a4cc92b5bdbbcd0b81c1ff49ef29f299_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a4cc92b5bdbbcd0b81c1ff49ef29f299_JaffaCakes118
Size

636KB
MD5

a4cc92b5bdbbcd0b81c1ff49ef29f299
SHA1

66281c9173013124759f3a9b7365c61fc2ce71e6
SHA256

b1828680f8a4e9210fc12185f9755e4039d2c55c9ed32542477a697a151f0c3b
SHA512

bacbe444a5d146a2f08657bf1004134570cea94154884f82cdbb30f374aed15bbe84ebdac0c5d72c6a2f86d6cb35da8a3815b1c1d725d574d265e487644928e7
SSDEEP

12288:V6ztyWsyw6d+ln6w7+YjGA+bIl2RfY51EjVPjgFInhlL0T0vai8uGR5:8sWsyw9iPlai89

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4cc92b5bdbbcd0b81c1ff49ef29f299_JaffaCakes118

Files

a4cc92b5bdbbcd0b81c1ff49ef29f299_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f189bc21ca321c99b2ab98b24ee75a3f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
gethostname
WSACleanup

winmm

PlaySoundW

wininet

InternetSetStatusCallbackW
InternetOpenW
InternetOpenUrlW
InternetReadFileExA
HttpQueryInfoW
InternetCloseHandle
HttpSendRequestW
InternetReadFile
InternetGetCookieW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpSendRequestA
InternetErrorDlg
InternetSetOptionW
InternetSetCookieW
InternetOpenUrlA
InternetGetConnectedState

version

VerQueryValueW

kernel32

UnhandledExceptionFilter
SetStdHandle
SetFilePointer
FlushFileBuffers
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualFree
HeapCreate
GetOEMCP
VirtualQuery
VirtualAlloc
VirtualProtect
GetTimeZoneInformation
TlsAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
CloseHandle
ReleaseMutex
UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
WriteFile
CreateFileW
GetTickCount
GetCurrentProcessId
WaitForSingleObject
CreateMutexW
Sleep
GetModuleFileNameW
CreateThread
WideCharToMultiByte
CreateProcessW
GetLastError
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
InterlockedCompareExchange
InterlockedDecrement
DeleteFileW
LoadLibraryW
FreeLibrary
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FileTimeToLocalFileTime
CreateEventW
ExpandEnvironmentStringsW
InterlockedExchangeAdd
LocalFree
FormatMessageW
GetSystemInfo
GetCurrentThreadId
GetCommandLineA
lstrcpyW
lstrlenW
lstrcatW
ReadFile
GetFileSize
ResetEvent
SetEvent
lstrcpynW
lstrcmpiW
GetTempFileNameW
CreateDirectoryW
GetTempPathW
GetProcAddress
SetCurrentDirectoryW
GetCurrentDirectoryW
GetStartupInfoW
CopyFileW
MoveFileW
GetStringTypeW
GetStringTypeA
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
GetStartupInfoA
SetEndOfFile
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
RtlUnwind
RaiseException
ExitProcess
InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
FileTimeToSystemTime
GetEnvironmentStrings
GetModuleFileNameA
SetUnhandledExceptionFilter
TlsFree
SetLastError
TlsSetValue
TlsGetValue
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
LoadLibraryA
SetEnvironmentVariableA
CreateFileA
GetLocaleInfoW
GetLocalTime
QueryPerformanceCounter

user32

GetWindowTextW
GetWindowTextLengthW
DialogBoxParamW
CreateDialogParamW
EndDialog
IsDlgButtonChecked
GetDlgItem
LoadStringW
SetDlgItemTextW
SetFocus
ShowWindow
GetMonitorInfoW
MonitorFromRect
SetLayeredWindowAttributes
SetWindowPos
GetSysColor
SetWindowTextW
GetWindowRect
wsprintfW
InvalidateRect
SendDlgItemMessageW
RegisterWindowMessageW
ReplyMessage
PostQuitMessage
KillTimer
PeekMessageW
SetTimer
GetWindowLongW
DefWindowProcW
RegisterClassW
CreateWindowExW
SetWindowLongW
InsertMenuItemW
GetCursorPos
SetForegroundWindow
TrackPopupMenu
CreatePopupMenu
AppendMenuW
DestroyMenu
LoadIconW
IsWindow
DestroyWindow
FindWindowW
PostMessageW
SendMessageW
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
SystemParametersInfoW
GetMessageW
DispatchMessageW
TranslateMessage
FindWindowExW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
GetUserNameW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
CryptImportKey
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptVerifySignatureW
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCreateKeyExW

shell32

ShellExecuteW
Shell_NotifyIconW
SHAppBarMessage
SHGetSpecialFolderPathW

ole32

CoInitializeEx
OleRun
CoCreateInstance
CoInitialize
CoUninitialize

shlwapi

PathCombineW
PathRemoveFileSpecW
SHRegSetUSValueW
UrlEscapeA
SHGetValueW
SHRegGetBoolUSValueW

setupapi

SetupIterateCabinetW
SetupInitDefaultQueueCallback
SetupTermDefaultQueueCallback
SetupDefaultQueueCallbackW

crypt32

CryptDecodeObject

Sections

.text
Size: 372KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f189bc21ca321c99b2ab98b24ee75a3f

Headers

File Characteristics

Imports

ws2_32

winmm

wininet

version

kernel32

user32

advapi32

shell32

ole32

shlwapi

setupapi

crypt32

Sections

.text Size: 372KB - Virtual size: 368KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 16KB - Virtual size: 13KB

.yrdata Size: 68KB - Virtual size: 68KB

.text
Size: 372KB - Virtual size: 368KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 16KB - Virtual size: 13KB

.yrdata
Size: 68KB - Virtual size: 68KB