d47b660b86e451f1d1daab8a5505cf04_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d47b660b86e451f1d1daab8a5505cf04_JaffaCakes118
Size

179KB
MD5

d47b660b86e451f1d1daab8a5505cf04
SHA1

4462ff06ac08ad7391d30694cbd05edba729ae86
SHA256

3e9a2a1a1eba4ce356b579a3c5b570c90e4b7c75968e833aa07701fd33aa4dd0
SHA512

21ee7d51eda98a490f584b533110d623d33ad69018356500f5b122a5e6f6676eb749b39ba58c045280788b0444a129b4b71c3086bdef7b168a10a3a5a2d643ea
SSDEEP

3072:zgbvMTwq0MIdObSSvLroo9/KXq8m9wFByAS2DFQ+C2tEtsMNCd6/hzilXJH:Uw0q0MIdOtL8Q/KrYCDFOwEtLIdCtiz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d47b660b86e451f1d1daab8a5505cf04_JaffaCakes118

Files

d47b660b86e451f1d1daab8a5505cf04_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2767314fbe27486bf221af8be7748ced

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipFree
GdipCreateBitmapFromFileICM
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipCloneImage

user32

GetWindowLongA
DefWindowProcA
GetWindowTextLengthA
RegisterWindowMessageA
SetRect
GetSysColor
SetCapture
DestroyAcceleratorTable
SetWindowTextA
wvsprintfA
MsgWaitForMultipleObjects
GetWindow
ShowWindow
EndPaint
SetParent
UnregisterClassA
CharNextA
CreateAcceleratorTableA
GetActiveWindow
KillTimer
GetClientRect
RedrawWindow
GetDC
GetWindowTextA
CreateDialogParamA
DestroyWindow
DrawTextA
SetFocus
FillRect
ReleaseCapture
SetTimer
SetWindowLongA
MoveWindow
GetClassInfoExA
GetParent
InvalidateRect
ReleaseDC
CallWindowProcA
EnumDisplayDevicesA
IsChild
PostMessageA
InvalidateRgn
BeginPaint
GetDlgItem
PeekMessageA
CopyRect
GetDesktopWindow
SendNotifyMessageA
FindWindowA
SendMessageTimeoutA
GetFocus
SendMessageA
DispatchMessageA
RegisterClassExA
IsWindow
GetQueueStatus
LoadCursorA
GetWindowRect
wsprintfA
CreateWindowExA
PostThreadMessageA
EqualRect
GetClassNameA
SetWindowPos

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

kernel32

SizeofResource
GetCurrentThreadId
GetDriveTypeW
InterlockedIncrement
GetSystemInfo
GlobalUnlock
QueryPerformanceCounter
LoadLibraryExA
LoadLibraryW
OutputDebugStringA
OutputDebugStringW
lstrcpyA
CreateThread
LocalFree
GetShortPathNameW
ExitProcess
OpenFileMappingA
CreateFileMappingA
CreateEventA
IsDBCSLeadByte
TerminateProcess
WideCharToMultiByte
GetACP
InitializeCriticalSection
SetThreadPriority
ReadFile
GetCurrentProcess
GetProcessAffinityMask
_llseek
VirtualProtect
lstrcmpA
MapViewOfFile
ResetEvent
LoadResource
MulDiv
IsBadWritePtr
GetFileAttributesW
SetEnvironmentVariableW
GetCurrentThread
RaiseException
CreateFileA
WaitForMultipleObjects
InterlockedDecrement
Beep
DeviceIoControl
VirtualAlloc
WaitForSingleObject
GetSystemTime
LoadLibraryA
IsDebuggerPresent
GlobalSize
CreateSemaphoreA
DeleteFileA
HeapFree
GetProcessHeap
GetModuleFileNameW
DeleteCriticalSection
EnumResourceTypesW
CloseHandle
WriteProcessMemory
GlobalAlloc
GlobalReAlloc
HeapAlloc
GetCurrentProcessId
VirtualFree
GetTempPathW
GetTempPathA
InterlockedExchange
GetFileAttributesA
GetSystemTimeAsFileTime
GetThreadLocale
GetProcAddress
GetThreadPriority
IsBadReadPtr
GetModuleHandleA
EnterCriticalSection
VirtualQuery
MultiByteToWideChar
GetModuleFileNameA
GlobalFree
SetEvent
GlobalLock
GetTickCount
LeaveCriticalSection
GetLocaleInfoA
lstrcmpiA
CreateDirectoryA
WriteFile
FreeLibrary
GetLastError
GetVersionExA
lstrlenA
CreateDirectoryW
FlushInstructionCache
Sleep
lstrcpynA
FindResourceA
GetVolumeInformationW
lstrlenW

ole32

CLSIDFromProgID
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
CoGetClassObject
CoCreateInstance
StgOpenStorage
CoUninitialize
CreateStreamOnHGlobal
StgCreateDocfile
CoSetProxyBlanket
OleUninitialize
GetRunningObjectTable
CoTaskMemAlloc
StgIsStorageFile
OleInitialize
OleLockRunning
CreateBindCtx
CreateItemMoniker
CoInitialize
BindMoniker
CoInitializeSecurity
CLSIDFromString

gdi32

CreateFontA
GetDeviceCaps
DeleteDC
CreateDIBSection
GetStockObject
RealizePalette
BitBlt
DeleteObject
CreateDIBitmap
GetObjectA
SetStretchBltMode
ExtEscape
SelectObject
CreateCompatibleBitmap
StretchDIBits
CreateSolidBrush
SelectPalette
GetDIBits
CreateCompatibleDC
SetBkMode

winmm

timeGetTime
timeSetEvent

advapi32

CryptDestroyHash
RegEnumKeyExA
CryptHashData
CryptEncrypt
CryptCreateHash
RegQueryValueExA
CryptGetHashParam
CryptReleaseContext
RegQueryInfoKeyA
CryptImportKey
CryptAcquireContextA
CryptDestroyKey
RegDeleteValueA
RegEnumValueA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA

shlwapi

PathFileExistsW
PathCombineW

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2767314fbe27486bf221af8be7748ced

Headers

File Characteristics

Imports

gdiplus

user32

wininet

setupapi

version

shell32

kernel32

ole32

gdi32

winmm

advapi32

shlwapi

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 7KB - Virtual size: 6KB

.bss Size: 66KB - Virtual size: 66KB

.tls Size: 1024B - Virtual size: 376KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 7KB - Virtual size: 6KB

.bss
Size: 66KB - Virtual size: 66KB

.tls
Size: 1024B - Virtual size: 376KB