8bbb5f38c5215302a1598af181b9e8d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8bbb5f38c5215302a1598af181b9e8d1_JaffaCakes118
Size

688KB
MD5

8bbb5f38c5215302a1598af181b9e8d1
SHA1

3911496e188a11dfe75d65dc5079e148e8804db0
SHA256

5a1de56947a1727137a0dc31f84496491ece227835a089308176570e9d16ba4f
SHA512

177e93e40e2e9507169af4b07f6f8d06c9869f804dcf9b6e10f0813f97db38f0c930555c455cc3805a28205b50fb19bd59110a41c4688a3de00d36a212fe3ee0
SSDEEP

12288:9zytmBLX8pOazpmaI9aAs2zT5jmIpwZqkKeb9oKGeS9ozE2OlFxboHBzujL8i:9dLXSOazpmalv2z96hfKebQozsjpoHBK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bbb5f38c5215302a1598af181b9e8d1_JaffaCakes118

Files

8bbb5f38c5215302a1598af181b9e8d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

70c1112891499003eceb597964dc653d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
WSACleanup
inet_ntoa
gethostbyname
gethostname
WSAStartup
ntohl

kernel32

GetModuleFileNameA
MultiByteToWideChar
GetProcAddress
lstrlenA
WideCharToMultiByte
GetTickCount
FreeLibrary
LoadLibraryA
CloseHandle
GetLastError
CreateMutexA
GetDiskFreeSpaceExA
GetCurrentDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
CreateFileA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
ReadFile
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
RaiseException
UnhandledExceptionFilter
HeapSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
WriteFile
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
LeaveCriticalSection
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetLocalTime
DeleteFileA
CreateDirectoryA
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
EnterCriticalSection

user32

GetDlgItem
KillTimer
SetDlgItemTextA
PostMessageA
LoadStringA
EndDialog
SetTimer
ShowWindow
SetForegroundWindow
GetClientRect
SetWindowPos
EnableWindow
IsWindow
PeekMessageA
DefWindowProcA
DialogBoxParamA
GetCursorPos
LoadMenuA
GetSubMenu
MessageBoxA
TrackPopupMenu
SetFocus
GetWindowLongA
LoadIconA
GetWindowTextA
SetWindowTextA
SendMessageA

gdi32

SetTextColor

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

Shell_NotifyIconA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA

ole32

CoUninitialize
CoFreeLibrary
CoLoadLibrary

wininet

InternetCanonicalizeUrlA

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70c1112891499003eceb597964dc653d

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

wininet

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 20KB - Virtual size: 24KB

.rsrc Size: 572KB - Virtual size: 571KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 24KB

.rsrc
Size: 572KB - Virtual size: 571KB