a8b8cb0ba9d58916a87f6e4c4f7eebde_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a8b8cb0ba9d58916a87f6e4c4f7eebde_JaffaCakes118
Size

152KB
MD5

a8b8cb0ba9d58916a87f6e4c4f7eebde
SHA1

10a44aedf99d9f2bf7c8e1ea2efc7608be3180fb
SHA256

4a4692b388bb38d2f1e0e4e96e7675f94e21dc35e6426f38f2cb48dc65883b6c
SHA512

b3168605be4e16ef8dc5dbd2d12afac8f2ed3ee96f0871414d8920df36417c4cf80d4d21ded1754a3fd659fc2d4560ccfd935acbdaea2ddda3361bf95837771c
SSDEEP

3072:dtmUBC6PYOOf4Ai6iyZVR5BK8suqfoJW7gxV:dtmGOftKv7g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8b8cb0ba9d58916a87f6e4c4f7eebde_JaffaCakes118

Files

a8b8cb0ba9d58916a87f6e4c4f7eebde_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53cac2a1104098f1f6430af56ce43470

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadCursorA
LoadIconA
CreateWindowExA
IsWindowEnabled
EnableWindow
MapWindowPoints
GetParent
CallWindowProcA
UnhookWindowsHookEx
PeekMessageA
DispatchMessageA
RegisterClassExA
PostQuitMessage
EnumWindows
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
IsWindowVisible
SendMessageA
IsWindow
GetWindowRect
GetDC
PrintWindow
TranslateMessage
DefWindowProcA
CopyImage
ReleaseDC
SetFocus
GetDesktopWindow
GetWindowLongA
SetWindowPos
MessageBoxA
wsprintfA
CharLowerA
SetWindowLongA
SetTimer
KillTimer
GetForegroundWindow
GetKeyState
GetAsyncKeyState
GetMessageA
ClipCursor
ShowWindow
MoveWindow
SetWindowTextA
GetWindowTextLengthA
UpdateWindow

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
EnumServicesStatusA
DeleteService
ControlService
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA

kernel32

ReadFile
FindClose
FindFirstFileA
FindNextFileA
DeleteFileA
SetFileAttributesA
WaitForSingleObject
CopyFileA
GetModuleFileNameA
IsBadReadPtr
HeapReAlloc
ExitProcess
GetTempFileNameA
GetTickCount
GetStartupInfoA
GetExitCodeProcess
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentProcess
ReadProcessMemory
OpenProcess
lstrcpyA
GlobalAlloc
GetWindowsDirectoryA
GlobalLock
GlobalUnlock
GlobalSize
GlobalFree
MultiByteToWideChar
CreatePipe
CreateProcessA
LCMapStringA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
RtlZeroMemory
CreateFileA
WriteFile
CreateThread
TerminateThread
GetComputerNameA
InitializeCriticalSection
GetModuleHandleA
GetProcAddress
LocalAlloc
RtlFillMemory
LocalFree
lstrcpyn
Sleep
TerminateProcess
RtlMoveMemory
lstrlenA
GetSystemInfo
GetVersionExA
GlobalMemoryStatus
GetLogicalDriveStringsA
EnterCriticalSection
LeaveCriticalSection
GetFileSize
SetFilePointer
PeekNamedPipe

wininet

HttpSendRequestA
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetSetCookieA

ws2_32

inet_ntoa
WSACleanup
gethostbyname
send
closesocket
WSAStartup
connect
inet_addr
htons
socket
recv

shlwapi

PathFileExistsA
StrTrimA
StrToInt64ExA
DllGetVersion

psapi

GetModuleFileNameExA

gdiplus

GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdipCreateBitmapFromStream
GdiplusStartup

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CLSIDFromString

gdi32

CreateFontA
BitBlt
GetDeviceCaps
CreateDCA
GetDIBits
GetObjectA
DeleteObject
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

secur32

GetUserNameExA

avicap32

capCreateCaptureWindowA

msvcrt

strrchr
??2@YAPAXI@Z
sprintf
strncpy
strtod
_stricmp
strncmp
free
realloc
malloc
tolower
modf
memmove
_ftol
_strnicmp
??3@YAXPAX@Z

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

53cac2a1104098f1f6430af56ce43470

Headers

File Characteristics

Imports

user32

advapi32

kernel32

wininet

ws2_32

shlwapi

psapi

gdiplus

ole32

gdi32

secur32

avicap32

msvcrt

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 57KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 57KB