d09d4bd4b4841d24a481c7e7d2b010d1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d09d4bd4b4841d24a481c7e7d2b010d1_JaffaCakes118
Size

100KB
MD5

d09d4bd4b4841d24a481c7e7d2b010d1
SHA1

5999c9094a82845738715e3c4472bf271543fcdf
SHA256

ee1fb909fc5f82f29902b1c182120608742533df913a5e42143eee67d2c13a5c
SHA512

dd5337ba5d1014d1541775c6637f6726dbb188c46e93f64d7a5bb3b755f4e30214634356e79fc362e554607fee14fb27bff15771aee8952950ab7b593b3d901f
SSDEEP

3072:dR/+tK5p26JqWuDi+MfD6bMNNTgnzl3XzoDJ:dR/+tm22qWuzMG4TMzRY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d09d4bd4b4841d24a481c7e7d2b010d1_JaffaCakes118

Files

d09d4bd4b4841d24a481c7e7d2b010d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d1de72349b7e19dad212a0e5d140ef7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA

kernel32

GetFileSize
CreateFileA
GetLastError
lstrcpynA
lstrcmpA
lstrcpyA
Sleep
GetCurrentDirectoryA
SetEvent
WaitForSingleObject
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
GetSystemTime
SetFilePointer
lstrcmpiA
ReadFile
WriteFile
SetThreadPriority
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
TerminateThread
DeleteFileA
GetFileAttributesA
FindClose
FindNextFileA
GetDateFormatA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
GetLocalTime
SetCurrentDirectoryA
ReleaseMutex
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
SetLastError
GetDriveTypeA
LoadLibraryA
GetProcAddress
GetCurrentThreadId
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetCPInfo
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
WideCharToMultiByte
RtlUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsAlloc
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
InterlockedIncrement
InterlockedDecrement
GetFullPathNameA
ExitThread
TlsSetValue
CreateThread
ResumeThread
HeapFree
GetTimeZoneInformation
HeapAlloc
HeapReAlloc
lstrlenA
CloseHandle

user32

wsprintfA
GetDlgItemTextA
MessageBoxA
PostMessageA
GetDlgItemInt
GetParent
SetDlgItemInt
SetDlgItemTextA
DefWindowProcA
SetTimer
KillTimer
SendMessageA
SetWindowPos
SystemParametersInfoA
GetWindowRect
IsWindowVisible
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowLongA
wvsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetDlgItem
MessageBeep
GetDialogBaseUnits
SetWindowTextA
GetDC
ReleaseDC
GetClassInfoA
RegisterClassA
CreateWindowExA
DialogBoxParamA
GetClientRect
GetTopWindow
InvalidateRect
MoveWindow
FindWindowA
UnregisterClassA
GetWindow
DestroyIcon
LoadIconA
SetClassLongA
GetSystemMenu
AppendMenuA
CheckMenuItem
WinHelpA
GetSystemMetrics
GetCursorPos
TrackPopupMenu
SetForegroundWindow
CreateDialogParamA
SetWindowLongA
CallWindowProcA
EnableWindow
SendDlgItemMessageA
EndDialog
DestroyWindow
GetWindowTextA
ShowWindow
MapDialogRect

gdi32

LPtoDP
GetTextExtentPoint32A

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
DragFinish
DragQueryFileA
DragAcceptFiles
Shell_NotifyIconA

wsock32

WSACleanup
WSAStartup
WSAAsyncGetHostByName
WSAIsBlocking
WSACancelBlockingCall
connect
send
ntohs
recv
WSAAsyncSelect
getservbyname
WSAGetLastError
WSASetLastError
select
closesocket
recvfrom
sendto
socket
setsockopt
bind
htons
htonl
ntohl
gethostname
gethostbyname
inet_addr
ioctlsocket

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jgd
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2d1de72349b7e19dad212a0e5d140ef7

Headers

File Characteristics

Imports

advapi32

kernel32

user32

gdi32

shell32

wsock32

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 52KB

.rsrc Size: 8KB - Virtual size: 5KB

.jgd Size: - Virtual size: 1B

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 52KB

.rsrc
Size: 8KB - Virtual size: 5KB

.jgd
Size: - Virtual size: 1B