b04acae077614e312b8b606560b9b4e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b04acae077614e312b8b606560b9b4e8_JaffaCakes118
Size

172KB
MD5

b04acae077614e312b8b606560b9b4e8
SHA1

e544ca33ddc83ed88430bb86504da90ac15f97ec
SHA256

e8bc951614eec584bfdff0bf52b4190a64fdb78376d16e300ea55d7d553cc266
SHA512

48c3e9a287040f38735091255907305d7c17c2b218b1584654d4c127f34b3c48bdc02c0d5e4f7decdecf32d622be5918031e14c1cec25ac0e380a97a30dd9220
SSDEEP

3072:GNF++RK1aaVJxSdz0lY9B+snimRm5nYsC5tUoejP6c/4a8s/l5o:GNFrONVjSZNZm5nYlaoER/4a8sDo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b04acae077614e312b8b606560b9b4e8_JaffaCakes118

Files

b04acae077614e312b8b606560b9b4e8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7274a84d4136cbddb2c22db5a89f150

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Prj\Csa\Energy .net (CSA)\Csa\Release\CSA.pdb

Imports

urlmon

URLDownloadToFileA

kernel32

GlobalFree
SetLastError
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpA
GlobalFlags
GetCurrentThreadId
GetModuleHandleA
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
SetFileAttributesA
GetFileAttributesA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
GetFileType
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
TerminateProcess
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetHandleCount
GetStdHandle
SetStdHandle
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetSystemTime
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetTempFileNameA
DeleteFileA
FindFirstFileA
FindClose
FindResourceA
LoadResource
LockResource
SizeofResource
GetTempPathA
CreateFileA
GetModuleFileNameA
lstrcpyA
WriteFile
CloseHandle
CreateProcessA
SetThreadPriority
GetCurrentThread
GetCurrentProcess
SetPriorityClass
ResumeThread
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
DestroyMenu
PostQuitMessage
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowPos
SetWindowLongA
GetDlgItem
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetFocus
SetWindowTextA
GetClassNameA
GetWindowTextA
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
CheckMenuItem
MapWindowPoints
wsprintfA
MessageBoxA

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

ws2_32

recv
select
send
connect
WSAStartup
socket
closesocket
WSACleanup
htons
gethostbyname

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

DeleteDC
GetStockObject
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
CreateBitmap
GetClipBox
SetTextColor
ScaleWindowExtEx
SetWindowExtEx
SetBkColor
SaveDC
RestoreDC
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
SetViewportOrgEx

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

oleaut32

VariantChangeType
VariantClear
VariantInit

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7274a84d4136cbddb2c22db5a89f150

Headers

File Characteristics

PDB Paths

Imports

urlmon

kernel32

user32

advapi32

comctl32

ws2_32

oleacc

gdi32

winspool.drv

oleaut32

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 6KB - Virtual size: 23KB

.rsrc Size: 768B - Virtual size: 768B

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 6KB - Virtual size: 23KB

.rsrc
Size: 768B - Virtual size: 768B