bd17339e74638474ea4d93434b464929_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd17339e74638474ea4d93434b464929_JaffaCakes118
Size

1.8MB
MD5

bd17339e74638474ea4d93434b464929
SHA1

ac156c19603d0ea68065c0ebbbbe9159c793c665
SHA256

feeaf2702cdc4c8d2c98d45bd8c8f1061a5ad8092b94196f818f57ca9af0b4e1
SHA512

6612a8712b05b2df4952d35f982de73a7eaa52074d8828ba64fbcaeb25704f0c7040bbefe3a14fa172a6854d32f94b797db70dff546dda188d43d399b1a98905
SSDEEP

49152:owQmvArNObNKiacvg/2c9rjhqUJ2MdOOi:hAr7iacvU2c9rjhqM8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd17339e74638474ea4d93434b464929_JaffaCakes118

Files

bd17339e74638474ea4d93434b464929_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f1ee80866f4948c4740841934cc61bce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitializeSecurityDescriptor
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetSecurityDescriptorDacl

wsock32

ord1141
ord1142
htons
htonl
ntohl
closesocket
select
listen
inet_ntoa
getsockname
getsockopt
setsockopt
connect
bind
WSAGetLastError
accept
__WSAFDIsSet
ntohs
WSASetLastError
WSACleanup
WSAStartup
ioctlsocket

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser

kernel32

GetStringTypeExA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidLocale
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
CloseHandle
GetSystemTimeAsFileTime
CreateSemaphoreA
ReleaseSemaphore
HeapFree
GetProcessHeap
FormatMessageA
LocalFree
Sleep
WaitForSingleObject
ReleaseMutex
GetProcAddress
GetModuleHandleA
GetStdHandle
TlsGetValue
TlsSetValue
TlsFree
SetWaitableTimer
PostQueuedCompletionStatus
HeapAlloc
WideCharToMultiByte
TlsAlloc
InterlockedExchangeAdd
CreateIoCompletionPort
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GetQueuedCompletionStatus
CreateEventA
SetLastError
InterlockedCompareExchange
SleepEx
SetEvent
GetCurrentThreadId
CreateEventW
CreateWaitableTimerW
GlobalFree
CreateMutexW
OpenMutexW
GetTickCount
InitializeCriticalSection
GetCurrentProcess
CancelIo
lstrcpyW
CreateMutexA
GetTempPathA
TerminateProcess
GetExitCodeThread
PulseEvent
GetModuleFileNameW
DeleteFileW
CreateProcessW
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetCurrentProcessId
GetCommandLineA
VirtualLock
SetFileAttributesA
GetFileAttributesA
FreeLibrary
LoadLibraryA
ExpandEnvironmentStringsA
GetModuleFileNameA
GetVersion
GetFileType
SetProcessAffinityMask
GetProcessAffinityMask
VirtualFree
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
HeapReAlloc
GetDateFormatA
GetTimeFormatA
FindClose
FindNextFileA
FindFirstFileA
FlushFileBuffers
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteFileA
CreateDirectoryA
CreateFileA
SetFilePointer
UnlockFile
LockFile
GetConsoleMode
GetConsoleCP
GetStartupInfoA
CreateThread
ExitThread
ExitProcess
GetModuleHandleW
SetStdHandle
RaiseException
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
SetHandleCount
GetACP
GetOEMCP
IsValidCodePage
ReadFile
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
OpenEventA
ResetEvent
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
QueryPerformanceFrequency
VirtualAlloc
DuplicateHandle
HeapSize

user32

AdjustWindowRect
SetWindowPos
GetWindowLongA
SystemParametersInfoA
SendMessageA
DestroyAcceleratorTable
CreateDialogIndirectParamW
CreateAcceleratorTableA
WaitMessage
GetMessageA
TranslateAcceleratorA
DispatchMessageA
BeginPaint
ValidateRect
EndPaint
KillTimer
PostMessageA
DrawTextA
FrameRect
DrawTextW
FillRect
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
LoadIconW
LoadCursorW
LoadImageW
RegisterClassExW
RegisterClassW
CreatePopupMenu
AppendMenuW
UpdateWindow
SetTimer
GetMessageW
IsWindow
TranslateMessage
DispatchMessageW
PostQuitMessage
GetCursorPos
SetForegroundWindow
TrackPopupMenu
GetSystemMetrics
CreateWindowExW
ShowWindow
MessageBoxW
DestroyWindow
SetWindowTextW
GetClientRect
InvalidateRect
MapWindowPoints
RedrawWindow
DefWindowProcW
LoadStringA

gdi32

GetStockObject
DeleteObject
CreateSolidBrush
SetTextColor
SelectObject
Ellipse
SetBkMode

shell32

Shell_NotifyIconW

ws2_32

getaddrinfo
WSARecv
freeaddrinfo
WSAAddressToStringA
WSAStringToAddressA
WSASend
WSASocketW

Exports

Exports

failh_alloc
failh_config
failh_error
failh_fini
failh_free
failh_handler
failh_init
failh_selfexec_hook
failh_strdup
failh_zalloc

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1ee80866f4948c4740841934cc61bce

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

wsock32

winhttp

kernel32

user32

gdi32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 372KB - Virtual size: 372KB

.data Size: 138KB - Virtual size: 165KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 171KB - Virtual size: 170KB

.reloc Size: 67KB - Virtual size: 67KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 372KB - Virtual size: 372KB

.data
Size: 138KB - Virtual size: 165KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 171KB - Virtual size: 170KB

.reloc
Size: 67KB - Virtual size: 67KB