b7170e07d6bdab519fb14aeb573425a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7170e07d6bdab519fb14aeb573425a9_JaffaCakes118
Size

1.3MB
MD5

b7170e07d6bdab519fb14aeb573425a9
SHA1

47fc37bdaa1e55fb4d7e431269bbb9e354ef6182
SHA256

146fa284e4c7e30856f497f543880ae3ab79fae280f713b751f46d2b1849e644
SHA512

b87b69e1d55dbc8da638fb6eafa02c6bc8d94bd7a6323503940b5c963d20b7ed41d3df6fbc331e8a8247a448cedd6f1e8b04a5b00a7fac5e9d3523152e4a7180
SSDEEP

12288:23w5kwuF4A3atcdGUW5CeTzPq+s3hMZ/8waP1sVJBGRBtWVn/iDsa7WyrrzuZK:gh3teK3h7wIsJBGXQtM3DrrzuZK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7170e07d6bdab519fb14aeb573425a9_JaffaCakes118

Files

b7170e07d6bdab519fb14aeb573425a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4ec1dab97cb0e803e0e2b7475eeda3b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTime
OpenProcess
GetVersionExA
GetModuleHandleA
GetDateFormatA
FindResourceA
GetWindowsDirectoryA
CreateProcessA
GetFileAttributesA
lstrlenA
SetTapePosition
VirtualProtect
GetStartupInfoA
CreateFileA
QueryPerformanceCounter
CreateMutexA
OpenMutexA
DeleteFileA
FindFirstChangeNotificationA
ResetEvent
GetEnvironmentVariableA
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
LockResource
GetCurrentThread

user32

SystemParametersInfoA
FrameRect
ClientToScreen
RegisterClassExA
GetWindowTextLengthA
AppendMenuA
GetActiveWindow
IsDialogMessageA
PostMessageA
DrawFrameControl
TrackPopupMenu
FillRect
ScreenToClient

gdi32

BitBlt
DeleteObject
CreatePen
GetObjectA
CreateDCA
DPtoLP
SelectObject
StretchBlt
SetPixel
GetTextExtentPoint32A
PatBlt
DeleteDC

winspool.drv

DocumentPropertiesA
ClosePrinter
GetJobA
OpenPrinterA

shlwapi

PathFindFileNameA
PathIsUNCA
AssocQueryStringA
wnsprintfA
PathGetDriveNumberA
PathRemoveFileSpecA

ole32

CoRegisterClassObject
CoRegisterSurrogate
CoInitialize
OleUninitialize
OleInitialize

ws2_32

htonl
ntohs
recv
htons
recvfrom
send
getservbyname

wininet

InternetQueryDataAvailable
HttpQueryInfoA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestA
InternetConnectA
HttpOpenRequestA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetOpenA

msvcrt

time
atoi
strlen
strncmp
localtime
strcmp
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_controlfp
_except_handler3
_adjust_fdiv
__p__fmode
__set_app_type
__p__commode

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 288KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ec1dab97cb0e803e0e2b7475eeda3b5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

shlwapi

ole32

ws2_32

wininet

msvcrt

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 316KB - Virtual size: 316KB

.data Size: 288KB - Virtual size: 1.0MB

.tls Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 316KB - Virtual size: 316KB

.data
Size: 288KB - Virtual size: 1.0MB

.tls
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 11KB