b99f8ccc67e75e6949bfda1cc3e556af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b99f8ccc67e75e6949bfda1cc3e556af_JaffaCakes118
Size

528KB
MD5

b99f8ccc67e75e6949bfda1cc3e556af
SHA1

d95838a8d467667590e42690251da193395b1736
SHA256

d710360df3468fcfd612a956a648bf6e51639b6f8179b4fdcdb2baf82fa6932e
SHA512

aff4cc67d2233732fb1d58a4b725ab2245c3605c3313d7b18a090b86dd12de12cbaaf7a97944b24ae37946450fa1986671add0f128241e85a83b88ae8b719492
SSDEEP

12288:SPuJPdnM+CWOFHFHdGJTZAbW9tuKc4yxqXr7bFdm5Uf01p8kwZ:SPuJPdnM5WCHFHd0RruKc4wqXjFM5UcS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b99f8ccc67e75e6949bfda1cc3e556af_JaffaCakes118

Files

b99f8ccc67e75e6949bfda1cc3e556af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ea7fbb564cfa2563bfc7e87b101b6eab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
free
modf
memmove
tolower
_CIpow
floor
rand
strncpy
srand
_CIfmod
strtod
toupper
atoi
_ftol
??2@YAPAXI@Z
strrchr
sprintf
strncmp
??3@YAXPAX@Z
_strnicmp
_stricmp

user32

GetWindowRect
GetDesktopWindow
UpdateWindow
SetClassLongA
GetClassLongA
MoveWindow
DestroyWindow
PostMessageA
EnableWindow
GetClassNameA
GetClientRect
SetMenu
DrawMenuBar
SetWindowTextA
GetWindowTextLengthA
SendMessageA
ShowWindow
RegisterWindowMessageA
MessageBoxA
SendMessageTimeoutA
IsWindowVisible
GetParent
MapWindowPoints
IsWindowEnabled
CreateWindowExA
WindowFromPoint
GetCursorPos
DispatchMessageA
LoadIconA
LoadCursorA
TranslateMessage
GetMessageA
FindWindowExA
IsWindow
OpenIcon
GetSysColor
RegisterClassExA
DefWindowProcA
PostQuitMessage
SetFocus
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
SetTimer
KillTimer
TranslateAcceleratorA
IsDialogMessage
TranslateMDISysAccel
GetSystemMetrics
PeekMessageA
wsprintfA
GetWindowTextA

kernel32

ExitProcess
HeapReAlloc
IsBadReadPtr
MultiByteToWideChar
ReadProcessMemory
RtlMoveMemory
lstrcpyn
HeapFree
HeapAlloc
GetProcessHeap
GetModuleHandleA
CreateEventA
OpenEventA
CloseHandle
Process32Next
Process32First
WideCharToMultiByte
GetCurrentProcess
LCMapStringA
GetVersionExA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CopyFileA
Sleep
CreateFileA
WriteFile
GetTickCount
CreateToolhelp32Snapshot

gdi32

DeleteObject
GetStockObject
CreateSolidBrush

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation

shlwapi

PathIsDirectoryA

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle

comctl32

InitCommonControlsEx
ord17

oleacc

ObjectFromLresult

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize

oleaut32

LoadTypeLi
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
VarR8FromBool
SafeArrayGetElement
VarR8FromCy
VariantInit
VariantChangeType

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 380KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ea7fbb564cfa2563bfc7e87b101b6eab

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

gdi32

shell32

shlwapi

wininet

comctl32

oleacc

advapi32

ole32

oleaut32

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 380KB - Virtual size: 425KB

.rsrc Size: 36KB - Virtual size: 34KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 380KB - Virtual size: 425KB

.rsrc
Size: 36KB - Virtual size: 34KB