b483865e754f62fb44b8fba20700a504_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b483865e754f62fb44b8fba20700a504_JaffaCakes118
Size

436KB
MD5

b483865e754f62fb44b8fba20700a504
SHA1

5bab5617a424e774fdf542bebcdf2eddcc3fa208
SHA256

dbca5038733ac533e5f69620d3b2f9161c06a59e2a79d3b439143ae08a3591bc
SHA512

6a212fbc97e3c2c47f54c2053e609742a2e7d02c74e81323593d79efe6d903a741213c073b4b621149d8182665020d94a04f090dea3313f731cbfb1939648852
SSDEEP

6144:rNEMmV859UvM3os9Q1qhen6ShCi7MmrSWJPCRdaEFqe9d:rNtmi59zT9Q1qh4rMkVCtFqe9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b483865e754f62fb44b8fba20700a504_JaffaCakes118

Files

b483865e754f62fb44b8fba20700a504_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6be4ef92aa437bb34862ef9e12e7ba47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDisposeImage
GdipCloneImage
GdipFree
GdipCreateFromHDC
GdipAlloc
GdiplusStartup
GdipDrawImageI
GdipDeleteGraphics
GdipLoadImageFromStream

wsock32

recv
send
WSAStartup
inet_addr
gethostbyname
closesocket
connect
socket
ioctlsocket
htons

kernel32

GetFileAttributesA
GetFileSize
GetFileTime
FormatMessageA
RtlUnwind
HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
RaiseException
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetTickCount
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProfileStringA
GetPrivateProfileStringA
GetCurrentDirectoryA
CreateThread
WritePrivateProfileStringA
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetOEMCP
GlobalDeleteAtom
GetModuleFileNameA
CloseHandle
GetCPInfo
GetThreadLocale
SizeofResource
GetProcessVersion
GetLastError
GlobalFlags
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
MulDiv
SetLastError
InterlockedDecrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
lstrlenA
GlobalFree
LockResource
FindResourceA
LoadResource
GetStdHandle

user32

GetDesktopWindow
GetClassNameA
PtInRect
GetSysColorBrush
LoadStringA
InflateRect
CharNextA
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
InvalidateRect
CharUpperA
RegisterClipboardFormatA
PostThreadMessageA
DrawTextA
TabbedTextOutA
GetWindowDC
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
ScreenToClient
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
CopyRect
ReleaseDC
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SetCursor
PostQuitMessage
GetDC
CallWindowProcA
BeginPaint
LoadCursorA
DestroyMenu
IsChild
GrayStringA
EndPaint
wsprintfA
EnableWindow
MessageBoxA
SetFocus
GetDlgItemTextA
PostMessageA
LoadMenuA
GetSubMenu
EnableMenuItem
GetCursorPos
CreatePopupMenu
AppendMenuA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
FindWindowA
GetDlgItem
SetWindowLongA
SetDlgItemTextA
LoadIconA
IsWindowUnicode
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
SetForegroundWindow

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
SetMapMode
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
PatBlt
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

Shell_NotifyIconA

comctl32

ImageList_Destroy
ord17

oledlg

ord8

ole32

CoGetClassObject
StgOpenStorageOnILockBytes
CLSIDFromProgID
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromString

olepro32

ord253

oleaut32

SysAllocStringByteLen
SysAllocString
SysStringLen
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6be4ef92aa437bb34862ef9e12e7ba47

Headers

File Characteristics

Imports

gdiplus

wsock32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 20KB - Virtual size: 334KB

.rsrc Size: 168KB - Virtual size: 165KB

.vmp0 Size: 52KB - Virtual size: 48KB

.reloc Size: 4KB - Virtual size: 528B

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 20KB - Virtual size: 334KB

.rsrc
Size: 168KB - Virtual size: 165KB

.vmp0
Size: 52KB - Virtual size: 48KB

.reloc
Size: 4KB - Virtual size: 528B