5c63efe35349d87c05a57087f08274b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c63efe35349d87c05a57087f08274b9_JaffaCakes118
Size

2.0MB
MD5

5c63efe35349d87c05a57087f08274b9
SHA1

8da6d7424dcd9ef095df76ab2de22ba818d8cade
SHA256

96d6e17fbf38b9f8b64180fd839c259221bcdce11973cf8d131b05548a7d1488
SHA512

ff1fb837ef617a104b39a30994c573d82101c3fcf9d3723f21c531cae561b911b547a77608a181a55342496807b22b17d175cbbb0980ad861cecb6ade5272d75
SSDEEP

49152:mgBVRIgPs2UZMa87lWvo7aZwxKi7MiuqW0Z94CO:mgpdDUZMahny7M/0Z9W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c63efe35349d87c05a57087f08274b9_JaffaCakes118

Files

5c63efe35349d87c05a57087f08274b9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f3f836ef4a4cddb43a120f447da6f89e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
CreateToolhelp32Snapshot
GetVersionExA
CloseHandle
GetTempPathA
LocalFree
WriteProcessMemory
DeleteFileA
CreateThread
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetModuleHandleA
GetStringTypeW
GetStringTypeA
VirtualAllocEx
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
FlushFileBuffers
GetConsoleMode
GetModuleFileNameA
MoveFileA
LocalAlloc
Process32Next
LoadLibraryA
GetPrivateProfileStringA
GetUserDefaultLCID
GetTempFileNameA
CopyFileA
GetProcAddress
GetLastError
FindFirstFileA
CreateDirectoryA
SetThreadPriority
ReadFile
TerminateProcess
SizeofResource
Sleep
GetPrivateProfileIntA
OpenProcess
GetSystemWow64DirectoryA
WriteFile
GetWindowsDirectoryA
SetFileTime
CreateRemoteThread
FormatMessageA
GetCurrentThread
WaitForSingleObject
Process32First
GetCurrentProcess
GetConsoleCP
HeapReAlloc
VirtualAlloc
VirtualFree
SetEnvironmentVariableA
HeapCreate
HeapAlloc
GetTimeZoneInformation
GetFileType
LoadResource
FindResourceA
CreateFileA
GetCurrentProcessId
ExitProcess
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
RaiseException
RtlUnwind
GetCPInfo
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte

user32

LoadCursorA
FindWindowA
DestroyMenu
UpdateWindow
SetWindowTextA
InsertMenuA
GetSystemMetrics
ReleaseCapture
SystemParametersInfoA
MoveWindow
LoadIconA
DispatchMessageA
IsWindow
GetDC
BeginPaint
SetFocus
SendMessageA
AppendMenuA
GetActiveWindow
CreatePopupMenu
ShowWindow
GetCursorPos
GetDesktopWindow
DefWindowProcA
ReleaseDC
CreateWindowExA
InvalidateRect
GetWindowPlacement
TranslateMessage
SetForegroundWindow
SetCapture
TrackPopupMenu
RegisterClassExA
GetWindowRect
GetMessageA
DestroyWindow
MessageBoxA
LoadBitmapA
ClientToScreen
EndPaint
IsDialogMessageA

gdi32

CreateFontA
AddFontResourceExA
SetBkMode
DeleteObject
GetStockObject
CreateSolidBrush
SetTextColor

advapi32

InitializeAcl
OpenThreadToken
SetSecurityDescriptorGroup
AccessCheck
RegCloseKey
AdjustTokenPrivileges
GetLengthSid
IsValidSecurityDescriptor
FreeSid
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
OpenProcessToken
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateToken
RegQueryValueExA
RegSetValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

wininet

FtpGetFileSize
DeleteUrlCacheEntry
FtpOpenFileA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetReadFile

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_Create

ws2_32

closesocket
socket
recv
setsockopt
gethostbyname
inet_addr
WSAStartup
inet_ntoa
connect
htons
send

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

timeGetTime

psapi

GetModuleFileNameExA

gdiplus

GdiplusShutdown
GdipFree
GdipGetImageHeight
GdipDeleteGraphics
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipLoadImageFromFile
GdipDrawImageRectI

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3f836ef4a4cddb43a120f447da6f89e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

comctl32

ws2_32

version

winmm

psapi

gdiplus

Sections

.text Size: 167KB - Virtual size: 166KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB