dfe7af9d1ec49e444ee57184158e288f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dfe7af9d1ec49e444ee57184158e288f_JaffaCakes118
Size

176KB
MD5

dfe7af9d1ec49e444ee57184158e288f
SHA1

c93c888703e7a14cc5c842f96014562969eba35d
SHA256

64d170f95a8fb0219cf99438b184df942d135fb9a81417c257f1b8d3f23cca54
SHA512

da40487901c851a93443bac305af7c09bcedbf12df5426626bf7f6f483d34f46541ae379aaad1f4089df04f3f26af9775c3d3b26c9b956c758d8b6191273e695
SSDEEP

3072:WYvGF2GY4js7Sb47H/of9l5YcePJ9gt/h1PhGHSsiyjj87rsjfTcuQrfMhXld5:WYaY4jsGbAfoVq4/h1PpHyjj87raTajm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfe7af9d1ec49e444ee57184158e288f_JaffaCakes118

Files

dfe7af9d1ec49e444ee57184158e288f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

04cf1fb5398b20facf0d220f824849e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Prj\Csa\Energy .net (CSA)\Csa\Release\CSA.pdb

Imports

urlmon

URLDownloadToFileA

kernel32

GlobalFree
SetLastError
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpA
GlobalFlags
GetCurrentThreadId
GetModuleHandleA
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
SetFileAttributesA
GetFileAttributesA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
GetFileType
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
TerminateProcess
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
Sleep
GetSystemTime
LoadLibraryA
GetProcAddress
FreeLibrary
GetTempFileNameA
DeleteFileA
FindFirstFileA
FindClose
FindResourceA
LoadResource
LockResource
SizeofResource
GetTempPathA
CreateFileA
GetModuleFileNameA
lstrcpyA
WriteFile
CloseHandle
CreateProcessA
SetThreadPriority
GetCurrentThread
GetCurrentProcess
SetPriorityClass
ResumeThread
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
DestroyMenu
PostQuitMessage
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowPos
SetWindowLongA
GetDlgItem
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetFocus
SetWindowTextA
GetClassNameA
GetWindowTextA
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
CheckMenuItem
MapWindowPoints
wsprintfA
MessageBoxA

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

ws2_32

recv
select
send
connect
WSAStartup
socket
closesocket
WSACleanup
htons
gethostbyname

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

DeleteDC
GetStockObject
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
CreateBitmap
GetClipBox
SetTextColor
ScaleWindowExtEx
SetWindowExtEx
SetBkColor
SaveDC
RestoreDC
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
SetViewportOrgEx

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

oleaut32

VariantChangeType
VariantClear
VariantInit

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04cf1fb5398b20facf0d220f824849e4

Headers

File Characteristics

PDB Paths

Imports

urlmon

kernel32

user32

advapi32

comctl32

ws2_32

oleacc

gdi32

winspool.drv

oleaut32

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 6KB - Virtual size: 23KB

.rsrc Size: 768B - Virtual size: 768B

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 6KB - Virtual size: 23KB

.rsrc
Size: 768B - Virtual size: 768B