81f795175eaadd95ff6633ab6f96845b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

81f795175eaadd95ff6633ab6f96845b_JaffaCakes118
Size

191KB
MD5

81f795175eaadd95ff6633ab6f96845b
SHA1

30aea71570bf56baa8ff840b872d0b9f040e6259
SHA256

eee361546d7b9cd68d9804ae63ac90134adb5df00548066829fee1fcbb1757e3
SHA512

b63941cacd5f4ccb11b697a10faa174d98f113fb952665469810c6b0c290ac0f48054c24aeec989680b5573043570d7c0358cfe8805c672a702138d7603be7cd
SSDEEP

3072:TDQ86PWEWbWGp1Zq26fOAQVP1RRLG4cGxLLaAs2YwtSDtVDT5xvoD4tTBfltxESB:TcFPWRWGp1Z5HdvLXLaARYiSPoctTBuY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81f795175eaadd95ff6633ab6f96845b_JaffaCakes118

Files

81f795175eaadd95ff6633ab6f96845b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

111728189e7701f45f1525bb23d3ce6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
RaiseException
CreateThread
ExitThread
HeapSize
HeapReAlloc
GetACP
GetVersionExA
HeapDestroy
TlsSetValue
IsBadWritePtr
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalAlloc
GlobalReAlloc
GlobalHandle
TlsAlloc
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetFileTime
GetFileAttributesA
GlobalFlags
GlobalFree
lstrcmpA
SuspendThread
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
GlobalLock
GlobalUnlock
SetLastError
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
SetEvent
CreateEventA
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryA
CreateMutexA
GetSystemInfo
VirtualAlloc
VirtualFree
GetCurrentThreadId
CreatePipe
GetStartupInfoA
PeekNamedPipe
LocalAlloc
LocalFree
DisconnectNamedPipe
lstrcmpiW
GetDriveTypeW
FindFirstFileW
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
GetFileSize
ReadFile
CreateFileW
WriteFile
CopyFileW
lstrcmpiA
DeleteFileA
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetComputerNameA
GlobalMemoryStatusEx
CreateFileA
DeviceIoControl
GetCurrentProcessId
GetTickCount
LoadLibraryA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetWindowsDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcpyA
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
ResumeThread
lstrlenA
lstrcpyW
Sleep
FindFirstFileA
FindClose
GetTempPathA
GetSystemDirectoryA
lstrcatA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
CloseHandle
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress
HeapCreate
HeapFree

user32

DestroyMenu
PostQuitMessage
GetSysColorBrush
LoadIconA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
DestroyWindow
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
IsIconic
GetWindowPlacement
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
SetFocus
EnableWindow
IsWindowEnabled
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
UnhookWindowsHookEx
GetFocus
GetParent
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowLongA
GetClassNameA
LoadStringA
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
SetWindowsHookExA
CharUpperA
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowDC
ClientToScreen
IsWindow
SendMessageA
CloseWindow
CreateWindowExA
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
SetThreadDesktop
CloseDesktop
GetCursorPos
GetCursorInfo
DestroyCursor
LoadCursorA
GetDesktopWindow
GetDC
GetSystemMetrics
SetRect
SystemParametersInfoA
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
GetThreadDesktop
PostMessageA
wsprintfA
MessageBoxA
ReleaseDC
GetWindowTextA

gdi32

SetWindowExtEx
GetObjectA
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
ScaleViewportExtEx
GetDeviceCaps
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
GetClipBox
CreateFontIndirectA
SetBkMode
SetBkColor
GetStockObject
RestoreDC
SaveDC
CreateCompatibleBitmap
GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
ScaleWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

SetFileSecurityA
GetSecurityDescriptorControl
CreateServiceA
RegSetValueExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyA
DeleteService
StartServiceA
ControlService
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
OpenSCManagerA
EnumServicesStatusA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
AddAce
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl

shell32

SHGetSpecialFolderPathA
ShellExecuteA

comctl32

ord17

psapi

GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExA

ws2_32

send
WSACleanup
socket
WSAStartup
connect
select
closesocket
inet_addr
gethostbyname
inet_ntoa
sendto
setsockopt
WSASocketA
htonl
WSAIoctl
WSAAsyncSelect
recv
gethostname
htons
shutdown

shlwapi

StrCpyW
StrStrIW
StrCatW
StrStrIA

winmm

timeGetTime

netapi32

NetUserGetLocalGroups
NetApiBufferFree

msvfw32

ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSeqCompressFrame
ICSeqCompressFrameStart
ICSendMessage

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetReadFile

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

111728189e7701f45f1525bb23d3ce6a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

psapi

ws2_32

shlwapi

winmm

netapi32

msvfw32

avicap32

ole32

wininet

Sections

.text Size: 139KB - Virtual size: 138KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 17KB - Virtual size: 30KB

.text
Size: 139KB - Virtual size: 138KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 17KB - Virtual size: 30KB