699d6adc9fc5633c5a4bd4ee57c9bd44_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

699d6adc9fc5633c5a4bd4ee57c9bd44_JaffaCakes118
Size

138KB
MD5

699d6adc9fc5633c5a4bd4ee57c9bd44
SHA1

16431b54f8f75c9f141f19eabfafdfd69cbd82ce
SHA256

f382b70cf4ac0e120171b6ff5729246687c96cb447ff375dd941a2818e379c82
SHA512

5dc081eb10ed9970ec290064dde44e601edbed920a9d2d654a7d7c0f555fbb8f548bafde58300cd757ea9718c1b9b8c73ff603302408677fc611ad755a39c113
SSDEEP

3072:wagcylOWZyT8cpqIwsXkhMjPuwe3YlAxdin:wW0ZyT8ck4kKLuwecAdu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
699d6adc9fc5633c5a4bd4ee57c9bd44_JaffaCakes118

Files

699d6adc9fc5633c5a4bd4ee57c9bd44_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ae176eb1be869bbbdf537dec60631796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
CreateFileW
WriteFile
CloseHandle
WideCharToMultiByte
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointer
lstrlenA
CreateProcessW
Sleep
GetComputerNameW
LockResource
FindResourceExW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
LoadLibraryW
GetCurrentProcess
SizeofResource
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
SetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
MultiByteToWideChar
GetLastError
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange

user32

GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
CharNextW
SetTimer
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
SetWindowPos
GetSysColor
GetClassNameW
IsWindow
SendMessageW
GetDlgItem
EndDialog
PostQuitMessage
FindWindowExW
UnregisterClassA
KillTimer
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
ShowWindow
CreateDialogParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush

advapi32

RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleUninitialize
CoUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2

oleaut32

VariantChangeType
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
InternetOpenW

netapi32

Netbios

ws2_32

closesocket
recv
send
connect
WSACleanup
gethostbyname
socket
WSAStartup
htons

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae176eb1be869bbbdf537dec60631796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

netapi32

ws2_32

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 232B

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 232B