e18e0bfe2fb45c8056e82be17f4130e2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e18e0bfe2fb45c8056e82be17f4130e2_JaffaCakes118
Size

131KB
MD5

e18e0bfe2fb45c8056e82be17f4130e2
SHA1

5f55adbd934aa8bc0a505024b6d5020d58bdaf70
SHA256

0ab2c6c3b6e0e0c036d854e87460faaa5ffd09c3937c3a78f4ccbd470c328102
SHA512

cddae7257489963344c0cc1196bedcd8b152c85f2fd6b0056e42a7415724b90f0f1ec37f0da0851b97bb97220a35127c3d64fd96db905b03697d985239413f30
SSDEEP

3072:jAiDV5ox/jb/+7gAfIyRqNpTSKjWENTfB76oU2U:bw9+7TfI1hWEJf99U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e18e0bfe2fb45c8056e82be17f4130e2_JaffaCakes118

Files

e18e0bfe2fb45c8056e82be17f4130e2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7abf637f3e739caac2eed5c4fbdf23f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
lstrlenW
FlushInstructionCache
RaiseException
GetStringTypeExA
GetShortPathNameA
SetThreadLocale
FindFirstFileA
GetLastError
SetLastError
lstrcmpiA
GetThreadLocale
GetProcAddress
EnterCriticalSection
GetTempFileNameA
FindClose
LoadLibraryA
LockResource
CreateEventW
GetModuleFileNameA
FindNextFileA
GetModuleHandleA
LoadLibraryExA
VirtualProtect
OpenEventW
DeleteCriticalSection
GetCurrentThreadId
GetVersionExA
CloseHandle
GetTempPathA
GetSystemTime
DeleteFileA
GetLocaleInfoA
GetEnvironmentVariableA
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
GetSystemDirectoryA
ReadFile
IsDBCSLeadByte
ExitProcess
GetExitCodeProcess
GetFileAttributesA
LeaveCriticalSection
SizeofResource
GetVolumeInformationA
WideCharToMultiByte
FindResourceExA
InitializeCriticalSection
WriteFile
GetWindowsDirectoryA
GetTickCount
SetEvent
WaitForSingleObject
GetUserDefaultLCID
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadResource
FreeLibrary
lstrlenA
FreeResource
lstrcmpA
FindResourceA
GetFileSize
CreateFileA
Sleep
HeapReAlloc
HeapCreate
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetComputerNameA
GetStringTypeW
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange

user32

UpdateWindow
MapWindowPoints
LoadImageA
SetWindowTextA
EnableWindow
CallWindowProcA
DialogBoxParamA
GetSystemMetrics
SystemParametersInfoA
wvsprintfA
PostMessageA
GetActiveWindow
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextA
GetWindow
GetClientRect
ClientToScreen
SetCursor
GetMessageA
SetTimer
ScreenToClient
GetWindowRect
LoadStringA
GetParent
CharNextA
UnregisterClassA
GetWindowTextLengthA
SendMessageA
GetWindowTextA
SetWindowLongA
MessageBoxA
InvalidateRect
CharLowerA
GetWindowLongA
GetDlgItem
EndDialog
DefWindowProcA
RedrawWindow
GetSysColor
SetWindowPos
LoadStringW

gdi32

SetTextColor
CreateFontIndirectA
GetObjectA
GetStockObject
CreateSolidBrush
DeleteObject

advapi32

RegCreateKeyExA
CloseServiceHandle
CreateWellKnownSid
RegCloseKey
GetUserNameA
OpenSCManagerA
RegDeleteValueA
LsaClose
RegQueryInfoKeyA
RegOpenKeyExA
OpenServiceA
ChangeServiceConfigA
RegEnumKeyExA
RegDeleteKeyA
LsaAddAccountRights
RegQueryValueExA
RegSetValueExA
GetTokenInformation
LsaOpenPolicy
OpenProcessToken

shell32

ShellExecuteA
ShellExecuteExA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitialize
StringFromGUID2
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetQueryDataAvailable

Sections

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7abf637f3e739caac2eed5c4fbdf23f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

wininet

Sections

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 82KB - Virtual size: 85KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 8KB - Virtual size: 8KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 82KB - Virtual size: 85KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 8KB - Virtual size: 8KB