63fd7b9fc301f72db4e06401c3ab500c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

63fd7b9fc301f72db4e06401c3ab500c_JaffaCakes118
Size

192KB
MD5

63fd7b9fc301f72db4e06401c3ab500c
SHA1

e7ec8d61b6ff4fb3b57b0d91f53369564aecb74e
SHA256

eaab3949d9916048dfad98cc7f30456b827922f4dbbdd9ad454bee80b7cfe01e
SHA512

0ab7add3a7573bee31322de49e7eda5f9b945cfdea2deee566e4b80a7ad5ade7c6e3210a8423b9de342fb9d1562631fca35789a1a7758a0e125041ed2c397a78
SSDEEP

3072:vxCX5Ox27jCblJBtZdZCF1oQkRnXywEKJDm9VA6ikShgztEM5HelYyx+eOLLcr0t:i5FuBJBtZdZ1DRjEK0A6zWM5+loexK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63fd7b9fc301f72db4e06401c3ab500c_JaffaCakes118

Files

63fd7b9fc301f72db4e06401c3ab500c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cd205a94186c2d6fdf34eadbffc6dc4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
CryptDestroyHash
CryptDestroyKey
CryptAcquireContextA
RegDeleteValueA
CryptReleaseContext
CryptImportKey
CryptHashData
RegOpenKeyExA
CryptGetHashParam
CryptEncrypt
CryptCreateHash
RegEnumValueA
RegDeleteKeyA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

gdi32

DeleteObject
DeleteDC
GetDeviceCaps
SelectPalette
CreateCompatibleBitmap
CreateDIBSection
CreateCompatibleDC
GetObjectA
RealizePalette
StretchDIBits
CreateFontA
GetStockObject
BitBlt
GetDIBits
CreateDIBitmap
CreateSolidBrush
SetStretchBltMode
ExtEscape
SelectObject
SetBkMode

winmm

timeGetTime
timeSetEvent

shlwapi

PathFileExistsW
PathCombineW

kernel32

Sleep
WriteFile
GetShortPathNameW
GlobalAlloc
ReadFile
GlobalFree
GetFileSize
GetProcessId
CreateFileA
CreateFileW
LocalAlloc
EnumResourceTypesA
WideCharToMultiByte
UnmapViewOfFile
SetFilePointer
DisableThreadLibraryCalls
CreateFileMappingA
GetFileAttributesA
LocalFree
GlobalSize
MapViewOfFile
GetTickCount
CloseHandle

user32

FillRect
GetActiveWindow
RegisterClassExA
GetParent
FindWindowA
IsChild
MoveWindow
PeekMessageA
DispatchMessageA
InvalidateRgn
CreateAcceleratorTableA
UnregisterClassA
SetWindowLongA
SetParent
wsprintfA
CreateDialogParamA
SendNotifyMessageA
MsgWaitForMultipleObjects
RedrawWindow
SetFocus
EndPaint
KillTimer
GetFocus
LoadCursorA
GetClassInfoExA
SetWindowTextA
ShowWindow
GetQueueStatus
ReleaseDC
GetClassNameA
IsWindow
EqualRect
SendMessageA
CreateWindowExA
CharNextA
GetWindow
DefWindowProcA
PostThreadMessageA
RegisterWindowMessageA
wvsprintfA
CallWindowProcA
GetWindowTextLengthA
GetClientRect
GetDC
GetDlgItem
DestroyAcceleratorTable
BeginPaint
EnumDisplayDevicesA
GetWindowRect
SendMessageTimeoutA
PostMessageA
DrawTextA
ReleaseCapture
SetTimer
GetSysColor
GetWindowTextA
SetRect
GetDesktopWindow
InvalidateRect
CopyRect
GetWindowLongA
DestroyWindow
SetCapture
SetWindowPos

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

GetRunningObjectTable
OleUninitialize
CoTaskMemRealloc
CoSetProxyBlanket
StgIsStorageFile
OleInitialize
StgOpenStorage
BindMoniker
CLSIDFromProgID
OleLockRunning
CoTaskMemAlloc
CreateItemMoniker
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoUninitialize
StringFromGUID2
CreateBindCtx
CoTaskMemFree
StgCreateDocfile
CoGetClassObject
CLSIDFromString

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

gdiplus

GdipFree
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipGetImagePixelFormat
GdipCreateBitmapFromFileICM
GdipCloneImage

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd205a94186c2d6fdf34eadbffc6dc4f

Headers

File Characteristics

Imports

advapi32

version

wininet

gdi32

winmm

shlwapi

kernel32

user32

shell32

ole32

setupapi

gdiplus

Sections

.text Size: 104KB - Virtual size: 104KB

.rdata Size: 5KB - Virtual size: 4KB

.bss Size: 80KB - Virtual size: 80KB

.tls Size: 1024B - Virtual size: 108KB

.text
Size: 104KB - Virtual size: 104KB

.rdata
Size: 5KB - Virtual size: 4KB

.bss
Size: 80KB - Virtual size: 80KB

.tls
Size: 1024B - Virtual size: 108KB