88bb206309db7e4fbfbb3079531e288e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

88bb206309db7e4fbfbb3079531e288e_JaffaCakes118
Size

314KB
MD5

88bb206309db7e4fbfbb3079531e288e
SHA1

f4bedb22617ef1b608f912b83d69e7d6e1d5d3ff
SHA256

474c205757ed76d02213653e6c8c15b85136ef9bc7e35e0fbd914df810f54705
SHA512

338ebbbfc7111251b97b2ac8f595f442ba12322a5e4f441727cd26811456727177f6c7866d2ae7c082795bcc85fda4c1e44f7a9c8d5cdaac43760e91c3e8b444
SSDEEP

6144:ZTQbgWe8V04G0mMaFyFhVPuj+AOFdgKeJ7duZZJgEStFh9L:ZM7VC0mNyF32j+owZsJ9L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88bb206309db7e4fbfbb3079531e288e_JaffaCakes118

Files

88bb206309db7e4fbfbb3079531e288e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4aad31aeecbfa484be01b529adedb358

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantInit
VariantClear
VariantChangeType

advapi32

RegEnumKeyA
SetSecurityDescriptorDacl
RegSetValueExA
RegQueryValueExA
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

shlwapi

PathFindFileNameA
SHDeleteKeyA
PathFindExtensionA

kernel32

EnumSystemLocalesA
ExitProcess
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDriveTypeA
GetEnvironmentStringsA
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
EnumResourceLanguagesA
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockResource
MapViewOfFile
MoveFileA
MulDiv
MultiByteToWideChar
OpenEventA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
RemoveDirectoryA
ResetEvent
ResumeThread
RtlUnwind
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
EnterCriticalSection
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringA
lstrcmpA
lstrcmpW
lstrlenA
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateFileW
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
ConvertDefaultLocale
CompareStringW
CompareStringA
CloseHandle
GetUserDefaultLCID
WideCharToMultiByte

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

ws2_32

WSACleanup
WSAGetLastError
WSARecv
WSASend
WSASetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
gethostbyname
gethostname
getsockname
htonl
htons
inet_addr
ioctlsocket
socket
shutdown
setsockopt
sendto
send
select
recvfrom
recv

gdi32

CreateCompatibleDC
CreateBitmap
BitBlt
CreateSolidBrush
TextOutA
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetMapMode
SetBkMode
Escape
ExtTextOutA
GetClipBox
GetDeviceCaps
GetObjectA
GetStockObject
OffsetViewportOrgEx
PtVisible
RectVisible
RestoreDC
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectObject
SetBkColor
DeleteDC
DeleteObject

user32

UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TabbedTextOutA
SystemParametersInfoA
ShowWindow
SetWindowsHookExA
SetWindowTextA
SetWindowPos
UpdateWindow
SetTimer
SetPropA
SetMenuItemBitmaps
SetForegroundWindow
SetFocus
SetCursor
SetActiveWindow
SendMessageW
SendMessageA
SendDlgItemMessageA
RemovePropA
ReleaseDC
ValidateRect
WinHelpA
SetWindowLongA
RegisterWindowMessageA
RegisterClassA
PtInRect
PostQuitMessage
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CheckMenuItem
ClientToScreen
CopyRect
CreateDialogIndirectParamA
CreateWindowExA
DefWindowProcA
DestroyMenu
DestroyWindow
DispatchMessageA
DrawIcon
DrawTextA
DrawTextExA
DrawTextW
EnableMenuItem
EnableWindow
EndDialog
EndPaint
GetActiveWindow
GetCapture
GetClassInfoA
GetClassInfoExA
GetClassLongA
GetClassNameA
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyState
GetLastActivePopup
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMessageA
GetMessagePos
GetMessageTime
GetNextDlgTabItem
GetParent
GetPropA
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
GrayStringA
InflateRect
IsDialogMessageA
IsIconic
IsWindow
IsWindowEnabled
IsWindowVisible
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MapWindowPoints
MessageBoxA
MessageBoxW
ModifyMenuA
MoveWindow
OffsetRect
PeekMessageA
PostMessageA

shell32

Shell_NotifyIconW
Shell_NotifyIconA
ShellExecuteA

Exports

Exports

Win32MiniDumpInit

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aad31aeecbfa484be01b529adedb358

Headers

File Characteristics

Imports

oleaut32

advapi32

version

shlwapi

kernel32

winspool.drv

ws2_32

gdi32

user32

shell32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 76KB - Virtual size: 1.6MB

.idata Size: 12KB - Virtual size: 12KB

.rsrc Size: 20KB - Virtual size: 20KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 76KB - Virtual size: 1.6MB

.idata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 20KB - Virtual size: 20KB