b1c9d49fa1ffcc4143131b8f94995f8c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1c9d49fa1ffcc4143131b8f94995f8c_JaffaCakes118
Size

176KB
MD5

b1c9d49fa1ffcc4143131b8f94995f8c
SHA1

f04bbae5f2d68ffc6bf71d0b464ca3f0a88a49be
SHA256

f29fb49b41f71fb93ff7d05d9099c9f07bb98b7a185124273e6d83bbff4da1cc
SHA512

b3e36a7a022d2c6f352795a98b7da2bce95490f1c522f2fab6cbccd010db8dfef293182c6c528a62f6fa0fe62eced02a8700a6e1401eaeffbd659a43f3e1fd43
SSDEEP

3072:Iyw5WxJOjrF7FnlpQoWOhrD103dx9ee7pDcfIO4xWV:ZsWKthnHDf1004pVO4x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1c9d49fa1ffcc4143131b8f94995f8c_JaffaCakes118

Files

b1c9d49fa1ffcc4143131b8f94995f8c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7446a8e0185cbbaede4a8415345953fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

winmm

timeGetTime
timeSetEvent

shlwapi

PathFileExistsW
PathCombineW

gdi32

SetStretchBltMode
CreateCompatibleDC
GetStockObject
RealizePalette
DeleteObject
DeleteDC
SelectPalette
CreateSolidBrush
CreateDIBSection
ExtEscape
GetObjectA
CreateFontA
GetDeviceCaps
BitBlt
CreateDIBitmap
CreateCompatibleBitmap
SelectObject
GetDIBits
StretchDIBits
SetBkMode

advapi32

CryptEncrypt
RegQueryValueExA
CryptGetHashParam
RegDeleteValueA
CryptDestroyHash
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
CryptAcquireContextA
CryptDestroyKey
CryptImportKey
RegCloseKey
RegEnumKeyExA
CryptHashData
CryptReleaseContext
RegCreateKeyExA
RegSetValueExA
CryptCreateHash
RegDeleteKeyA

ole32

StringFromGUID2
CoTaskMemAlloc
CoUninitialize
CreateBindCtx
BindMoniker
CoGetClassObject
CoCreateInstance
CoTaskMemFree
CreateItemMoniker
GetRunningObjectTable
OleInitialize
CreateStreamOnHGlobal
StgCreateDocfile
CLSIDFromProgID
OleLockRunning
CoSetProxyBlanket
CoTaskMemRealloc
StgIsStorageFile
CoInitializeSecurity
StgOpenStorage
OleUninitialize
CoInitialize
CLSIDFromString

gdiplus

GdipCreateBitmapFromFile
GdipFree
GdipCreateBitmapFromFileICM
GdipAlloc
GdipGetImagePixelFormat
GdipDisposeImage
GdipCloneImage

version

GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueW
VerQueryValueA

user32

CreateAcceleratorTableA
EqualRect
SetTimer
DestroyWindow
GetFocus
PostThreadMessageA
DestroyAcceleratorTable
InvalidateRect
SendMessageTimeoutA
GetWindowTextLengthA
GetClientRect
CreateWindowExA
SetRect
KillTimer
GetParent
UnregisterClassA
FindWindowA
CreateDialogParamA
GetDlgItem
DefWindowProcA
GetClassInfoExA
IsWindow
SetWindowTextA
SetFocus
EnumDisplayDevicesA
CopyRect
GetActiveWindow
DispatchMessageA
SetCapture
GetWindow
RedrawWindow
GetWindowRect
RegisterClassExA
GetClassNameA
GetDC
GetDesktopWindow
MsgWaitForMultipleObjects
SendMessageA
LoadCursorA
SetWindowLongA
DrawTextA
GetWindowTextA
FillRect
ReleaseDC
IsChild
ShowWindow
InvalidateRgn
PeekMessageA
RegisterWindowMessageA
BeginPaint
PostMessageA
CallWindowProcA
SetParent
GetQueueStatus
GetSysColor
EndPaint
CharNextA
MoveWindow
wvsprintfA
SendNotifyMessageA
ReleaseCapture
GetWindowLongA
wsprintfA
SetWindowPos

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

kernel32

LoadLibraryW
LeaveCriticalSection
HeapFree
GetProcAddress
GetCurrentThreadId
HeapAlloc
GetThreadLocale
GetLastError
GetSystemTimeAsFileTime
WriteProcessMemory
GetVersionExA
GetLocaleInfoA
_llseek
GetShortPathNameW
InterlockedIncrement
GetThreadPriority
VirtualQuery
OutputDebugStringA
GetModuleFileNameA
lstrcpyA
VirtualFree
GetFileAttributesW
FreeLibrary
FlushInstructionCache
lstrlenA
CreateThread
GetModuleHandleA
RaiseException
LocalFree
DeleteFileA
GetProcessAffinityMask
GetCurrentProcessId
GlobalSize
GetTempPathA
GlobalLock
VirtualProtect
Beep
CreateFileMappingA
GetSystemTime
GlobalFree
lstrcmpiA
GetCurrentThread
EnumResourceTypesW
InterlockedDecrement
CreateDirectoryA
IsDBCSLeadByte
CreateFileA
CreateSemaphoreA
GlobalAlloc
GetProcessHeap
lstrcmpA
WaitForMultipleObjects
ResetEvent
SetEnvironmentVariableW
FindResourceA
GetACP
EnterCriticalSection
WideCharToMultiByte
IsDebuggerPresent
InterlockedExchange
OpenFileMappingA
GetFileAttributesA
DeviceIoControl
GetTempPathW
MulDiv
SizeofResource
Sleep
OutputDebugStringW
TerminateProcess
WriteFile
InitializeCriticalSection
LoadLibraryExA
GlobalReAlloc
MultiByteToWideChar
LoadLibraryA
ExitProcess
LoadResource
lstrcpynA
GetDriveTypeW
IsBadReadPtr
DeleteCriticalSection
SetThreadPriority
QueryPerformanceCounter
MapViewOfFile
WaitForSingleObject
GlobalUnlock
CreateDirectoryW
GetCurrentProcess
GetVolumeInformationW
GetSystemInfo
SetEvent
CreateEventA
CloseHandle
GetModuleFileNameW
GetTickCount
VirtualAlloc
IsBadWritePtr
ReadFile
lstrlenW

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7446a8e0185cbbaede4a8415345953fe

Headers

File Characteristics

Imports

shell32

wininet

winmm

shlwapi

gdi32

advapi32

ole32

gdiplus

version

user32

setupapi

kernel32

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 7KB - Virtual size: 6KB

.bss Size: 68KB - Virtual size: 67KB

.tls Size: 1024B - Virtual size: 248KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 7KB - Virtual size: 6KB

.bss
Size: 68KB - Virtual size: 67KB

.tls
Size: 1024B - Virtual size: 248KB