a2732f2aa51f8989f8dec00ec8e1529b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a2732f2aa51f8989f8dec00ec8e1529b_JaffaCakes118
Size

144KB
MD5

a2732f2aa51f8989f8dec00ec8e1529b
SHA1

2fafc7f001ccecc7bee0913497cedb100ec83d22
SHA256

3a6d5f854a9aaab2e6dae9985110a370d024810dedba4079e15e462a3a20905a
SHA512

44824677ae1ffc71bcbeca7b6a7e070582d7421e29118a9816a81c154d7ac91fa92167e8aa5c8319193636525d0645b6e560842dffe1b76d0525791d33fca022
SSDEEP

3072:rp1e4BMWHvgYIfZZ5ttiWKK/WfA2RQohBToWCxdiH:rp11BLIxZZ5ttR/W42RQormdu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2732f2aa51f8989f8dec00ec8e1529b_JaffaCakes118

Files

a2732f2aa51f8989f8dec00ec8e1529b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ae176eb1be869bbbdf537dec60631796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
CreateFileW
WriteFile
CloseHandle
WideCharToMultiByte
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointer
lstrlenA
CreateProcessW
Sleep
GetComputerNameW
LockResource
FindResourceExW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
LoadLibraryW
GetCurrentProcess
SizeofResource
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
SetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
MultiByteToWideChar
GetLastError
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange

user32

GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
CharNextW
SetTimer
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
SetWindowPos
GetSysColor
GetClassNameW
IsWindow
SendMessageW
GetDlgItem
EndDialog
PostQuitMessage
FindWindowExW
UnregisterClassA
KillTimer
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
ShowWindow
CreateDialogParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush

advapi32

RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleUninitialize
CoUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2

oleaut32

VariantChangeType
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
InternetOpenW

netapi32

Netbios

ws2_32

closesocket
recv
send
connect
WSACleanup
gethostbyname
socket
WSAStartup
htons

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae176eb1be869bbbdf537dec60631796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

netapi32

ws2_32

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 232B

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 232B