6923456e8ab23bb8dc91f1d9049edeed_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6923456e8ab23bb8dc91f1d9049edeed_JaffaCakes118
Size

438KB
MD5

6923456e8ab23bb8dc91f1d9049edeed
SHA1

b0282a956b89377f07765d2b2eb74b132975ee69
SHA256

8331e12ee8d73d21398f2d3013486398fe244002d15a024a3be740c6a2c481ee
SHA512

aaa4de9743e0b40910c3ec118d1c28f3688a382cf001d159ceed578ed30895e4124796164ac78bfd48826d8b11157152e1eb26d89e5b30ba8dc84fa68c30a93f
SSDEEP

12288:nM255nI71TVaR0GLNCDN3XpeTWnv7zxjIQkYz0q00/:M2kTiJCFZd6QkTq00

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6923456e8ab23bb8dc91f1d9049edeed_JaffaCakes118

Files

6923456e8ab23bb8dc91f1d9049edeed_JaffaCakes118
.exe windows:4 windows x86 arch:x86

049bf2b050fbd29b60efb21427562e0e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

swprintf
wcscpy
_initterm
_adjust_fdiv
memset
wcsncpy
_wcsicmp
_except_handler3
wcscat
malloc
strlen
memmove
wcscmp
memcmp
wcslen
wcschr
memcpy
free

rpcrt4

RpcStringFreeW
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcBindingFree
RpcEpResolveBinding
RpcStringBindingComposeW
NdrClientCall2
RpcBindingSetAuthInfoExW

dnsapi

DnsApiAlloc

comctl32

CreateToolbarEx
ImageList_GetIconSize
CreatePropertySheetPageW
ImageList_Draw
PropertySheetW
FlatSB_EnableScrollBar
ImageList_Destroy

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx

kernel32

WaitForSingleObject
TlsAlloc
FreeResource
EnterCriticalSection
TlsGetValue
GetVolumeInformationW
GetCurrentDirectoryW
GlobalAlloc
DeleteFileW
InitializeCriticalSectionAndSpinCount
GetVersionExA
InterlockedCompareExchange
GetModuleHandleA
lstrcmpiW
GetLocaleInfoW
GetTempFileNameW
TlsFree
FindResourceExW
TerminateProcess
CreateEventW
LockResource
CreateFileW
TlsSetValue
LoadLibraryA
LoadLibraryW
DisableThreadLibraryCalls
MultiByteToWideChar
FindNextFileW
GetProcAddress
LocalSize
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetModuleHandleW
LocalAlloc
GetCurrentProcessId
ExpandEnvironmentStringsW
lstrlenA
DelayLoadFailureHook
lstrlenW
GetFullPathNameW
GetTickCount
lstrcpyW
lstrcpyA
GetProcessVersion
FormatMessageW
InterlockedDecrement
GetShortPathNameW
InterlockedExchange
FreeLibraryAndExitThread
GetSystemDefaultUILanguage
GetCurrentThreadId
CloseHandle
GetACP
GetModuleFileNameW
LeaveCriticalSection
GetLastError
lstrcmpW
FindResourceA
GetFileAttributesW
FindResourceW
LoadResource
LocalReAlloc
GlobalReAlloc
FindFirstFileW
CreateThread
QueryPerformanceCounter
SizeofResource
WideCharToMultiByte
GlobalFree
GlobalUnlock
GetProfileStringW
DeleteCriticalSection
GetCurrentProcess
FindClose
Sleep
GlobalLock
GetDriveTypeW
LocalFree
UnhandledExceptionFilter
InterlockedIncrement
lstrcpynW
SetLastError
SetCurrentDirectoryW
GetUserDefaultLCID
SetErrorMode
FreeLibrary
SetEvent
ResetEvent

ws2_32

WSAStringToAddressA
WSAAddressToStringW
WSAAddressToStringA
WSARecvFrom
getaddrinfo
WSAIoctl
freeaddrinfo
WSALookupServiceBeginW
WSASocketW
WSALookupServiceEnd
WSALookupServiceNextW
getnameinfo
WSASendTo
WSAEventSelect

gdi32

CreateRectRgnIndirect
CreateCompatibleBitmap
MoveToEx
SetViewportExtEx
GetDeviceCaps
CreatePen
CreateDCW
CreateDIBitmap
GetWindowExtEx
GetViewportExtEx
SelectPalette
CreateCompatibleDC
TextOutW
CreateFontIndirectW
ExcludeClipRect
GetTextExtentPointW
CreateDiscardableBitmap
DeleteObject
DeleteDC
SetBkMode
SelectClipRgn
GetCharWidth32W
EnumFontFamiliesExW
SetBkColor
BitBlt
PatBlt
SetTextColor
LineTo
GetTextCharsetInfo
SetMapMode
Rectangle
GetObjectW
GetNearestColor
GetMapMode
TranslateCharsetInfo
CreateFontW
SetWindowExtEx
SelectObject
GetTextMetricsW
GetTextCharset
ExtTextOutW
RealizePalette
CreateSolidBrush
GetStockObject
CreateICW

mswsock

GetAcceptExSockaddrs
AcceptEx

ntdll

_vsnwprintf
RtlUnwind
RtlInitUnicodeStringEx
RtlUnicodeToMultiByteSize
memmove
RtlIsNameLegalDOS8Dot3
NtAllocateVirtualMemory
NtQueryVirtualMemory
_chkstk
RtlAnsiStringToUnicodeString
wcslen
_wcsicmp

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

049bf2b050fbd29b60efb21427562e0e

Headers

File Characteristics

Imports

msvcrt

rpcrt4

dnsapi

comctl32

ole32

kernel32

ws2_32

gdi32

mswsock

ntdll

Sections

.text Size: 5KB - Virtual size: 4KB

.data Size: 30KB - Virtual size: 928KB

.rdata Size: 226KB - Virtual size: 226KB

.rsrc Size: 176KB - Virtual size: 175KB

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 30KB - Virtual size: 928KB

.rdata
Size: 226KB - Virtual size: 226KB

.rsrc
Size: 176KB - Virtual size: 175KB