a4307dd4297088227263374f54eb0cd7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a4307dd4297088227263374f54eb0cd7_JaffaCakes118
Size

491KB
MD5

a4307dd4297088227263374f54eb0cd7
SHA1

aecf5636d0aa4e98b0903a944ee23dae8f2077a6
SHA256

c08f3d947aa10eb61e38b598e100f6db82faa87bcfc489bf235db7ad68a43dc8
SHA512

266f179c27d8a736be29bf5287f172e3ec7149a7af7939e576f81e3d1978977e613bea0e00370f1b44ba66bb6667846c633ea26f18756eec11d9c390f1f24cef
SSDEEP

12288:NEY+GMOne6HRQ5akV0hyyhKkumW58gFhpLLu:NeN6HRQ5akS/de5phpm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4307dd4297088227263374f54eb0cd7_JaffaCakes118

Files

a4307dd4297088227263374f54eb0cd7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

38d968b98e54bb380c348e2ba9e4dfd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ToolsBuild\16.2.0.7719\source\release\MicrogamingInstall.pdb

Imports

kernel32

OutputDebugStringA
ReleaseMutex
TerminateProcess
GetVersionExA
RemoveDirectoryW
GetProcAddress
GetVolumePathNameW
Process32First
CreateDirectoryW
ReadFile
DeleteFileW
GetModuleFileNameW
WideCharToMultiByte
FindNextFileA
GetComputerNameA
SetFilePointer
GetModuleHandleA
CopyFileW
MultiByteToWideChar
lstrcpyA
lstrlenA
lstrcpynA
lstrcpynW
GetFileAttributesW
lstrlenW
GetPrivateProfileStringW
WriteFile
LoadLibraryA
LocalFree
FreeLibrary
GetDriveTypeA
GetVolumeInformationA
DeviceIoControl
SetEvent
CreateFileMappingA
GetExitCodeThread
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
CreateThread
CreateEventA
GetLastError
SetEndOfFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
CreateSemaphoreA
FindFirstFileA
ReleaseSemaphore
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
HeapSize
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
GetStdHandle
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetFileSize
CreateDirectoryA
Process32Next
GetFileAttributesA
FormatMessageA
GetLocalTime
CreateToolhelp32Snapshot
FormatMessageW
CreateMutexA
FindClose
GetModuleFileNameA
WaitForSingleObject
CopyFileA
CreateProcessA
OpenProcess
RemoveDirectoryA
DeleteFileA
GetTempFileNameA
lstrcmpiA
GetTempPathA
GetCurrentProcessId
CloseHandle
CreateProcessW
Sleep
CreateFileA
CreateFileW
RaiseException
GetStartupInfoA
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
HeapReAlloc
HeapFree
GetCurrentThreadId
ExitThread
HeapAlloc
ExitProcess

user32

TranslateMessage
GetMessageA
IsDialogMessageA
GetDlgCtrlID
LoadCursorA
AdjustWindowRect
ReleaseDC
EnableWindow
PeekMessageA
UpdateWindow
PostMessageA
IsWindowEnabled
GetSystemMetrics
SetWindowLongW
RegisterClassW
GetWindowLongW
MessageBoxW
LoadIconA
DispatchMessageA
InvalidateRect
CreateWindowExW
SetWindowLongA
DefWindowProcW
OffsetRect
GetWindowDC
ChildWindowFromPoint
GetWindowRect
RegisterClassA
CreateWindowExA
DestroyWindow
DefWindowProcA
SetWindowPos
ShowWindow
EnumDisplayDevicesA
MessageBoxA
wvsprintfA
GetActiveWindow
SetFocus
CopyRect
PostThreadMessageA
EnumDisplaySettingsA
SetWindowTextA
wsprintfW
GetDC
MapWindowPoints
wsprintfA

gdi32

CreateCompatibleDC
DeleteDC
CreateDIBSection
GetDIBits
DeleteObject
SelectObject
GetDeviceCaps
BitBlt

advapi32

RegSetValueA
RegQueryValueW
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegSetValueW
FreeSid
RegOpenKeyExA
GetUserNameA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
OpenSCManagerA
CloseServiceHandle
RegSetValueExA
OpenServiceA

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteA
SHGetMalloc

ole32

CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
CoUninitialize
CoInitialize
OleInitialize
CLSIDFromProgID
OleCreate
OleSetContainedObject
CoTaskMemFree
StringFromIID
OleUninitialize

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantCopy
VariantChangeType
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
VariantInit
SysAllocString

psapi

GetModuleFileNameExA

wsock32

recv
WSAStartup
closesocket
send
gethostbyname
socket
htons
inet_ntoa
connect
ioctlsocket
select
WSAGetLastError
WSACleanup

wininet

InternetOpenUrlA
InternetQueryDataAvailable
HttpQueryInfoA
InternetOpenA
InternetCrackUrlA
InternetCrackUrlW
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenW
InternetOpenUrlW
InternetConnectA
HttpSendRequestA
HttpAddRequestHeadersA
InternetGetConnectedState
HttpOpenRequestA
InternetCombineUrlA
InternetReadFile

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

UrlGetPartA
PathAppendA
SHDeleteKeyA
PathCanonicalizeW
PathAppendW

sensapi

IsNetworkAlive

urlmon

CoInternetGetSession

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38d968b98e54bb380c348e2ba9e4dfd6

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

psapi

wsock32

wininet

version

shlwapi

sensapi

urlmon

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 36KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 36KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 3KB