67cc43a3e66b394d2c6f85420cae6233_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

67cc43a3e66b394d2c6f85420cae6233_JaffaCakes118
Size

1.6MB
MD5

67cc43a3e66b394d2c6f85420cae6233
SHA1

65c91fca8e084318c99b72012b233a2db3c514ac
SHA256

15cd543c4ee218ee572af71b72539d292c1b227a351e6d42e927a305638f8024
SHA512

860d30ab72fb6ecf83f6ca058a630ae62634146fa79d1300c48100ccee3ddf26b90a1987a793ba266cb280b27d704554ab33b76fbd6aa91aaf0c4e00b9e1bbac
SSDEEP

24576:hbkzdTjAeh+3JTVUvq6IIuc6DBovhZTXcjlGPIq:69+3JTVEwceBQTtgq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67cc43a3e66b394d2c6f85420cae6233_JaffaCakes118

Files

67cc43a3e66b394d2c6f85420cae6233_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ba270020ce095d511f8ff8ed97807c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sogoupy_R_4_2\Bin\SogouInput\UserPage.pdb

Imports

imm32

ImmSetConversionStatus
ImmDisableIME
ImmGetContext

kernel32

GetLastError
CreateEventW
CreateThread
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
CloseHandle
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
GetModuleHandleW
EnterCriticalSection
Module32FirstW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetTickCount
GlobalFree
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalAlloc
DebugBreak
WideCharToMultiByte
CreateFileA
MapViewOfFile
UnmapViewOfFile
FormatMessageW
WaitForMultipleObjects
SetFilePointer
CreateFileW
ExitThread
DuplicateHandle
CreateProcessW
GetCurrentProcess
LocalFree
SetLastError
WriteFile
LoadLibraryW
GetProcAddress
FreeLibrary
MoveFileExW
CreateDirectoryW
WaitForSingleObject
DeleteFileW
SetFileAttributesW
CopyFileW
FileTimeToSystemTime
FindFirstFileW
FindNextFileW
FindClose
LocalAlloc
CreateFileMappingW
OpenFileMappingW
Process32FirstW
GetCommandLineW
Process32NextW
CreateToolhelp32Snapshot
GetTempPathW
GetCurrentProcessId
Sleep
OpenEventW
InterlockedIncrement
InterlockedCompareExchange
RemoveDirectoryW
GetSystemDirectoryW
ReleaseMutex
CreateMutexW
OpenMutexW
GetFileSize
ReadFile
FlushFileBuffers
LCMapStringW
QueryPerformanceFrequency
QueryPerformanceCounter
HeapReAlloc
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedDecrement
ResumeThread
GetSystemTimeAsFileTime
GetVersionExA
GetProcessHeap
GetStartupInfoW
RtlUnwind
FileTimeToLocalFileTime
GetDriveTypeA
RaiseException
GetDriveTypeW
GetModuleHandleA
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentDirectoryA
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
LCMapStringA
GetFullPathNameW
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoA
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
Module32NextW

user32

BeginPaint
FillRect
DefWindowProcW
IsWindowVisible
EndPaint
RegisterClassExW
CreateWindowExW
InflateRect
SetClassLongW
GetCursor
DestroyWindow
SetRect
SubtractRect
GetMonitorInfoW
MonitorFromPoint
PtInRect
SetWindowRgn
KillTimer
GetSystemMetrics
SetWindowLongW
TrackMouseEvent
GetParent
CallWindowProcW
LoadImageW
SetCursorPos
CreateDialogParamW
CheckDlgButton
DialogBoxParamW
LoadStringW
ReleaseCapture
OffsetRect
GetCursorPos
SetCapture
SendMessageW
GetClassNameW
MoveWindow
GetDlgCtrlID
RedrawWindow
ShowWindow
GetDlgItem
GetWindowLongW
GetDesktopWindow
GetWindowRect
UpdateLayeredWindow
GetKeyboardLayoutList
ActivateKeyboardLayout
LoadBitmapW
GetDlgItemTextW
IsIconic
SetForegroundWindow
LoadCursorW
SetCursor
IsWindowEnabled
EnableWindow
SetTimer
InvalidateRect
IsDlgButtonChecked
FindWindowW
EndDialog
PostMessageW
SetFocus
MessageBoxW
DrawTextW
ReleaseDC
SetWindowPos
IntersectRect
GetDC
SetDlgItemTextW
GetWindowTextW
SetWindowTextW

gdi32

BitBlt
GetObjectW
GetTextExtentPoint32W
GetPixel
MoveToEx
LineTo
CreateCompatibleBitmap
DeleteObject
SetBkColor
CreateFontIndirectW
CreatePen
Rectangle
GetDeviceCaps
ExtCreateRegion
CombineRgn
OffsetRgn
GetCharABCWidthsFloatW
CreateDIBSection
GetTextMetricsW
SelectClipRgn
StretchBlt
SetTextColor
SetBkMode
GetStockObject
CreateSolidBrush
DeleteDC
CreateCompatibleDC
SelectObject

comctl32

InitCommonControlsEx

msimg32

TransparentBlt
GradientFill
AlphaBlend

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetCanonicalizeUrlW
InternetReadFile
InternetConnectW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetOpenW
InternetCloseHandle
InternetSetOptionW

advapi32

RegCloseKey
RegOpenKeyExW
SetSecurityInfo
SetEntriesInAclW
GetSidLengthRequired
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
LookupAccountSidW
GetTokenInformation
RegQueryValueW
RegCreateKeyExW
RegQueryValueExW

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW

Sections

.text
Size: 683KB - Virtual size: 683KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 690KB - Virtual size: 689KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ba270020ce095d511f8ff8ed97807c4

Headers

File Characteristics

PDB Paths

Imports

imm32

kernel32

user32

gdi32

comctl32

msimg32

version

wininet

advapi32

shell32

Sections

.text Size: 683KB - Virtual size: 683KB

.rdata Size: 257KB - Virtual size: 256KB

.data Size: 16KB - Virtual size: 41KB

.rsrc Size: 690KB - Virtual size: 689KB

.text Size: 10KB - Virtual size: 9KB

.text
Size: 683KB - Virtual size: 683KB

.rdata
Size: 257KB - Virtual size: 256KB

.data
Size: 16KB - Virtual size: 41KB

.rsrc
Size: 690KB - Virtual size: 689KB

.text
Size: 10KB - Virtual size: 9KB