94e541862240fb64316d801c4d1a3fbe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

94e541862240fb64316d801c4d1a3fbe_JaffaCakes118
Size

184KB
MD5

94e541862240fb64316d801c4d1a3fbe
SHA1

3dc6392245e585ec416d309e487876437e24b8c2
SHA256

4f94f9712d5a0db1cd302d73c67a19d7aa0cfc022e1922b86af3750651653f5e
SHA512

e093cc33e491350ac738137cce0a44a0dddecebd9719fc54476ad842f4d67134851146631ccf6077842dfe797ba940713fb43c45e055281d3de881e0c58e4231
SSDEEP

3072:LxtaM/zfQczgLt+2+NvQGJIhr2/BA0fm84wUzU7JgxybJ+lslqZW:LmZcULad8r2/B/VU46IFl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94e541862240fb64316d801c4d1a3fbe_JaffaCakes118

Files

94e541862240fb64316d801c4d1a3fbe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f99a7ce65db6f3030f519ac2ef041fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
MoveFileA
MoveFileExA
GetVersionExA
SetEndOfFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateThread
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
GetLastError
HeapFree
HeapAlloc
CreateProcessA
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GetLocaleInfoW
LoadLibraryA
GlobalFree
GetACP
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
FlushFileBuffers
IsBadWritePtr
WaitForMultipleObjects
Sleep
WaitForSingleObject
CreateEventA
ResumeThread
SetEvent
DeleteCriticalSection
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetModuleFileNameA
UnhandledExceptionFilter
InitializeCriticalSection
GetEnvironmentVariableA
InterlockedDecrement
FindFirstFileA
FindClose
CreateFileA
GetFileSize
CloseHandle
GetSystemTime
HeapSize
TerminateProcess
ReadFile
WriteFile
GetProcAddress
TlsGetValue
SetLastError
TlsAlloc
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
HeapReAlloc
ExitProcess
GetVersion
GetStartupInfoA
GetModuleHandleA
RaiseException
ExitThread
TlsSetValue
RtlUnwind
InterlockedExchange
LocalFree
WideCharToMultiByte
MultiByteToWideChar
lstrlenA

user32

GetWindowRect
SetTimer
IsWindow
SetForegroundWindow
SetWindowPos
GetForegroundWindow
MessageBoxA
DestroyIcon
SendMessageA
GetDesktopWindow
DispatchMessageA
PeekMessageA
LoadStringA
wsprintfA
PostThreadMessageA
CharNextA
GetMessageA
PostMessageA
SetWindowTextA
SetWindowLongA
LoadIconA
CallWindowProcA
DefWindowProcA
KillTimer
DestroyWindow
GetWindowLongA
DestroyMenu
TrackPopupMenuEx
GetSubMenu
LoadMenuA
CreateWindowExA

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoDisconnectObject
CoCreateFreeThreadedMarshaler

oleaut32

VariantClear
SysStringLen
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SystemTimeToVariantTime
SysAllocString

wininet

InternetConnectA
InternetOpenA
InternetCloseHandle
InternetGetConnectedState
InternetReadFile
InternetOpenUrlA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathAddBackslashA

ziparchive

?SetLength@CZipMemFile@@UAEXK@Z
??0CZipArchive@@QAE@XZ
?Open@CZipArchive@@QAEXPBDHH@Z
?ExtractFile@CZipArchive@@QAE_NGAAVCZipMemFile@@_NK@Z
?Write@CZipMemFile@@UAEXPBXI@Z
?Read@CZipMemFile@@UAEIPAXI@Z
?Seek@CZipMemFile@@UAEKJH@Z
??1CZipArchive@@UAE@XZ
?Close@CZipArchive@@QAEXH_N@Z

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup
WSACleanup

atl

ord18
ord20
ord17
ord21
ord23
ord30
ord10
ord11
ord57
ord43
ord16
ord32
ord58
ord46
ord44

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f99a7ce65db6f3030f519ac2ef041fa

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

version

shlwapi

ziparchive

ws2_32

atl

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 20KB - Virtual size: 24KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 20KB - Virtual size: 24KB

.rsrc
Size: 12KB - Virtual size: 8KB