b1ea74eaa518d6840ae93734f9b53e88_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b1ea74eaa518d6840ae93734f9b53e88_JaffaCakes118
Size

143KB
MD5

b1ea74eaa518d6840ae93734f9b53e88
SHA1

ddd3e47a7dc64ba2bfdaf9952216e3814f6c2693
SHA256

92272754294f3bdf35955c2007de5b7ea79a9500340dd920ba69335149c54c20
SHA512

e01100e1ba6a676ad8a65c57e33e16c4fc252327dc610f894d580036e7b1f63678b25f2c5cabaa246ddb34d25d254ebb5d90cdf4475e267f4d7e5267226b985f
SSDEEP

3072:PcDKbs7WQCpDhqCIDZYD+FJ4YPIS8A4oTgPlE15jxdiH:Pcmb8ShQZo+FJCSP4oTgPwdu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1ea74eaa518d6840ae93734f9b53e88_JaffaCakes118

Files

b1ea74eaa518d6840ae93734f9b53e88_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ae176eb1be869bbbdf537dec60631796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
CreateFileW
WriteFile
CloseHandle
WideCharToMultiByte
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointer
lstrlenA
CreateProcessW
Sleep
GetComputerNameW
LockResource
FindResourceExW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
LoadLibraryW
GetCurrentProcess
SizeofResource
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
SetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
MultiByteToWideChar
GetLastError
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange

user32

GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
CharNextW
SetTimer
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
SetWindowPos
GetSysColor
GetClassNameW
IsWindow
SendMessageW
GetDlgItem
EndDialog
PostQuitMessage
FindWindowExW
UnregisterClassA
KillTimer
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
ShowWindow
CreateDialogParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush

advapi32

RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleUninitialize
CoUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2

oleaut32

VariantChangeType
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
InternetOpenW

netapi32

Netbios

ws2_32

closesocket
recv
send
connect
WSACleanup
gethostbyname
socket
WSAStartup
htons

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae176eb1be869bbbdf537dec60631796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

netapi32

ws2_32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 232B

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 232B