8e1d630e9c98fe08367a638c66fdf426_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8e1d630e9c98fe08367a638c66fdf426_JaffaCakes118
Size

537KB
MD5

8e1d630e9c98fe08367a638c66fdf426
SHA1

7c71ba080d1e8fa06a2cd010caf9da6c2b289e02
SHA256

d7f0f7b66e60036edc633dfe2131889e5f6b28cb3de8714ae85c3298bf19460c
SHA512

41b36ac0b426de541793d6aa8495bc47e73e48b1c9a377ee2cfbe81b49bb9c6ade1cbb46d6a0a7c909b85c6e2a67956d8eecb9a97606957d02e1f40be06388b9
SSDEEP

12288:uRGSULCdUkqC9iABXAVjJYiOuYAFWr8WHvOlkt5KlkTstqIva+4EDFQ:OGWAdJYiOutFWr8EvOlkt5TTkxvb4CQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e1d630e9c98fe08367a638c66fdf426_JaffaCakes118

Files

8e1d630e9c98fe08367a638c66fdf426_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7599e826d68416a01363d2f6cbb4824b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\InstallToolBox3.8.1\src\bin.iru\Reporter.pdb

Imports

wininet

InternetOpenW
InternetConnectW
InternetCloseHandle
HttpAddRequestHeadersW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpOpenRequestW
HttpSendRequestW
InternetQueryOptionW
InternetSetOptionW
InternetReadFile

kernel32

HeapCreate
HeapDestroy
FreeLibrary
LoadLibraryW
GetModuleFileNameW
lstrlenA
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
FindResourceA
GetVersionExA
CreateFileA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindFirstFileA
DeleteFileA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
CreateDirectoryA
GetFileAttributesA
GetExitCodeThread
FormatMessageW
WaitForSingleObject
LocalFree
lstrcmpiW
lstrcpyW
SetStdHandle
GetCurrentThreadId
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
GetCPInfo
GetOEMCP
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsBadWritePtr
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
LCMapStringW
LCMapStringA
GetModuleFileNameA
VirtualQuery
VirtualProtect
GetStartupInfoW
GetModuleHandleA
CreateThread
ExitThread
ExitProcess
RtlUnwind
WaitForMultipleObjects
SetEndOfFile
FlushFileBuffers
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
CompareStringW
HeapAlloc
HeapFree
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesW
CreateDirectoryW
MoveFileW
GetFileSize
WriteFile
ReadFile
CreateFileW
MultiByteToWideChar
CloseHandle
lstrlenW
WideCharToMultiByte
GetLastError
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetSystemInfo
InterlockedExchangeAdd
LoadLibraryExW
GetTickCount
GetProcAddress
InterlockedDecrement
InterlockedIncrement
OutputDebugStringW
SetFilePointer
TerminateProcess
GetSystemDirectoryW
GetStringTypeW
SetUnhandledExceptionFilter
GetModuleHandleW
VirtualAlloc
VirtualFree
lstrcatW
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentProcessId
GetLocalTime

user32

OffsetRect
SystemParametersInfoW
IsWindow
CharNextW
GetSysColorBrush
GetMouseMovePointsEx
GetForegroundWindow
ShowWindow
GetActiveWindow
MessageBoxW
GetWindow
MapWindowPoints
DestroyWindow
GetSystemMenu
EnableMenuItem
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
EndPaint
BeginPaint
GetDlgCtrlID
SetCursor
InvalidateRect
PtInRect
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetCursorPos
UpdateWindow
GetClassNameW
LoadCursorW
CallWindowProcW
SetRectEmpty
SetWindowLongW
ReleaseDC
GetDC
DefWindowProcW
FillRect
DrawTextW
PostMessageW
GetDlgItem
GetParent
ScreenToClient
GetClientRect
GetWindowRect
SetWindowPos
SendMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowLongW
DispatchMessageW
GetMessageA
IsWindowUnicode
DispatchMessageA
TranslateMessage
GetMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
CreateWindowExW
UnregisterClassW

gdi32

CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
GetTextMetricsW
SetBkMode
SetTextColor
GetStockObject
DeleteDC
SelectObject
GetObjectW
DeleteObject
CreateFontIndirectW

advapi32

RegEnumValueW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW

shlwapi

PathAppendW
PathRenameExtensionW
PathCombineW
PathAppendA
PathAddBackslashW

comctl32

PropertySheetW
CreatePropertySheetPageW
DestroyPropertySheetPage
_TrackMouseEvent

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7599e826d68416a01363d2f6cbb4824b

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 316KB - Virtual size: 315KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 24KB - Virtual size: 30KB

.data1 Size: 4KB - Virtual size: 224B

.rsrc Size: 24KB - Virtual size: 23KB

.rrdata Size: 76KB - Virtual size: 76KB

.text
Size: 316KB - Virtual size: 315KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 24KB - Virtual size: 30KB

.data1
Size: 4KB - Virtual size: 224B

.rsrc
Size: 24KB - Virtual size: 23KB

.rrdata
Size: 76KB - Virtual size: 76KB