62e8b2015536ea2e2a7dd722612a0ed6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

62e8b2015536ea2e2a7dd722612a0ed6_JaffaCakes118
Size

768KB
MD5

62e8b2015536ea2e2a7dd722612a0ed6
SHA1

58e9aeb9868e6990e2ad558078ec797563abc190
SHA256

b20893c872b7b5210051b16626068e0199e40448fbb0de81fc72d5e35bf43834
SHA512

7905ca7a3bee31efda393a35440115559013f93cd26afa57860db32c3f904ce0989dc803628ac173baf347b1beb4f71ea5109d6847e79f0dbc675533a5c32ee5
SSDEEP

24576:tk0VAXEExsUC35CLYSxAgHenUO3bI33RGAgU7o:HV5puYSqvnpnU7o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62e8b2015536ea2e2a7dd722612a0ed6_JaffaCakes118

Files

62e8b2015536ea2e2a7dd722612a0ed6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdb3d6e1efb05a6441ab847f4f46811c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetCurrentThreadId
OpenProcess
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentProcessId
GetDiskFreeSpaceA
GlobalFindAtomA
SetEvent
CreateEventA
GetPrivateProfileIntA
HeapFree
HeapAlloc
DeleteFileA
GetFileSize
OpenEventA
GetLocalTime
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetFullPathNameA
LocalFree
TerminateProcess
GetExitCodeProcess
WaitForMultipleObjects
GetModuleFileNameA
ResetEvent
LoadResource
FindResourceA
FindFirstFileA
FindClose
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
FileTimeToDosDateTime
SetCurrentDirectoryA
GetCurrentDirectoryA
LockResource
ReleaseMutex
CreateFileMappingA
MapViewOfFile
CreateMutexA
UnmapViewOfFile
GetWindowsDirectoryA
GetTempFileNameA
CreateFileA
WaitForSingleObject
SystemTimeToFileTime
SetFileTime
CloseHandle
CopyFileA
GetLastError
Sleep
GetSystemTime
WriteFile
GetTempPathA
CreateDirectoryA
lstrcatA
LoadLibraryA
GetProcAddress
lstrcpyA
FreeLibrary
SetLastError
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
GetTickCount
CreateProcessA
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemDirectoryA
GetProcessHeap
SetThreadPriority
GetShortPathNameA
GetACP
GetCPInfo
TlsAlloc
FatalAppExitA
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
MoveFileA
GetPrivateProfileStringA
GetVersionExA
FlushFileBuffers
ExitProcess
GetStartupInfoA
GetFileType
SetEndOfFile
LocalFileTimeToFileTime
HeapSize
HeapReAlloc
RtlUnwind
GetDriveTypeA
ExitThread
TlsGetValue
TlsSetValue
CreateThread
VirtualAlloc
InterlockedIncrement
InterlockedDecrement
GetTimeZoneInformation
VirtualFree
GetSystemInfo
InterlockedExchange
GetVersion
GetComputerNameA
GetOEMCP
GetCommandLineA
TlsFree
RaiseException
GetFileAttributesA
GetLocaleInfoW
SetConsoleCtrlHandler
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
UnhandledExceptionFilter
GetCurrentThread
lstrcpynA
DeviceIoControl
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
SetFilePointer
SetStdHandle
GetStdHandle
SetHandleCount
ReadFile
LCMapStringW
LCMapStringA

user32

InvalidateRect
UpdateWindow
GetClientRect
ReleaseDC
GetParent
GetDC
SetWindowLongA
GetWindowLongA
CopyIcon
LoadCursorA
GetWindowTextLengthA
GetSysColor
ScreenToClient
GetWindowTextA
GetMessagePos
SetCursor
CallWindowProcA
KillTimer
SetTimer
wsprintfA
UnregisterClassA
DestroyWindow
CreateWindowExA
RegisterClassA
PostMessageA
GetCursorPos
GetWindowThreadProcessId
EnumWindows
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxA
ShowWindow
PostQuitMessage
BeginPaint
SendMessageA
DefWindowProcA
FindWindowA
EndPaint
DrawTextA
GetSysColorBrush

gdi32

SelectObject
SetBkMode
Rectangle
GetStockObject
ExcludeClipRect
SetTextColor
CreatePen
CreateFontIndirectA
GetObjectA
TextOutA
SetBkColor
IntersectClipRect
DeleteObject
GetTextMetricsA

advapi32

RegOpenKeyExA
RegSetValueExA
RegOpenKeyW
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegEnumKeyA
RegOpenKeyA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
EqualSid
GetTokenInformation
RegDeleteValueW
OpenProcessToken
CopySid
GetLengthSid
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountSidA
RevertToSelf
ImpersonateLoggedOnUser
RegCreateKeyA
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueA

shell32

ShellExecuteExA
ShellExecuteA

ole32

CoTaskMemFree
StringFromGUID2

wsock32

gethostbyname
getsockname
accept
__WSAFDIsSet
recv
WSAAsyncGetHostByName
recvfrom
gethostname
select
WSAAsyncSelect
inet_addr
listen
send
WSACleanup
WSAStartup
closesocket
socket
WSAGetLastError
htons
ntohs
sendto
ntohl
htonl
inet_ntoa
connect
ioctlsocket
bind
setsockopt

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

icmp

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

Sections

.text
Size: 524KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdb3d6e1efb05a6441ab847f4f46811c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

wsock32

version

icmp

Sections

.text Size: 524KB - Virtual size: 520KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 100KB - Virtual size: 397KB

.rsrc Size: 108KB - Virtual size: 106KB

.text
Size: 524KB - Virtual size: 520KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 100KB - Virtual size: 397KB

.rsrc
Size: 108KB - Virtual size: 106KB