c158d6b2131e74e798db5751eb5f3ec2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c158d6b2131e74e798db5751eb5f3ec2_JaffaCakes118
Size

244KB
MD5

c158d6b2131e74e798db5751eb5f3ec2
SHA1

ae57fda8ce8ef0007471baa13a74b9af1118c628
SHA256

4ee4d45176b49cc2f871944b062dff314aaad2284ca8c3d7084264f67fa91913
SHA512

7b6c966abacb1b5385b49939990004d14242523facd78f9ecb51d7c51079cd4c6619662f419f6cd9c7e813149bf470ed57b3679dacaa5bb1fe87a778c61b4fa4
SSDEEP

3072:sElS4PUy3+8rlO9Gglim8f6ZmjoYPrQj:sEFrl+BO6ZmjoYzQj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c158d6b2131e74e798db5751eb5f3ec2_JaffaCakes118

Files

c158d6b2131e74e798db5751eb5f3ec2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

66da6b515adb43f49bc1f2ff2c3513f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExA
CloseHandle
GetCurrentProcess
GetShortPathNameA
WritePrivateProfileStringA
GetVersionExA
GlobalMemoryStatus
GetSystemInfo
GetTickCount
CreateThread
FormatMessageA
SetProcessShutdownParameters
CreateDirectoryA
MoveFileA
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetComputerNameA
SetLastError
lstrcpynA
DeleteFileA
GetFileAttributesA
RemoveDirectoryA
GetDiskFreeSpaceA
lstrcmpiA
SearchPathA
GetPrivateProfileStringA
SetThreadPriority
SetPriorityClass
GlobalAddAtomA
GlobalDeleteAtom
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
lstrcpyA
CreateMutexA
GetLastError
GetStartupInfoA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreA
TlsSetValue
DuplicateHandle
GetCurrentThread
TlsAlloc
ResumeThread
TlsGetValue
GetWindowsDirectoryA
GetProcAddress
CreateProcessA
LoadLibraryA
GetCurrentThreadId
FreeLibrary
ExitProcess
Sleep
lstrcatA
CopyFileA
WinExec
lstrlenA
GetSystemDirectoryA
SetFileAttributesA
GetModuleHandleA

advapi32

StartServiceA
RegCreateKeyA
QueryServiceStatus
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
ControlService
DeleteService
RegOpenKeyA
RegDeleteValueA
LockServiceDatabase
CreateServiceA
GetUserNameA
RevertToSelf
ReportEventA
DeregisterEventSource
CloseServiceHandle
OpenServiceA
OpenSCManagerA
StartServiceCtrlDispatcherA
GetServiceDisplayNameA
RegCloseKey
RegSetValueExA
RegisterEventSourceA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegFlushKey
UnlockServiceDatabase

comctl32

ImageList_Create
ImageList_Add

gdi32

CombineRgn
CreateRectRgnIndirect
DeleteObject
GetRegionData
DeleteDC
CreateRectRgn
GetDIBits
CreateDIBSection
SelectObject
GetDeviceCaps
BitBlt
CreateCompatibleDC
GetStockObject

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p__acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_ftol
_controlfp
strstr
strchr
fflush
_errno
strtok
strncmp
sscanf
time
gmtime
__p__tzname
__p__daylight
realloc
srand
rand
malloc
free
rename
memmove
fread
fopen
fgetc
fclose
ftell
fseek
fwrite
__p__winmajor
__p__winminor
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
atoi
isdigit
__p__pgmptr
strrchr
strncpy
__CxxFrameHandler
??1type_info@@UAE@XZ
_access
_strdup
_tzset
_CxxThrowException
_strlwr
_itoa
calloc
_endthreadex
_beginthreadex

shell32

ShellExecuteA

user32

MessageBoxA
DialogBoxParamA
GetWindowLongA
PostMessageA
DefWindowProcA
BringWindowToTop
SetWindowLongA
GetProcessWindowStation
LoadCursorA
RegisterClassExA
CreateWindowExA
SetTimer
LoadBitmapA
PostQuitMessage
RegisterWindowMessageA
GetSystemMetrics
SetDlgItemTextA
SetDlgItemInt
wsprintfA
GetDlgItemInt
GetDlgItemTextA
EnableWindow
SendMessageA
GetDlgItem
EndDialog
GetUserObjectInformationA
FindWindowA
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
GetClipboardOwner
GetClipboardData
GetPropA
SetPropA
RemovePropA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDC
KillTimer
ChangeClipboardChain
DestroyWindow
ReleaseDC
EnumDesktopWindows
OpenDesktopA
PeekMessageA
GetCaretPos
OffsetRect
UnionRect
IsRectEmpty
GetForegroundWindow
GetTopWindow
EnumWindows
IsWindowVisible
SystemParametersInfoA
mouse_event
GetCursorPos
WindowFromPoint
IntersectRect
SetSysColors
GetKeyboardState
GetDesktopWindow
wvsprintfA
MessageBeep
FlashWindow
VkKeyScanA
GetAsyncKeyState
MapVirtualKeyA
keybd_event
CharToOemA
ExitWindowsEx
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
DestroyMenu
LoadIconA
GetWindowRect
SetClipboardViewer

wsock32

getservbyname
gethostbyaddr
getsockname
getpeername
inet_ntoa
accept
listen
inet_addr
setsockopt
shutdown
recv
send
WSAGetLastError
connect
closesocket
WSACleanup
WSAStartup
socket
htonl
htons
bind
sendto
recvfrom
gethostname
gethostbyname

Sections

RA 0
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

66da6b515adb43f49bc1f2ff2c3513f0

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

msvcrt

shell32

user32

wsock32

Sections

RA 0 Size: 232KB - Virtual size: 232KB

.rsrc Size: 5KB - Virtual size: 8KB

.avp Size: 6KB - Virtual size: 8KB

RA 0
Size: 232KB - Virtual size: 232KB

.rsrc
Size: 5KB - Virtual size: 8KB

.avp
Size: 6KB - Virtual size: 8KB