64a2faf8b217447de6a986c2752e904c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64a2faf8b217447de6a986c2752e904c_JaffaCakes118
Size

284KB
MD5

64a2faf8b217447de6a986c2752e904c
SHA1

f44aed9e303f86877450b1bd46ac6b33222771ca
SHA256

ee08152a691715395ac2c83ba647cfc20fe2b2a711ff9226c4e5d8f802edd0fa
SHA512

0e325c30d4cbfa6cbd90e87cae71bc47c77a74f2a9233ddc0880bcb4f45422914f474c9f73d5a29e8a5e4eac3c767e7c5aef510b9d0b2e12a80932963e73cf21
SSDEEP

6144:+hdyrsYj553I2mAkB5T2RWK4/PATFXAV15vt/oFyeKuAYJ:QdyrR1534BeULogmJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64a2faf8b217447de6a986c2752e904c_JaffaCakes118

Files

64a2faf8b217447de6a986c2752e904c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a1f1090f10fa2aeb8b528e2dc2db17e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
LookupPrivilegeValueW
LookupPrivilegeValueA
RegEnumKeyExW
RegEnumKeyExA
RegQueryValueExW
RegQueryValueExA
RegSetValueExW
RegSetValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegEnumValueW
RegEnumValueA
RegCreateKeyExW
RegCreateKeyExA
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
CloseServiceHandle
QueryServiceStatus
EnumDependentServicesW
ControlService
OpenServiceW
OpenSCManagerW
FreeSid

kernel32

RemoveDirectoryW
RemoveDirectoryA
OpenEventW
OpenEventA
lstrlenA
GetSystemDirectoryW
GetSystemDirectoryA
GetStartupInfoA
GetShortPathNameW
CreateProcessW
CreateProcessA
CreateMutexA
GetShortPathNameA
GetDiskFreeSpaceA
GetWindowsDirectoryW
GetWindowsDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateFileMappingW
CreateFileMappingA
GetVersionExW
WritePrivateProfileStringW
WritePrivateProfileStringA
GetProcAddress
SetFileAttributesW
SetFileAttributesA
IsBadWritePtr
IsBadReadPtr
MoveFileW
MoveFileA
MoveFileExW
MoveFileExA
lstrcpyW
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
LoadLibraryA
GetTempPathW
GetTempPathA
lstrcpynW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetFileAttributesW
GetFileAttributesA
GetCurrentDirectoryW
FindNextFileW
FindNextFileA
FindFirstFileW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
DeleteFileW
DeleteFileA
CreateFileW
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GetVersionExA
SetCurrentDirectoryA
SetCurrentDirectoryW
FreeLibrary
WriteFile
SetFilePointer
GetCurrentProcess
GetFileSize
GetTimeZoneInformation
FileTimeToSystemTime
GetFileTime
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
GetExitCodeProcess
TerminateProcess
WaitForMultipleObjects
GetTickCount
Sleep
InterlockedIncrement
InterlockedDecrement
CreateThread
GetCurrentProcessId
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
WaitForSingleObject
SetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentDirectoryA
FindFirstFileA
FindClose
CreateFileA
ReadFile
GetCommandLineW
GetLastError
SetLastError
ReleaseMutex
CloseHandle
CreateMutexW

user32

SetWindowLongW
SetWindowLongA
SendMessageW
SendMessageA
UnregisterClassW
UnregisterClassA
RegisterClassW
RegisterClassA
PostThreadMessageW
PostThreadMessageA
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
MessageBoxW
MessageBoxA
LoadStringW
LoadStringA
LoadIconW
LoadIconA
FindWindowExA
FindWindowExW
GetWindowTextW
GetWindowTextA
PostQuitMessage
MsgWaitForMultipleObjects
CharNextA
wsprintfA
ExitWindowsEx
wvsprintfA
SetTimer
KillTimer
IsWindow
SetForegroundWindow
ShowWindow
InvalidateRect
EnableWindow
SetWindowTextA
GetParent
GetWindowRect
GetSystemMetrics
SetWindowPos
GetDlgItem
GetDesktopWindow
TranslateMessage
DestroyWindow
RegisterWindowMessageA
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DispatchMessageA
DispatchMessageW
FindWindowA
FindWindowW
GetClassInfoA
GetClassLongA
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

comctl32

PropertySheetW
PropertySheetA
InitCommonControlsEx

shell32

SHGetPathFromIDListA
ShellExecuteA
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHChangeNotify

wininet

InternetCrackUrlA
InternetCrackUrlW

setupapi

SetupFindNextLine
SetupGetBinaryField
SetupIterateCabinetA
SetupCloseInfFile

wintrust

WinVerifyTrust

wsock32

WSAStartup
WSACleanup
WSAAsyncGetHostByName
WSACancelAsyncRequest
closesocket
getsockopt
__WSAFDIsSet
select
WSAGetLastError
connect
htons
inet_ntoa
socket
ioctlsocket

urlmon

ObtainUserAgentString
UrlMkSetSessionOption

msvcrt

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_strlwr
strpbrk
_purecall
iswalnum
_wcsupr
wcstok
_wcslwr
calloc
_except_handler3
strrchr
_EH_prolog
__CxxFrameHandler
strncpy
time
malloc
_itow
free
wcscmp
strchr
_wtol
_wcsnicmp
_wcsicmp
wcschr
_wtoi
swscanf
strstr
_stricmp
sprintf
_ftol
ceil
wcsrchr
memmove
_beginthreadex
wcsncpy
_endthread
wcscat
wcsncat
wcscpy
swprintf
??2@YAPAXI@Z
wcsstr
??3@YAXPAX@Z
wcslen

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.3rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1f1090f10fa2aeb8b528e2dc2db17e8

Headers

File Characteristics

Imports

advapi32

kernel32

user32

ole32

comctl32

shell32

wininet

setupapi

wintrust

wsock32

urlmon

msvcrt

oleaut32

version

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 44KB - Virtual size: 46KB

.rsrc Size: 44KB - Virtual size: 44KB

.3rdata Size: 68KB - Virtual size: 68KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 44KB - Virtual size: 46KB

.rsrc
Size: 44KB - Virtual size: 44KB

.3rdata
Size: 68KB - Virtual size: 68KB