e270dc51f1ae34e14fcd0cdc01d54e8e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e270dc51f1ae34e14fcd0cdc01d54e8e_JaffaCakes118
Size

212KB
MD5

e270dc51f1ae34e14fcd0cdc01d54e8e
SHA1

41bae84030e33d22027077f21165339d3916a927
SHA256

499656b1ce52d18ad8f5bdf5ff956177f3a50bd49a1991759dcb8a1557a3f76d
SHA512

b715b54fe75031f1528333296e7c940dad70a74026df524e95b43c444d391c9be1cc5f61f89c5ef3f71240366c0008cd189c64f30d3413e9ca8c7db25cdfb9f8
SSDEEP

3072:/p2iw8M/4/DGjrzEu7GBMIP6tka9McaDAP+U438X6lyNfRLyyDIs:/pJwN/4/DGjrzjuxiV9jH+0fd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e270dc51f1ae34e14fcd0cdc01d54e8e_JaffaCakes118

Files

e270dc51f1ae34e14fcd0cdc01d54e8e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

13d83c26b6de740ceb89bf54eff4aba0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

abs
memcpy
strcat
sprintf
strlen
isdigit
strstr
_strnicmp
rand
atol
strcmp
_ftol
free
malloc
memcmp
_access
srand
_controlfp
_except_handler3
__set_app_type
??1type_info@@UAE@XZ
_strcmpi
_strupr
_strlwr
_chmod
_itoa
_stricmp
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_rmdir
realloc
memset
memchr
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
strncmp
exit
time
strtok
strncpy
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
strcpy
strchr
memmove
strrchr
sscanf
strcspn
atoi
printf
_chdrive
_chdir

kernel32

CreateEventA
GlobalFree
GlobalUnlock
GlobalLock
GetModuleHandleA
GetLocalTime
lstrcatA
lstrlenA
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceA
Sleep
GetTickCount
lstrcpyA
OutputDebugStringA
CloseHandle
WriteFile
GetLastError
SetFilePointer
ReadFile
GetFileSize
CreateFileA
CopyFileA
GetTempPathA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
DeleteFileA
GetModuleFileNameA
RemoveDirectoryA
lstrcmpiA
GetStartupInfoA
InterlockedExchange
GlobalAlloc
LocalFree
LocalAlloc
WaitForSingleObject
GetProcAddress
GetWindowsDirectoryA
FormatMessageA
MultiByteToWideChar
CreateDirectoryA
GetCurrentProcess
TerminateProcess
OpenProcess
RaiseException
GetTempFileNameA
InterlockedDecrement
ResetEvent
ExitThread
GetVersionExA
SetEvent
CreateThread

user32

LoadImageA
GetDlgItem
CallWindowProcA
PostQuitMessage
DefWindowProcA
EnableMenuItem
LoadCursorA
RegisterClassExA
FindWindowA
CreateWindowExA
CharLowerA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadAcceleratorsA
GetDesktopWindow
UpdateWindow
GetWindowLongA
IsWindow
SetWindowLongA
InvalidateRect
CreateDialogParamA
LoadMenuA
GetCursorPos
GetSubMenu
TrackPopupMenuEx
DestroyMenu
MoveWindow
SetTimer
LoadIconA
SetDlgItemTextA
SetWindowPos
EnableWindow
SetFocus
FillRect
ShowWindow
GetActiveWindow
SetWindowTextA
GetWindowTextA
RedrawWindow
GetAsyncKeyState
MessageBoxA
PostMessageA
SetForegroundWindow
SendMessageA
DialogBoxParamA
KillTimer
GetWindowThreadProcessId
PeekMessageA
GetDlgCtrlID
SetCursor
DestroyWindow
EndDialog
LoadStringA
GetParent
GetDC
ReleaseDC
IsIconic
GetWindowRect
ScreenToClient
GetClientRect
IsWindowVisible
BeginPaint
EndPaint

gdi32

SetTextColor
CreateFontA
CreateSolidBrush
SetBkColor
GetDIBColorTable
CreatePalette
SelectPalette
RealizePalette
GetObjectA
StretchBlt
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject

advapi32

CryptDestroyHash
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegConnectRegistryA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptReleaseContext
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptAcquireContextA
CryptDecrypt

shell32

ShellExecuteA
Shell_NotifyIconA

urlmon

URLDownloadToFileA
URLDownloadToCacheFileA

wininet

InternetQueryDataAvailable
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetSetStatusCallback
InternetCloseHandle
InternetReadFile
InternetGetConnectedState
InternetCrackUrlA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ole32

CLSIDFromString
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

Sections

pec1
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

13d83c26b6de740ceb89bf54eff4aba0

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

shell32

urlmon

wininet

version

ole32

oleaut32

Sections

pec1 Size: 128KB - Virtual size: 128KB

.rsrc Size: 60KB - Virtual size: 60KB

.pec Size: 16KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 4KB

pec1
Size: 128KB - Virtual size: 128KB

.rsrc
Size: 60KB - Virtual size: 60KB

.pec
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 4KB