b5609c451ebc9c9ec97c8fba96e57272_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b5609c451ebc9c9ec97c8fba96e57272_JaffaCakes118
Size

441KB
MD5

b5609c451ebc9c9ec97c8fba96e57272
SHA1

57768824df379e983b7ce7f41276fbc5cb568040
SHA256

59a4ab6225cad58ec7837569e4100845fe56766f20500eeb9f48aeb306c187d2
SHA512

9dd75a848806288fab9bd436d882f96951fcf959fe86a1e4ae795422d1fe43b49297667a7eed2152461abd9633ed76b7a9a10dbaf28afde5e9cc8d6ccfeeb82a
SSDEEP

12288:HtlnUgxoPM0hOYo0BHLw+xizpkYaWefF:Htln9oPZoYbHk+xizpWWefF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5609c451ebc9c9ec97c8fba96e57272_JaffaCakes118

Files

b5609c451ebc9c9ec97c8fba96e57272_JaffaCakes118
.exe windows:4 windows x86 arch:x86

966de56454cf77a9490c4a0b7988b7e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalReAlloc
LoadLibraryW
GetCurrentProcess
GetCurrentDirectoryW
FormatMessageW
FindClose
FreeResource
EnterCriticalSection
CreateFileW
GlobalFree
QueryPerformanceCounter
SizeofResource
CreateThread
lstrlenA
GlobalLock
lstrcpynW
CloseHandle
GetModuleHandleA
GetProcessVersion
DeleteFileW
GetVolumeInformationW
GetFileAttributesW
GetModuleFileNameW
GetSystemDefaultUILanguage
GetModuleHandleW
TlsSetValue
SetCurrentDirectoryW
UnhandledExceptionFilter
LocalReAlloc
GetVersionExA
FindNextFileW
FindResourceExW
FreeLibraryAndExitThread
SetUnhandledExceptionFilter
LockResource
GetACP
TlsFree
InterlockedDecrement
WideCharToMultiByte
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
lstrcpyA
lstrcpyW
GetProfileStringW
TlsGetValue
GetTempFileNameW
GetLastError
FindResourceA
GlobalAlloc
MulDiv
FreeLibrary
InterlockedIncrement
FindFirstFileW
LocalFree
DelayLoadFailureHook
GetProcAddress
LocalSize
SetErrorMode
InterlockedCompareExchange
Sleep
SetLastError
GetUserDefaultLCID
DisableThreadLibraryCalls
lstrlenW
GetDriveTypeW
GetCurrentThreadId
GetFullPathNameW
LoadLibraryA
lstrcmpiW
LoadResource
InterlockedExchange
TerminateProcess
SetEvent
GetTickCount
FindResourceW
GetShortPathNameW
LocalAlloc
GetSystemTimeAsFileTime
MultiByteToWideChar
ExpandEnvironmentStringsW
TlsAlloc
LeaveCriticalSection
lstrcmpW
WaitForSingleObject
GlobalUnlock
GetCurrentProcessId

dnsapi

DnsApiAlloc
DnsApiFree

ws2_32

getnameinfo
WSARecvFrom
WSAAddressToStringW
WSAStringToAddressA
WSASendTo
WSALookupServiceNextW
WSASocketW
WSAIoctl
freeaddrinfo
WSALookupServiceBeginW
getaddrinfo
WSAAddressToStringA
WSAEventSelect
WSALookupServiceEnd

user32

DlgDirListW
MessageBoxW
GetWindowTextLengthW
DrawEdge
EndDeferWindowPos
MoveWindow
PeekMessageW
GetDlgItemTextW
EndDialog
GetKeyState
SetCapture
SetDlgItemTextA
CallNextHookEx
SetWindowsHookExW
CharPrevW
DeferWindowPos
IsWindowEnabled
DialogBoxIndirectParamW
PtInRect
DrawFocusRect
DialogBoxIndirectParamAorW
LoadIconW
LoadAcceleratorsW
GetDialogBaseUnits
ScreenToClient
ShowCursor
ValidateRect
CharNextA
GetClientRect
DestroyMenu
LockWindowUpdate
GetDlgItemInt
GetWindowPlacement
GetFocus
PostMessageW
DrawIcon
CheckDlgButton
KillTimer
InflateRect
EnableWindow
UnhookWindowsHookEx
GetKeyboardLayout
FrameRect
GetSysColorBrush
GetPropW
CharLowerW
MapWindowPoints
ClipCursor
IntersectRect
GetWindowTextW
GetDlgCtrlID
GetDlgItemTextA
EnumChildWindows
GetDlgItem
CreateWindowExW
CreatePopupMenu
BeginPaint
TranslateMessage
FillRect
SetFocus
MessageBeep
RedrawWindow
TranslateAcceleratorW
SendDlgItemMessageW
InvalidateRect
ReleaseDC
LoadCursorW
CopyRect
GetLastActivePopup
ChildWindowFromPoint
SetPropW
GetSystemMenu
IsDlgButtonChecked
SetWindowPlacement
SetDlgItemInt
RemovePropW
DrawTextW
UpdateWindow
SetWindowTextW
IsWindow
SetWindowLongW
SetCursor
ShowWindow
GetWindowLongA
RegisterWindowMessageA
CallWindowProcW
SetParent
GetSysColor
CharNextW
MsgWaitForMultipleObjects
GetWindow
SetTimer
CreateDialogIndirectParamW
GetParent
EndPaint
GetDC
CreateDialogIndirectParamAorW
DestroyWindow
DeleteMenu
GetWindowLongW
GetSystemMetrics
GrayStringW
RegisterWindowMessageW
RegisterClipboardFormatW
LoadStringW
BeginDeferWindowPos
CheckRadioButton
SetWindowPos
DefWindowProcW
SendMessageW
IsWindowVisible
DispatchMessageW
WinHelpW
SetDlgItemTextW
EqualRect
LoadImageW
GetWindowRect
FindWindowExW
CreateDialogIndirectParamA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

ntdll

RtlIsNameLegalDOS8Dot3
wcslen
memmove
_chkstk
NtQueryVirtualMemory
RtlUnwind
RtlInitUnicodeStringEx
RtlUnicodeToMultiByteSize
NtAllocateVirtualMemory
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
_vsnwprintf

mswsock

AcceptEx
GetAcceptExSockaddrs

comctl32

CreatePropertySheetPageW
PropertySheetW
ImageList_GetIconSize
CreateToolbar
CreateToolbarEx
ImageList_Draw
ImageList_Destroy

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

966de56454cf77a9490c4a0b7988b7e7

Headers

File Characteristics

Imports

kernel32

dnsapi

ws2_32

user32

ole32

ntdll

mswsock

comctl32

Sections

.text Size: 5KB - Virtual size: 4KB

.data Size: 30KB - Virtual size: 928KB

.rdata Size: 228KB - Virtual size: 228KB

.rsrc Size: 176KB - Virtual size: 176KB

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 30KB - Virtual size: 928KB

.rdata
Size: 228KB - Virtual size: 228KB

.rsrc
Size: 176KB - Virtual size: 176KB