885bf82a99ebdeae323353469aa49902_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

885bf82a99ebdeae323353469aa49902_JaffaCakes118
Size

1.9MB
MD5

885bf82a99ebdeae323353469aa49902
SHA1

d91c9459ae17cbf2629c8899d8e69c1e0e94a0bd
SHA256

33ad2a101b842c1d92fdb8a5bdb6061730e71a3c27bd183b95b04dd6f32e2eb0
SHA512

6b4ead864247378fa550f28844903dc847e82f913e521c13a5dfd94c7c704412fbacae9f5855f43e2c26f086591436ce4585159d5aa9cfc074e0f0b5387a603b
SSDEEP

6144:CBWF/VY72zZIx49BwGCdKxZYALqoNBd0i260MajEEpq21C5iRStK344AwmAeCbD:v/VYN4jAdK3nh5pLcraV4AwmAeC3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
885bf82a99ebdeae323353469aa49902_JaffaCakes118

Files

885bf82a99ebdeae323353469aa49902_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4278d783cc078730e5df599a69684562

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\av2009\scaner\scaner\seccenter\seccenter\release\SecCenter.pdb

Imports

kernel32

WaitForSingleObject
GetProcessHeap
InitializeCriticalSection
FindResourceExA
WideCharToMultiByte
SizeofResource
LeaveCriticalSection
IsDBCSLeadByte
lstrcatA
MultiByteToWideChar
lstrlenW
FlushInstructionCache
RaiseException
InterlockedExchange
GetLastError
SetLastError
lstrcmpiA
EnterCriticalSection
OpenMutexA
LockResource
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
CreateMutexA
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
CreateFileA
TlsAlloc
TlsGetValue
GetOEMCP
HeapFree
LCMapStringA
RtlUnwind
GetCPInfo
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualProtect
Sleep
HeapSize
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
TlsFree
HeapCreate
ExitProcess
WriteFile
TlsSetValue
GetStdHandle
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
HeapAlloc
LoadResource
FreeLibrary
lstrlenA
FindResourceA
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
LCMapStringW
GetSystemTimeAsFileTime
GetUserDefaultLCID
IsValidCodePage
IsValidLocale
EnumSystemLocalesA

user32

UnregisterClassA
DrawTextA
PtInRect
GetDlgCtrlID
EndPaint
DestroyWindow
GetMessageA
SetTimer
GetWindowRect
RegisterClassExA
PostQuitMessage
GetClassInfoExA
KillTimer
GetParent
LoadIconA
CharNextA
GetClientRect
SendMessageA
BeginPaint
GetDC
TranslateMessage
DrawStateA
SetWindowLongA
InvalidateRect
GetWindowLongA
CreateWindowExA
PeekMessageA
SetClassLongA
DefWindowProcA
RedrawWindow
SetWindowPos
GetCursorPos
ShowWindow
PostMessageA
DispatchMessageA
SystemParametersInfoA
GetSystemMetrics
LoadImageA
MapWindowPoints
CallWindowProcA
FindWindowA
LoadCursorA
DestroyIcon
GetWindow
LoadBitmapA

gdi32

LineTo
SetTextColor
SetBkMode
SelectObject
CreatePen
CreateSolidBrush
DeleteDC
CreateFontA
DeleteObject
MoveToEx
Rectangle

advapi32

RegCloseKey
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA

shell32

ShellExecuteA
SHGetFolderPathA
Shell_NotifyIconA

ole32

CoUninitialize
CoTaskMemRealloc
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr

comctl32

ord17

ws2_32

freeaddrinfo
WSACreateEvent
WSAGetOverlappedResult
WSAResetEvent
WSASocketA
WSACleanup
WSAEventSelect
WSAEnumNetworkEvents
WSAConnect
WSAGetLastError
WSASend
WSARecv
getaddrinfo
WSAStartup
WSASetEvent
WSACloseEvent
closesocket

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4278d783cc078730e5df599a69684562

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB