HeapReAlloc
HeapAlloc
GetTickCount
GlobalLock
GlobalAlloc
GlobalUnlock
lstrcpyA
SetPriorityClass
GetCurrentProcess
GetCurrentThread
CreateProcessA
SetThreadPriority
ResumeThread
CreateFileA
GetFileSize
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
WriteFile
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
CopyFileA
SetFileAttributesA
CreateFileMappingA
MoveFileA
FindNextFileA
DeleteFileA
FindResourceA
GetWindowsDirectoryA
FindResourceExA
SizeofResource
LockResource
GetModuleFileNameA
lstrcmpA
HeapFree
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetProcessHeap
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
TerminateProcess
GetProcAddress
IsBadWritePtr
VirtualFree
HeapCreate
ExitProcess
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
CreateThread
GetCurrentThreadId
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapDestroy
WideCharToMultiByte
InitializeCriticalSection
GetLocaleInfoA
lstrlenA
GetSystemTimeAsFileTime
RtlUnwind
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
LoadResource

user32

EndPaint
SetClipboardViewer
SetWindowPos
ChangeClipboardChain
RegisterClassExA
GetSystemMenu
CallWindowProcA
IsWindowVisible
DispatchMessageA
DefWindowProcA
PeekMessageA
TranslateMessage
IsIconic
PostQuitMessage
GetMessageA
DestroyWindow
SetCursor
SetTimer
GetWindowRect
GetFocus
FillRect
SetCapture
KillTimer
DrawTextA
GetSubMenu
DrawIconEx
SetForegroundWindow
LoadMenuA
GetClientRect
GetCapture
MessageBoxA
CreateWindowExA
GetSysColor
GetCursorPos
GetSysColorBrush
GetCursor
ReleaseCapture
SetWindowTextA
LoadImageA
DestroyMenu
BeginPaint
GetDC
ReleaseDC
SystemParametersInfoA
UpdateWindow
IsZoomed
GetKeyState
TrackPopupMenu
GetSystemMetrics
GetWindowTextA
CharUpperA
SetMenuItemInfoA
DialogBoxParamA
DestroyIcon
SetDlgItemTextA
MoveWindow
InvalidateRect
CreateDialogParamA
ShowWindow
GetDlgItemInt
SendDlgItemMessageA
SetDlgItemInt
SetWindowLongA
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
FindWindowA
IsWindowEnabled
DeleteMenu
SendMessageA
AppendMenuA
ClientToScreen
ScreenToClient
SetFocus
PostMessageA
GetDlgItem
EndDialog
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
EnableWindow

gdi32

SetTextColor
DeleteDC
SetBkColor
CreateDCA
SetBkMode
SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
DeleteObject
CreateSolidBrush

advapi32

CryptCreateHash
CryptImportKey
CryptAcquireContextA
CryptVerifySignatureA
CryptDestroyHash
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
CryptHashData
CryptDestroyKey

shell32

Shell_NotifyIconA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoA
SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
ExtractIconExA

ole32

OleUninitialize
StringFromGUID2
CoCreateGuid
CoCreateInstance
OleInitialize

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d442a8cd1f169dd38e50a143486ea22d

Headers

File Characteristics

PDB Paths

Imports

comctl32

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 140KB - Virtual size: 136KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 140KB - Virtual size: 136KB