b8cc939d890526852ed7e66f45b84efc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8cc939d890526852ed7e66f45b84efc_JaffaCakes118
Size

248KB
MD5

b8cc939d890526852ed7e66f45b84efc
SHA1

f7214e9549028e0684c1e0fe37d10e8035fd6ff5
SHA256

e321b711dc849065e673cacc2c7cbef7064953c00bb9f3da676e43453bb238d8
SHA512

7abf4c6a252fae4408798abea0a89a923830c5c589e8968e472bc05ac35d426dbca4d1eb473bf7066a11265938b93de22be3c8f9cdafba95a92dffa0bc1a0624
SSDEEP

3072:bkFcKYvRWJVpTGhPbEJYiIstVEa8sljY5oDHaxPq5JYClQKV7z:oFEZWYhPbEJxIZsl7DvEJKBz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8cc939d890526852ed7e66f45b84efc_JaffaCakes118

Files

b8cc939d890526852ed7e66f45b84efc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4d28638ae0908e0b4d49e32afc734862

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DVLP\VS7.2003\Client\Hb4.0\4.7.3.0\_bin\Release_HbTools\HbGuard.pdb

Imports

sensapi

IsNetworkAlive

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

iphlpapi

GetAdaptersInfo

kernel32

GetVersionExA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrlenA
MultiByteToWideChar
GetLastError
GetSystemDirectoryA
CopyFileA
GetModuleFileNameA
MoveFileExA
DeleteFileA
CreateProcessA
GetVolumeInformationA
FindClose
FindNextFileA
FindFirstFileA
WaitForSingleObject
GetProcAddress
LoadLibraryA
FreeLibrary
CloseHandle
OpenProcess
RaiseException
InitializeCriticalSection
DeleteCriticalSection
CompareStringA
CompareStringW
ResumeThread
SetThreadPriority
GetCurrentThreadId
Sleep
CreateThread
FormatMessageA
InterlockedDecrement
WaitForMultipleObjects
ReleaseSemaphore
SetEvent
GetTickCount
GetCurrentThread
ReleaseMutex
CreateSemaphoreA
CreateMutexA
CreateEventA
FindFirstChangeNotificationA
SetFileTime
GetThreadLocale
FileTimeToSystemTime
GetFileTime
WriteFile
UnmapViewOfFile
MoveFileA
GetSystemTime
lstrcpyA
TlsSetValue
TlsGetValue
SetFilePointer
GetCurrentProcessId
OutputDebugStringA
lstrcatA
GetLocalTime
GetFileSize
TlsAlloc
SetUnhandledExceptionFilter
VirtualQuery
IsBadWritePtr
GetCurrentProcess
InterlockedIncrement
ReadFile
SetEndOfFile
GetLocaleInfoW
SetStdHandle
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
GetTimeFormatA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetTimeZoneInformation
FlushFileBuffers
VirtualFree
HeapCreate
TlsFree
SetLastError
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcmpiA
SetEnvironmentVariableA
GetDateFormatA
VirtualProtect
VirtualAlloc
GetSystemInfo
GetStartupInfoA
GetCommandLineA
CreateFileA
GetModuleHandleA
GetOEMCP
QueryPerformanceCounter
TerminateProcess
GetCPInfo
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
LocalFree
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

PostMessageA
PostQuitMessage
DefWindowProcA
UpdateWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
SendMessageA
MsgWaitForMultipleObjects
wsprintfA
MessageBoxA
TranslateMessage
SetTimer
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
DispatchMessageA
LoadIconA

advapi32

RegNotifyChangeKeyValue
RegEnumKeyA
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyA

ole32

CLSIDFromProgID
OleRun
CLSIDFromString
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysStringLen
VarBstrCmp
SysAllocStringLen
VarBstrCat
SysFreeString
VariantClear

shlwapi

StrToIntA
StrRChrA

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d28638ae0908e0b4d49e32afc734862

Headers

File Characteristics

PDB Paths

Imports

sensapi

version

iphlpapi

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 52KB - Virtual size: 48KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 52KB - Virtual size: 48KB