bd08fc31fa8389f1bc1a775046cbce82_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bd08fc31fa8389f1bc1a775046cbce82_JaffaCakes118
Size

212KB
MD5

bd08fc31fa8389f1bc1a775046cbce82
SHA1

952e4c5140548ff4ef1d732f5044d9f1533254f3
SHA256

d5d3a89fbe68d66f41c41b9ce04f85543ee597229bd14fd2259d1e3d8dcf2529
SHA512

db16f17288a39412aaf31c3c22b55a320b568336307c747d53137257041675c72bf185ba06f41066c27c8748f08180ea4e0b911036d925147a15df6caa9a2a4e
SSDEEP

3072:oDWXAlpkxANVobJKcsO7obFjzh5WKZXj8Y7iea2/aNQ34tPStShFf:o6Af2KFF5zhwKZXfa0q+iP7J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd08fc31fa8389f1bc1a775046cbce82_JaffaCakes118

Files

bd08fc31fa8389f1bc1a775046cbce82_JaffaCakes118
.exe windows:4 windows x86 arch:x86

63ceafd76d2daee9fbf324fca77751bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
recv
ntohs
ioctlsocket
select
__WSAFDIsSet
setsockopt
WSAStartup
htons
gethostbyname
connect
WSAGetLastError
socket
closesocket
getsockopt
getsockname
inet_ntoa
inet_addr
send

shlwapi

StrCmpNA
StrChrA
StrRChrW
StrChrIA
StrStrA
StrRChrA
wvnsprintfW
wnsprintfA
StrCmpW
StrStrW
StrStrIW
StrToIntExW
StrToIntExA
wnsprintfW
StrCmpNIA
StrStrIA
StrPBrkA

gdiplus

GdipFree
GdipAlloc
GdipCloneImage
GdipLoadImageFromStream
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipDisposeImage

wininet

DeleteUrlCacheEntryW
GetUrlCacheEntryInfoW

kernel32

IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
HeapSize
GetOEMCP
GetACP
GetStringTypeA
TlsSetValue
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
VirtualFree
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
GetStringTypeW
LCMapStringA
LCMapStringW
GetThreadLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetConsoleOutputCP
GetCPInfo
LoadLibraryA
CreateProcessA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
OpenThread
ExitThread
OpenMutexA
CreateMutexA
GetVersion
GetCommandLineA
DeleteCriticalSection
InterlockedDecrement
GlobalSize
GlobalUnlock
lstrcpynA
GlobalLock
MultiByteToWideChar
lstrcmpW
lstrlenW
IsBadReadPtr
GlobalFree
GlobalAlloc
HeapCreate
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadWritePtr
CloseHandle
WriteFile
SetFilePointer
CreateFileA
GetTickCount
GetCurrentThreadId
WaitForSingleObject
ReleaseMutex
lstrcmpA
SystemTimeToFileTime
GetLocalTime
GetSystemTime
GetTimeZoneInformation
Sleep
lstrlenA
WideCharToMultiByte
RaiseException
lstrcmpiW
lstrcpyA
lstrcmpiA
ReadFile
GetFileSize
CreateFileW
GetLastError
InterlockedCompareExchange
InterlockedExchange
LocalFree
FormatMessageA
CreateThread
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
lstrcatA
TerminateThread
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
lstrcatW
VirtualProtect
GetProcAddress
GetModuleHandleA
GetEnvironmentVariableA
InitializeCriticalSection
GetModuleFileNameW
InterlockedExchangeAdd
InterlockedIncrement
GetVersionExA
GetProcessHeap
GetStdHandle
SetLastError
DeviceIoControl
SetStdHandle
WriteConsoleW
WriteConsoleA

user32

GetDesktopWindow
GetWindowTextW
SetThreadDesktop
MessageBoxW
EnumChildWindows
SendMessageW
CreateDesktopA
CloseClipboard
GetClipboardData
CountClipboardFormats
OpenClipboard
CharLowerW
DestroyWindow
PostMessageA
GetDlgItem
GetWindowInfo
GetDlgCtrlID
GetClassNameA
GetAncestor
IsWindow
GetWindowThreadProcessId
wsprintfA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

shell32

SHFileOperationA

ole32

StringFromCLSID
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SafeArrayCreate
VarBstrCmp
SysFreeString
VariantClear
SysAllocString
VariantCopy
SafeArrayPutElement
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysStringLen

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 67.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63ceafd76d2daee9fbf324fca77751bd

Headers

File Characteristics

Imports

ws2_32

shlwapi

gdiplus

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 180KB - Virtual size: 176KB

.data Size: 28KB - Virtual size: 67.7MB

.text
Size: 180KB - Virtual size: 176KB

.data
Size: 28KB - Virtual size: 67.7MB