84ffe8c8e628c9eed6a4e04130a978fa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

84ffe8c8e628c9eed6a4e04130a978fa_JaffaCakes118
Size

20KB
MD5

84ffe8c8e628c9eed6a4e04130a978fa
SHA1

6341e69cf559e29c45cf1ed0afc6dd566eec2f87
SHA256

38331c26840be0d79dc3e90f0f0e38d0d1e8316df6aa16d59f50461782748c6e
SHA512

6dc3e95382617e9086de56e10e618748dbc06794f97401be7d6e6a9443b48a3d6a27e1ca291a275a316f8e8231d80e039d67cc9a8952571e3747f1d332f0634e
SSDEEP

384:bw6NsF4k1eAHiCVufpS6gbdR9gdN7eI5CghLqCggcWLU:/NsF4kXvuuX2NaI5CghLk/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/win32whois.exe

Files

84ffe8c8e628c9eed6a4e04130a978fa_JaffaCakes118
.zip
readme.txt
win32whois.exe
.exe windows:4 windows x86 arch:x86

6bb5f798c0f9bef03198e8f49c129499

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

comctl32

CreateToolbarEx
InitCommonControls

comdlg32

ChooseFontA
GetSaveFileNameA

gdi32

CreateFontIndirectA
DeleteObject
GetDeviceCaps
GetObjectA
GetStockObject
SelectObject
SetBkColor
SetTextColor

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateEventA
CreateFileA
CreateThread
ExitProcess
FormatMessageA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetStartupInfoA
LoadLibraryExA
LocalFree
MulDiv
SetEndOfFile
SetEvent
SetUnhandledExceptionFilter
Sleep
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteFile
WritePrivateProfileSectionA
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

_strnicmp
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_access
_cexit
_iob
_isctype
_onexit
_pctype
_setmode
_strlwr
_vsnprintf
atexit
atoi
atol
calloc
free
malloc
realloc
signal
strchr
strrchr
strstr

shell32

ShellExecuteA

shfolder

SHGetFolderPathA

user32

CallWindowProcA
CheckMenuItem
ChildWindowFromPointEx
ClientToScreen
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableMenuItem
EnableWindow
EndDialog
FindWindowExA
GetClientRect
GetDC
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetMenu
GetMessageA
GetSubMenu
GetSysColor
GetSysColorBrush
GetWindow
GetWindowLongA
GetWindowRect
LoadCursorA
LoadIconA
MessageBoxA
MoveWindow
PostQuitMessage
RegisterClassA
ReleaseDC
SendDlgItemMessageA
SendMessageA
SendMessageTimeoutA
SetCursor
SetDlgItemInt
SetDlgItemTextA
SetFocus
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TrackPopupMenu
TranslateMessage
WinHelpA
wsprintfA

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyaddr
gethostbyname
htons
inet_addr
inet_ntoa
ioctlsocket
recv
select
send
setsockopt
socket

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
װ˵.url
.url

Sharing

General

Malware Config

Signatures

Files

6bb5f798c0f9bef03198e8f49c129499

Headers

File Characteristics

Imports

comctl32

comdlg32

gdi32

kernel32

msvcrt

shell32

shfolder

user32

wsock32

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 192B

.bss Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 192B

.bss
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 5KB