6fc56732d1ae0abdfa650defcfb383dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6fc56732d1ae0abdfa650defcfb383dc_JaffaCakes118
Size

576KB
MD5

6fc56732d1ae0abdfa650defcfb383dc
SHA1

a4fb4eaace0ec28f5e87789f2ff4b11e89d6b1fb
SHA256

2a8c0713e99782d332a7aa67e7d756d59a365e2ff04b9a56debb6a2715c1e71d
SHA512

bd731d20ac1a1381d87f28dac9bd353fc45929bbb92fc4a94faf2bf352706eb9fa938c50fb365a2e38313a85136925017bb5d2f6db2d2f28e04df0273d9d5fbc
SSDEEP

12288:+s0dqXkLAqT2e9LqGesk8s7vXVRwxBg0nn6Dq+aF+rghPi:FmqXo/2e9LZeskXBRwrgmiaF+rZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fc56732d1ae0abdfa650defcfb383dc_JaffaCakes118

Files

6fc56732d1ae0abdfa650defcfb383dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3145749ab4a057573f67ce90482cb4ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\tney\erxviacwoh\tmgiyo\puz

Imports

wininet

InternetCrackUrlW

kernel32

GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
EnumResourceNamesW
SetConsoleWindowInfo
GetCurrencyFormatW
HeapFree
LeaveCriticalSection
GetStdHandle
GetModuleFileNameW
GetCommandLineW
IsValidCodePage
GetStartupInfoA
InterlockedIncrement
GetTimeZoneInformation
SetFilePointer
GlobalDeleteAtom
OpenMutexA
CreateMutexA
GetPrivateProfileStringA
GetLogicalDriveStringsA
SetThreadContext
SetEnvironmentVariableA
FreeEnvironmentStringsW
HeapReAlloc
lstrlen
GetConsoleMode
SetUnhandledExceptionFilter
TlsSetValue
WriteFile
LockFile
RemoveDirectoryA
CommConfigDialogA
TlsGetValue
CreateProcessW
GetCommandLineA
OpenFile
GetVolumeInformationW
CloseHandle
FindResourceExA
HeapCreate
FindFirstFileExW
GetACP
LoadLibraryA
GetProcAddress
GetCurrentProcessId
GetCPInfo
GetTickCount
GetOEMCP
GetDateFormatA
VirtualQuery
EnterCriticalSection
FlushViewOfFile
SetHandleCount
VirtualLock
GetConsoleCP
HeapDestroy
HeapAlloc
GetTimeFormatW
SetConsoleTitleA
GetDriveTypeA
FreeLibrary
WriteConsoleOutputCharacterW
DeleteAtom
CompareStringW
FlushFileBuffers
CreateFileA
GetEnvironmentStrings
GetLocaleInfoA
CreateNamedPipeW
WriteConsoleW
GetStringTypeA
SetThreadPriority
DebugActiveProcess
lstrcpyA
GetUserDefaultLCID
ExitProcess
QueryPerformanceCounter
CreatePipe
InterlockedExchange
UnhandledExceptionFilter
GetCalendarInfoW
TerminateProcess
GetFileType
SetLastError
VirtualAlloc
LocalSize
HeapLock
GetConsoleOutputCP
Sleep
GetTempPathW
ReadFile
InitializeCriticalSection
TlsAlloc
CompareStringA
SetCurrentDirectoryW
OpenFileMappingW
EnumSystemLocalesA
SystemTimeToTzSpecificLocalTime
GetLocaleInfoW
GetVersionExA
GetConsoleTitleA
EnumDateFormatsExA
SetConsoleCtrlHandler
FindFirstFileW
GetThreadPriorityBoost
GetPrivateProfileIntA
FreeEnvironmentStringsA
FoldStringW
GetLastError
SetEnvironmentVariableW
GetStartupInfoW
GetStringTypeW
IsDebuggerPresent
GetSystemTimeAsFileTime
VirtualUnlock
DeleteFiber
DeleteCriticalSection
LCMapStringA
GetCurrentThreadId
GetComputerNameA
LocalReAlloc
IsBadWritePtr
LCMapStringW
VirtualFree
GetModuleFileNameA
GlobalFree
OpenProcess
GetTempFileNameA
GetCurrentProcess
GetPrivateProfileSectionW
lstrcpyn
EnumTimeFormatsA
TlsFree
RemoveDirectoryW
RtlUnwind
GetProcessHeap
GetTimeFormatA
GetCurrentThread
HeapSize
GetPrivateProfileStringW
IsValidLocale
GetEnvironmentStringsW
SetFileTime
SetConsoleMode
InterlockedDecrement
WriteConsoleA
SuspendThread
SetStdHandle
SetEndOfFile

comctl32

_TrackMouseEvent
ImageList_DragLeave
ImageList_Copy
CreateStatusWindow
InitCommonControlsEx
DestroyPropertySheetPage

advapi32

RegCreateKeyExA
RegQueryInfoKeyA
CryptContextAddRef
CryptEncrypt
RegRestoreKeyW
LookupAccountNameW

user32

DrawIcon
MessageBoxW
DdeAccessData
SetClassWord
GetIconInfo
RegisterClassExA
CharLowerBuffA
ShowWindow
ToAsciiEx
GetFocus
DefWindowProcW
SetWindowsHookExW
SetCursor
FindWindowExA
DestroyWindow
LoadMenuIndirectA
WindowFromPoint
GetWindowDC
ChildWindowFromPoint
PostMessageW
RegisterClassA
GetMessageTime
DialogBoxParamA
LoadCursorFromFileW
LoadIconA
WaitForInputIdle
DrawTextW
TranslateMDISysAccel
TabbedTextOutW
DlgDirSelectExA
CreateWindowExA
GetWindowLongW
DdeQueryConvInfo

shell32

ExtractIconExW
CheckEscapesW
SHChangeNotify
FreeIconList

gdi32

SelectObject
DeleteEnhMetaFile
GetRandomRgn
GdiPlayJournal
LPtoDP
EnumObjects
GetTextFaceW
GetKerningPairsW
PolylineTo
CreatePolygonRgn
GetSystemPaletteUse
CreateDCW
AngleArc
GetTextCharset
ResetDCA
CreateSolidBrush
CreatePolyPolygonRgn
GdiFlush
BitBlt
GetTextCharsetInfo
CreateDIBSection
WidenPath
GetDeviceCaps
GetObjectW
GetCharacterPlacementW
GetOutlineTextMetricsW
SetPolyFillMode
CreateFontIndirectW
GetSystemPaletteEntries
DeleteDC

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3145749ab4a057573f67ce90482cb4ef

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

comctl32

advapi32

user32

shell32

gdi32

Sections

.text Size: 196KB - Virtual size: 193KB

.rdata Size: 252KB - Virtual size: 250KB

.data Size: 112KB - Virtual size: 135KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 196KB - Virtual size: 193KB

.rdata
Size: 252KB - Virtual size: 250KB

.data
Size: 112KB - Virtual size: 135KB

.rsrc
Size: 12KB - Virtual size: 8KB