b9244e5f1390bdfdb89b6076e0c0b997_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9244e5f1390bdfdb89b6076e0c0b997_JaffaCakes118
Size

41KB
MD5

b9244e5f1390bdfdb89b6076e0c0b997
SHA1

4e7f97b41366a7e412bf3fe402d022f36a3d8a38
SHA256

e11c52efa472ece17b5ee6ece5d9bd8b306cb42a10b171413a044d44a42463c3
SHA512

69f1951ef5a091997146a09ba686a66db85d7a8640ad1b3930de9f5d169b16e071acf2adc53e52a48051c3b8adad9dabc83c5920bff2d06124c8196270e0768d
SSDEEP

768:YGe52urJ+Mr1XjFNZ9WNTrXevL3NlfjD+JFmVBFcO:YGB8tehuWFmVHcO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9244e5f1390bdfdb89b6076e0c0b997_JaffaCakes118

Files

b9244e5f1390bdfdb89b6076e0c0b997_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e16da26bba51174f619b61c35b713257

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
_strnicmp
strncmp
strncpy
_strdup
free
sprintf
strlen
memcmp
strcpy
strcmp
fabs
ceil
malloc
floor
fclose
strcat
memmove

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
GetWindowsDirectoryA
HeapAlloc
HeapFree
FreeLibrary
CloseHandle
InitializeCriticalSection
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
CreateThread
Sleep
MultiByteToWideChar
WideCharToMultiByte
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
GlobalFree
LoadLibraryA
GetProcAddress
SetLastError
GetVersionExA
TlsAlloc
DeleteFileA
GetDriveTypeA
FindFirstFileA
FindClose
GetFileAttributesA
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
HeapReAlloc
TlsGetValue
TlsSetValue
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
WaitForMultipleObjects
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread
DuplicateHandle
CreateSemaphoreA
ReleaseSemaphore

user32

CharUpperA
DestroyWindow
GetWindowLongA
SetFocus
CreateWindowExA
SetWindowLongA
PeekMessageA
TranslateMessage
DispatchMessageA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
SetPropA
SendMessageA
GetParent
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
GetSystemMetrics
GetActiveWindow
GetWindowRect
ShowWindow
CreateAcceleratorTableA
SetCursorPos
LoadImageA
SetCursor
MapWindowPoints
MoveWindow
SystemParametersInfoA
GetKeyState
SetCapture
PostMessageA
GetCursorPos
ReleaseCapture
GetFocus
GetClientRect
FillRect
EnumChildWindows
DefFrameProcA
MsgWaitForMultipleObjects
GetMessageA
TranslateAcceleratorA
IsWindowEnabled
IsWindowVisible
IsChild
GetClassNameA
DestroyIcon

gdi32

DeleteObject
GetStockObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
GetObjectType
CreateDIBSection
SelectObject
BitBlt
CreateBitmap
SetPixel

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegSetValueExA

comctl32

InitCommonControlsEx

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
VariantInit
DispGetParam
VariantClear

ole32

CoInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
OleInitialize
RevokeDragDrop

wsock32

inet_addr
closesocket
WSACleanup
WSAStartup
gethostname
gethostbyname
socket
htons
connect
ioctlsocket
send
sendto
recvfrom
recv
WSAGetLastError

winmm

timeBeginPeriod
timeEndPeriod

icmp

IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle

Sections

.code
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e16da26bba51174f619b61c35b713257

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

comctl32

oleaut32

ole32

wsock32

winmm

icmp

Sections

.code Size: 2KB - Virtual size: 2KB

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 1024B - Virtual size: 654B

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 700B

.code
Size: 2KB - Virtual size: 2KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 1024B - Virtual size: 654B

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 700B