b2682ab0fe6bd4037739741dbae47f49_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2682ab0fe6bd4037739741dbae47f49_JaffaCakes118
Size

76KB
MD5

b2682ab0fe6bd4037739741dbae47f49
SHA1

f460aebfedeb11ff22b81469eb774beacffe74b9
SHA256

d56631704bc92fecfcb7e264faf651615bab47cb8cd4573810afe879f48cf8b8
SHA512

5a78951fb3e55e99316e4f6187f19572d31fef050723146a6b2aaddf2b8273ac8b1daed1f571bf7b51eaac71fd4678edfe6a4a3eb101c613ae64d32e4f83f8b7
SSDEEP

768:/Qz/Z+btQQPswEbfD+Gg4lV3SNlkpWJqPG3HAaB8IlJNBsRea8OlvM9An/hBNmhg:/d1PjEeGg4lV3SNeAZ0IJlslvEAn/hfh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2682ab0fe6bd4037739741dbae47f49_JaffaCakes118

Files

b2682ab0fe6bd4037739741dbae47f49_JaffaCakes118
.exe .js windows:4 windows x86 arch:x86 polyglot

596e6f03b254cb830057f60e4648e17f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

y:\src\_cpp\bwin3_3\Release\bwin3.pdb

Imports

kernel32

OpenThread
GetCurrentProcessId
Thread32First
Sleep
CreateThread
GetModuleFileNameA
InterlockedDecrement
QueryPerformanceCounter
RaiseException
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
SuspendThread
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
LoadLibraryA
SetUnhandledExceptionFilter
HeapSize
VirtualQuery
InterlockedExchange
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
Thread32Next
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetLastError
GetCurrentProcess
CloseHandle
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree
GetStringTypeW
lstrlenA
GetFileType
IsBadReadPtr
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
RtlUnwind
ExitProcess
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetTickCount

user32

EqualRect
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
DefWindowProcA
PostQuitMessage
EndPaint
BeginPaint
wsprintfA
SetWindowLongA
GetWindowLongA
SetWindowPos
GetClientRect
GetDC
ReleaseDC
GetWindowRect
GetSystemMetrics
GetParent
GetWindowDC
UpdateLayeredWindow
LoadIconA
LoadCursorA
RegisterClassExA
MessageBoxA

gdi32

CreateDIBSection
SelectObject
GetDeviceCaps
BitBlt
DeleteDC
DeleteObject
GetStockObject
CreateCompatibleDC

advapi32

RegCreateKeyExA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey

ole32

OleDraw
OleSetContainedObject
OleCreate
OleInitialize
OleUninitialize

oleaut32

SysFreeString
VariantClear
SysAllocString
GetErrorInfo

wininet

InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

596e6f03b254cb830057f60e4648e17f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 76KB - Virtual size: 73KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 76KB - Virtual size: 73KB