a0fa74df42dcd18c2dc225b400486bd9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a0fa74df42dcd18c2dc225b400486bd9_JaffaCakes118
Size

510KB
MD5

a0fa74df42dcd18c2dc225b400486bd9
SHA1

06890b6676e0d491dc89e7f8e0a436c9d1a74bbe
SHA256

c5e7ee8e6df4ba0826f1a6718aaeae9fc1d8314eaa8d46f916eb4f889f3c28d0
SHA512

f766fb86899e3d39d745a2275aa5be4a04389149e31d52b8ff84ab9fd0864cd56b9e41ba84498ac5b8f80336301d06d9a6c3df943de49b4ebe8de806d9a87d4a
SSDEEP

12288:pyMToCixA/tp9eJKDXV8ejfuSFNuOvZJxiq8d:pC+z9eJKDqebBLuOkjd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0fa74df42dcd18c2dc225b400486bd9_JaffaCakes118

Files

a0fa74df42dcd18c2dc225b400486bd9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

289dd21f8d8d7753a65387e3a66a4cb6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
Sleep
WriteConsoleW
InterlockedExchange
GetSystemTimeAsFileTime
CloseHandle
GetCPInfo
GetCurrentThreadId
VirtualFree
VirtualAlloc
TlsGetValue
LocalUnlock
GetModuleFileNameW
IsDebuggerPresent
GetOEMCP
GetConsoleCP
GetEnvironmentStringsW
GetStartupInfoA
IsValidCodePage
GetAtomNameW
HeapSize
CreateMutexA
GetModuleHandleA
HeapReAlloc
OpenMutexA
QueryPerformanceCounter
FreeLibrary
GetCurrentThread
InterlockedDecrement
GetCommandLineW
GetModuleFileNameA
RtlZeroMemory
GetFileType
GetPrivateProfileSectionNamesW
FlushFileBuffers
HeapFree
SetComputerNameW
GetTimeZoneInformation
CompareStringW
HeapAlloc
GetCurrentProcessId
GetComputerNameW
FormatMessageA
ExitProcess
TlsAlloc
InitializeCriticalSectionAndSpinCount
TlsFree
GetProcAddress
GetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
EnumSystemLocalesA
HeapDestroy
GetUserDefaultLCID
SetComputerNameA
ReleaseSemaphore
GetStringTypeA
WriteFileEx
GetModuleHandleW
SetStdHandle
SetLastError
GetLogicalDriveStringsW
EnterCriticalSection
SetUnhandledExceptionFilter
GetLocaleInfoW
UnhandledExceptionFilter
LeaveCriticalSection
SetFilePointer
CreateRemoteThread
SetEnvironmentVariableA
GetConsoleMode
WaitCommEvent
TlsSetValue
GetSystemDirectoryA
VirtualAllocEx
SetHandleCount
GetCurrentProcess
MultiByteToWideChar
GetStartupInfoW
CompareStringA
HeapCreate
GetStringTypeW
WriteFile
CreateFileA
VirtualQuery
GetACP
GetTickCount
LCMapStringA
GetLastError
WideCharToMultiByte
WriteConsoleA
GetSystemDefaultLCID
SetConsoleCtrlHandler
RtlUnwind
GetTimeFormatA
GetConsoleOutputCP
LCMapStringW
LoadLibraryA
GetDateFormatA
TerminateProcess
ReadFile
InterlockedIncrement
SetConsoleCP
IsValidLocale
lstrcatW
GetLocaleInfoA

shell32

ShellHookProc
DragQueryPoint
SheGetDirA
RealShellExecuteW

user32

GetWindowLongA
DestroyWindow
ShowWindow
RegisterClassExA
RegisterClassA
CharNextW
DdeReconnect
DefWindowProcW
MessageBoxA
CreateWindowExW

comctl32

ImageList_Replace
ImageList_Merge
ImageList_DragEnter
CreatePropertySheetPage
ImageList_DragLeave
ImageList_LoadImageA
ImageList_AddIcon
GetEffectiveClientRect
DrawStatusTextA
CreateUpDownControl
ImageList_SetFilter
DrawStatusTextW
CreatePropertySheetPageA
ImageList_Create
CreateToolbar
DrawInsert
DrawStatusText
ImageList_GetIcon
CreateStatusWindow
ImageList_GetBkColor
ImageList_LoadImageW
ImageList_LoadImage
InitCommonControlsEx
_TrackMouseEvent
ImageList_Read
ImageList_Copy

wininet

CommitUrlCacheEntryW
FtpCreateDirectoryA
InternetCheckConnectionA
HttpSendRequestExW
HttpSendRequestA
FtpPutFileEx

advapi32

CryptGetDefaultProviderA
CryptCreateHash
CryptAcquireContextA
CryptEnumProviderTypesA
CryptVerifySignatureW
CryptHashData
RegOpenKeyExA
LookupAccountSidW
GetUserNameW
RegConnectRegistryW
RegQueryValueW

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

289dd21f8d8d7753a65387e3a66a4cb6

Headers

File Characteristics

Imports

kernel32

shell32

user32

comctl32

wininet

advapi32

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 39KB - Virtual size: 43KB

.data Size: 104KB - Virtual size: 103KB

.rsrc Size: 22KB - Virtual size: 21KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 39KB - Virtual size: 43KB

.data
Size: 104KB - Virtual size: 103KB

.rsrc
Size: 22KB - Virtual size: 21KB