628b324bbaff3bc0fd2f0b6d675018de_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

628b324bbaff3bc0fd2f0b6d675018de_JaffaCakes118
Size

613KB
MD5

628b324bbaff3bc0fd2f0b6d675018de
SHA1

15a40f6652e9d763a5f4137b0b552e634034dfa2
SHA256

6d0a2b7d0ff933ae3075a4fc53e32cf30a88cbfe6a308cf093dccca81538f534
SHA512

4c13a865df5cef2bf5b7e60bc1208d6e437fb443befc2152515a03e1251b0407741bf618a18b77b68373b2a47c53d7b9149abca520d29cab3381973fae9f7c3b
SSDEEP

12288:AYErWD5vAzimqBWJTX8Xq90r3cIBH0N0dU2cYH4Fl5X3e802:AYw2m0WJTM6ksIBcX3C2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
628b324bbaff3bc0fd2f0b6d675018de_JaffaCakes118

Files

628b324bbaff3bc0fd2f0b6d675018de_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a13de56e926d1c18e7a01b6709d59d14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
OpenProcess
LocalAlloc
GetEnvironmentVariableW
LocalFree
WideCharToMultiByte
GetCommandLineW
GetShortPathNameW
CreateThread
CloseHandle
Sleep
lstrcpynW
GetModuleHandleW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
MulDiv
lstrcmpW
CompareStringW
GlobalHandle
GlobalFree
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetTempPathW
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
SetLastError
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
VirtualQuery
GetModuleHandleA
VirtualProtect
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
CreateSemaphoreW
ReleaseSemaphore
SetUnhandledExceptionFilter
GlobalSize
TerminateProcess
InterlockedExchangeAdd
GetSystemDirectoryW
GetFileAttributesW
CreateDirectoryW
CreateFileW
WriteFile
LoadLibraryW
GetProcAddress
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
GlobalLock
GlobalUnlock
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
GetCurrentThreadId
MultiByteToWideChar
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
GetTickCount
WaitForMultipleObjectsEx
WaitForMultipleObjects
GetSystemInfo
GetVersionExW
SetEndOfFile
FlushFileBuffers
ReadFile
GetFileSize
ReleaseMutex
OpenMutexW
CreateMutexW
lstrlenA
SetFilePointer
OutputDebugStringW
GetCurrentProcessId
GetLocalTime
RaiseException
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileType
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

CharNextW
DefWindowProcW
GetWindowLongW
GetWindowTextW
GetWindowTextLengthW
EnableMenuItem
MapDialogRect
DestroyMenu
CreateWindowExW
GetSystemMenu
MoveWindow
SetWindowPos
GetClientRect
DestroyWindow
GetWindow
GetParent
SetWindowLongW
EndDialog
SetWindowTextW
wsprintfW
FindWindowW
ExitWindowsEx
GetMenuItemCount
GetMenuItemID
GetActiveWindow
GetSystemMetrics
LoadImageW
CreateAcceleratorTableW
AdjustWindowRectEx
KillTimer
SetTimer
GetMenu
DestroyAcceleratorTable
GetDesktopWindow
IsChild
RedrawWindow
InvalidateRgn
ClientToScreen
GetClassNameW
FillRect
MessageBoxW
OffsetRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetSysColor
GetFocus
GetCapture
ReleaseCapture
GetCursorPos
PtInRect
SetCursor
DrawTextW
DrawFocusRect
CallWindowProcW
IsWindow
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
DialogBoxIndirectParamW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
SetRectEmpty
GetWindowRect
SystemParametersInfoW
MapWindowPoints
IsDialogMessageW
SetWindowContextHelpId
SendMessageW
GetDlgItem
UnregisterClassA
TranslateMessage
DispatchMessageA
DispatchMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
IsWindowUnicode
GetMessageA
GetMessageW

gdi32

GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
SetTextColor
SelectObject
GetObjectW
SetBkMode
GetStockObject
DeleteDC
DeleteObject
CreateSolidBrush

advapi32

RegCloseKey
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
OpenProcessToken
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetServiceStatus
CreateProcessAsUserW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
TraceMessage
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleSaveToStream
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CLSIDFromString
OleLoadFromStream
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
GetHGlobalFromStream
CoTaskMemAlloc

oleaut32

SafeArrayUnlock
VariantInit
VariantClear
VarUI4FromStr
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayLock
SafeArrayPtrOfIndex
SysAllocString
SafeArrayCreate
SysAllocStringByteLen
VariantCopyInd
SysAllocStringLen
SysFreeString
SysStringLen

shlwapi

PathIsUNCServerW
PathAppendW
PathRemoveFileSpecW
PathAddBackslashW

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_GetIconSize
InitCommonControlsEx

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdiplusStartup
GdipFree
GdipAlloc

wininet

InternetOpenW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
HttpOpenRequestW

psapi

GetModuleBaseNameW

userenv

UnloadUserProfile

imagehlp

MapFileAndCheckSumW

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960KB - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a13de56e926d1c18e7a01b6709d59d14

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

psapi

userenv

imagehlp

Sections

.text Size: 337KB - Virtual size: 336KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 16KB - Virtual size: 24KB

.rsrc Size: 960KB - Virtual size: 960KB

.text
Size: 337KB - Virtual size: 336KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 16KB - Virtual size: 24KB

.rsrc
Size: 960KB - Virtual size: 960KB