d23f27762ef89bb3a41bb8bc80051b29_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d23f27762ef89bb3a41bb8bc80051b29_JaffaCakes118
Size

772KB
MD5

d23f27762ef89bb3a41bb8bc80051b29
SHA1

f7fa43760aeb6d74a9fa02a7b6d1fe6b7e496aad
SHA256

414d7a78da276f0cc181698729210a6cb622690554e0adffc9ee676f88d0cdc0
SHA512

852bf03c07de63620bc20a11f520d01cec0691561800ac0746dac4fe59ebfb641f543df9b407da6c3c42ce90e0634fe40fdab35a70c1dbd8607689197eccda68
SSDEEP

12288:92CQ2j+3LlB8drwsSIHGKjvylA9J9/hpPl2U10NXdX4:EPlMrx/LKA9J9/hpPl2g0NNX4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d23f27762ef89bb3a41bb8bc80051b29_JaffaCakes118

Files

d23f27762ef89bb3a41bb8bc80051b29_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdbdd9f06af206646d876b87a7f0c631

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ioctlsocket
htonl
gethostbyname
gethostname
WSACleanup
WSAStartup

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

comctl32

_TrackMouseEvent

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

shlwapi

SHDeleteKeyA

kernel32

MultiByteToWideChar
HeapFree
GetProcessHeap
MulDiv
lstrlenW
lstrcmpA
WideCharToMultiByte
GetLastError
GetModuleFileNameA
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
HeapAlloc
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
LeaveCriticalSection
GetModuleHandleA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
LockResource
GetExitCodeProcess
DeleteFileA
GetShortPathNameA
RemoveDirectoryA
CreateDirectoryA
GetTempPathA
GetSystemDirectoryA
MoveFileA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
GetWindowsDirectoryA
SetLastError
GlobalFree
GlobalHandle
GetTickCount
GetLocalTime
GlobalAlloc
GetVolumeInformationA
GetProcAddress
LoadLibraryA
MoveFileExA
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
ReadFile
LCMapStringW
LCMapStringA
HeapSize
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetStartupInfoA
ExitProcess
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
GetSystemTimeAsFileTime
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GlobalLock
GlobalUnlock
lstrlenA
RaiseException
DeleteCriticalSection
OpenMutexA
CloseHandle
CreateMutexA
GetCommandLineA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
SetHandleCount
GetStdHandle
SetStdHandle
FlushFileBuffers
CreateFileA
GetFileType
SetFilePointer
WriteFile
UnhandledExceptionFilter
GetTimeZoneInformation
SetEndOfFile
CompareStringA
CompareStringW
Sleep
SetEnvironmentVariableA

user32

PostQuitMessage
LoadImageA
EndDialog
DialogBoxParamA
wsprintfA
CallWindowProcA
DestroyWindow
GetDlgItem
SendMessageA
InvalidateRgn
InvalidateRect
ShowWindow
KillTimer
SetTimer
SetCapture
ReleaseCapture
CreateAcceleratorTableA
CharNextA
GetParent
GetClassNameA
SetWindowPos
RedrawWindow
IsWindow
GetClientRect
GetUpdateRgn
FillRect
EndPaint
GetDC
ReleaseDC
SetWindowContextHelpId
SetDlgItemTextA
CreateDialogIndirectParamA
GetDlgItemTextA
DrawTextA
SetActiveWindow
EnableWindow
EnumChildWindows
SetPropA
ScreenToClient
GetPropA
FindWindowA
IsChild
SetFocus
GetFocus
GetWindow
GetSysColor
DestroyAcceleratorTable
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetWindowLongA
RegisterWindowMessageA
GetClassInfoExA
UnregisterClassA
LoadCursorA
RegisterClassExA
CreateWindowExA
SetWindowLongA
CreateDialogParamA
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
DefWindowProcA
MapDialogRect
GetWindowRect
GetSystemMetrics
GetForegroundWindow
BeginPaint
GetDesktopWindow

gdi32

CreateRectRgn
FillRgn
SetStretchBltMode
GetDIBits
CreateFontIndirectA
SetTextColor
SetBkMode
StretchBlt
SetBkColor
GetStockObject
GetObjectA
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
SetDIBits
GetDeviceCaps
DeleteDC

advapi32

RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

OleUninitialize
CreateStreamOnHGlobal
CoUninitialize
OleInitialize
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
CoInitialize

oleaut32

OleCreateFontIndirect
SysAllocStringLen
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringByteLen
VariantClear
VariantInit
SysAllocString

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fdbdd9f06af206646d876b87a7f0c631

Headers

File Characteristics

Imports

wsock32

rpcrt4

comctl32

wininet

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 220KB - Virtual size: 220KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 368KB - Virtual size: 368KB

.rsrc Size: 132KB - Virtual size: 132KB

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 368KB - Virtual size: 368KB

.rsrc
Size: 132KB - Virtual size: 132KB