a92e254f27c3406eb53a8bfd13f42a0a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a92e254f27c3406eb53a8bfd13f42a0a_JaffaCakes118
Size

608KB
MD5

a92e254f27c3406eb53a8bfd13f42a0a
SHA1

9fbce34d0f21eabf712fb47c5383c0b667b8929d
SHA256

13934e12565ddb8bbe5892522d27854ae28d50ce862356a4dbf956e25991428f
SHA512

d0fed6be08e418503680c43d327daffdb6ffe0e9e417a450921c2aad52910e1aad8056dca441e777365c4f0b69e78a2844704130d27644286417bcfec8cac1fe
SSDEEP

12288:l9BIcbJBT8xhOJReJ+z7uayOZXT8PRaRWUF+onZRuqeiMuNVTNVRWTle9P7jrjwx:l4u8oIoZUqFMK/ATl+jYP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a92e254f27c3406eb53a8bfd13f42a0a_JaffaCakes118

Files

a92e254f27c3406eb53a8bfd13f42a0a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2e7edbaf68149646eae10d0450ddc277

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetConnectedState
InternetSetOptionA
InternetOpenUrlA
InternetQueryOptionA
HttpSendRequestA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
InternetReadFile
InternetSetFilePointer
InternetOpenA

ws2_32

WSACloseEvent
WSARecvFrom
inet_addr
gethostbyname
inet_ntoa
shutdown
closesocket
WSACreateEvent
WSASocketA
WSAGetLastError
setsockopt
WSASendTo
WSASetEvent
WSAWaitForMultipleEvents
WSAResetEvent

kernel32

lstrlenA
CompareStringA
CompareStringW
Sleep
CloseHandle
GetCurrentThreadId
CreateThread
SetEvent
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
LockResource
LoadResource
FindResourceA
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpA
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
GetModuleFileNameA
EnterCriticalSection
ReadFile
GetFileSize
CreateFileA
CreateDirectoryA
GetLocalTime
GetCurrentProcessId
OutputDebugStringA
WriteFile
SetFilePointer
GetTickCount
CreateEventA
WaitForMultipleObjectsEx
TerminateThread
WaitForSingleObject
TerminateProcess
GetModuleHandleA
GlobalFree
GlobalHandle
GetPrivateProfileIntA
GetPrivateProfileStringA
ResetEvent
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
lstrcmpiA
FreeResource
SizeofResource
FindResourceExA
SetFileAttributesA
DeleteFileA
OpenEventA
FindClose
FindNextFileA
GetFileAttributesA
RemoveDirectoryA
FindFirstFileA
CreateProcessA
SetEndOfFile
GetDriveTypeA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
CopyFileA
GetCommandLineA
FreeLibrary
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
lstrcpynW
LocalFree
FlushFileBuffers
GetSystemTime
SetErrorMode
SetUnhandledExceptionFilter
GetStartupInfoA
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
HeapCreate
VirtualFree
IsBadWritePtr
GetProcAddress
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
LCMapStringA
LCMapStringW
GetOEMCP
GetCPInfo
GetTimeZoneInformation
GetLocaleInfoA
GetACP
ExitProcess
InterlockedExchange
UnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
LoadLibraryA
DebugBreak
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
SetEnvironmentVariableA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
ResumeThread
PeekNamedPipe

user32

DispatchMessageA
EnableWindow
PostThreadMessageA
TranslateAcceleratorA
FindWindowA
GetWindowTextLengthA
GetWindowTextA
GetClassInfoExA
wsprintfA
RegisterClassExA
CreateAcceleratorTableA
CharNextA
GetClassNameA
RedrawWindow
SetFocus
GetFocus
IsChild
InvalidateRgn
FillRect
SetCapture
ReleaseCapture
GetDesktopWindow
DestroyAcceleratorTable
CreateWindowExA
MapDialogRect
SetWindowContextHelpId
RegisterWindowMessageA
GetForegroundWindow
GetDlgItem
ReleaseDC
TranslateMessage
GetMessageA
GetDC
DrawFocusRect
SetCursor
PeekMessageA
CallWindowProcA
LoadCursorA
GetSysColor
DefWindowProcA
PostMessageA
PtInRect
LoadIconA
PostQuitMessage
GetParent
GetWindow
GetWindowRect
GetWindowThreadProcessId
AttachThreadInput
SetWindowRgn
RemoveMenu
CreatePopupMenu
GetMenuItemCount
AppendMenuA
DestroyMenu
MessageBeep
LoadStringW
TrackPopupMenuEx
SetMenuDefaultItem
GetMenuItemInfoA
SetMenuItemInfoA
LoadMenuA
LoadAcceleratorsA
LoadImageA
GetWindowDC
ValidateRect
DrawTextA
GetActiveWindow
DialogBoxIndirectParamA
IsDialogMessageA
SetForegroundWindow
KillTimer
MoveWindow
InvalidateRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SendDlgItemMessageA
IsWindowEnabled
ShowWindow
ScreenToClient
SetWindowPos
SetWindowTextA
GetWindowLongA
SetTimer
EndDialog
LoadStringA
CreateDialogIndirectParamA
SetWindowLongA
DestroyWindow
BeginPaint
EndPaint
IsWindow
SendMessageA
UnregisterClassA
LoadBitmapA

gdi32

SetBkMode
CreatePen
MoveToEx
LineTo
CombineRgn
CreateRectRgn
GetClipRgn
SelectClipRgn
SetBkColor
SetTextColor
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetStockObject
GetObjectA
GetDeviceCaps
GetDIBits
CreateFontA
DeleteDC
DeleteObject

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SafeArrayLock
VarUI4FromStr
SysAllocStringByteLen
DispCallFunc
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SysFreeString
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
OleLoadPicture
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysAllocString
SysStringLen
SysAllocStringLen

shlwapi

PathFileExistsA

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_DrawEx
ImageList_Add
ImageList_Create
ImageList_GetIconSize
ImageList_Draw
ImageList_AddMasked
InitCommonControlsEx

msimg32

TransparentBlt

setupapi

SetupInstallFileA

Sections

.text
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e7edbaf68149646eae10d0450ddc277

Headers

File Characteristics

Imports

wininet

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

setupapi

Sections

.text Size: 308KB - Virtual size: 304KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 16KB - Virtual size: 24KB

.rsrc Size: 216KB - Virtual size: 214KB

.text
Size: 308KB - Virtual size: 304KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 16KB - Virtual size: 24KB

.rsrc
Size: 216KB - Virtual size: 214KB