c258bd144f0391f8307168aa67f4dd07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c258bd144f0391f8307168aa67f4dd07_JaffaCakes118
Size

170KB
MD5

c258bd144f0391f8307168aa67f4dd07
SHA1

696203a8d53e72fbf69dd5f92a3eda20c1584cf8
SHA256

d12bb7c65df63564688a6bc7a4388085e5e6ec400cfb4fec4e167e8d3374821e
SHA512

55cf93c5bcd17ee0755054c35d0ddb4a981cbc01e9605e29a9bd24c375d7ffee8d7c79689e857ba8dc93f773f21292ec61598a4fcb134b2e4297ad2dea3fbee4
SSDEEP

3072:/X2xCcUQ4wwSYt+eL46QXMmAIX1vN774:PUVw5h4HMKF17

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c258bd144f0391f8307168aa67f4dd07_JaffaCakes118

Files

c258bd144f0391f8307168aa67f4dd07_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fb2613847167b6ec29178e0961221663

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
lstrcmpA
GetTickCount
SetFilePointer
DeleteFileA
CloseHandle
GetFileSize
CreateFileA
CreateDirectoryA
GetTempPathA
lstrcatA
lstrcpynA
SetThreadPriority
CreateThread
HeapFree
GetProcessHeap
GetCurrentThreadId
HeapAlloc
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CreateProcessW
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
WideCharToMultiByte
Sleep
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapReAlloc
VirtualAlloc
GetLocaleInfoA
RtlUnwind
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
CopyFileA
GlobalAddAtomA
GetDriveTypeA
GetFileAttributesA
lstrcpyA
lstrcmpiA
HeapCreate
GetFileType
lstrlenA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetStdHandle
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue

user32

wsprintfA
GetPropA
EnumWindows
PostMessageA
CharUpperA
FindWindowA
EnableWindow
RemovePropA
SetClassLongA
LoadIconA
SetFocus
EndDialog
MessageBoxA
GetDlgItem
SendMessageA
SetPropA
DialogBoxParamA
SetWindowTextA
SetDlgItemTextA
RegisterWindowMessageA
PostThreadMessageA

shlwapi

PathAddBackslashA
PathFindExtensionA
PathRemoveBlanksA
StrChrA
UrlUnescapeA
PathFindFileNameA
StrStrA
UrlGetPartA
StrStrIW
PathRemoveExtensionA
StrCmpNIA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoGetClassObject
OleUninitialize
OleInitialize

comctl32

ord17

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetSetFilePointer
HttpQueryInfoA
InternetReadFile

rp_shared

GetLangStr
IsDriveTrueRemovableS
RPOpenSaveDialog
UnhackAPIFunction
HackAPIFunction
UnhackCreateProcess
HackCreateProcessA
CheckRPVersion

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb2613847167b6ec29178e0961221663

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

advapi32

ole32

comctl32

wininet

rp_shared

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 94KB - Virtual size: 94KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 94KB - Virtual size: 94KB