ea6bb7debad424abf89069cb29a49a09_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea6bb7debad424abf89069cb29a49a09_JaffaCakes118
Size

849KB
MD5

ea6bb7debad424abf89069cb29a49a09
SHA1

6b6edd0990948d756ce24a5f2a9c1eeaff631279
SHA256

776714fb4613ff0876ac5c9c8416ba2ff2c87fbec0baa98e65d40b8624ff9116
SHA512

bff4dbf85f19288eeb99d131a9b48f5412d9ff79b6b25a1dcd7361e470f3540d94ad38bce7d95eb401bd645d1d8b6f1c19d3451b801c90bad1992668bb45b13a
SSDEEP

24576:nV9az2F2y8f+j0RSJoWCqi0lQqdPYX1hbRTYhUo:V90ybjASJIqiwjPmTw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea6bb7debad424abf89069cb29a49a09_JaffaCakes118

Files

ea6bb7debad424abf89069cb29a49a09_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6d9a11b1681f2e1e72ace033d46cc200

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpRenameFileA
InternetAutodialHangup
GopherGetLocatorTypeW
FtpSetCurrentDirectoryW
GetUrlCacheGroupAttributeA
FindNextUrlCacheEntryExA
HttpSendRequestExA
IsUrlCacheEntryExpiredW
InternetConfirmZoneCrossingA
CreateUrlCacheContainerW
CreateUrlCacheGroup
FtpGetFileW
InternetShowSecurityInfoByURLW
InternetSetDialStateW
InternetUnlockRequestFile
InternetOpenA

ntdll

strtol
ZwCreateTimer
RtlAreBitsSet
NtOpenJobObject
wcsstr
NlsMbCodePageTag
NtUnloadDriver
ZwQueryQuotaInformationFile
NtQueryDirectoryObject
ZwTerminateJobObject
NtReadRequestData
NtQueryMultipleValueKey
ZwCreateJobObject
ZwMapUserPhysicalPages
ZwSetUuidSeed
NtRemoveProcessDebug
ZwRemoveIoCompletion
NtWaitForDebugEvent

ctl3d32

Ctl3dAutoSubclass
Ctl3dSubclassCtlEx
EditWndProc3d
Ctl3dSetStyle
Ctl3dAutoSubclassEx
Ctl3dUnsubclassCtl
Ctl3dSubclassDlg
Ctl3dGetVer
Ctl3dIsAutoSubclass
StaticWndProc3d
Ctl3dDlgProc
Ctl3dEnabled
Ctl3dUnregister
Ctl3dColorChange
Ctl3dDlgFramePaint
Ctl3dSubclassDlgEx
Ctl3dRegister
BtnWndProc3d
Ctl3dCtlColor

hhsetup

??1CLocation@@QAE@XZ
??1CCollection@@QAE@XZ
?SetFirstChildFolder@CFolder@@QAEXPAV1@@Z
?NewLocation@CCollection@@AAEPAVCLocation@@XZ
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?SetId@CLocation@@QAEXPBD@Z
?GetSampleLocation@CCollection@@QAEPADXZ
?HandleCollection@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?GetOrder@CFolder@@QAEKXZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?GetNextLocation@CLocation@@QAEPAV1@XZ
?GetPath@CLocation@@QAEPADXZ
??4CFIFOString@@QAEAAV0@ABV0@@Z
?GetIdW@CTitle@@QAEPBGXZ
?First@CPointerList@@QAEPAUListItem@@XZ
??0CFolder@@QAE@XZ
??4CCollection@@QAEAAV0@ABV0@@Z
?SetTitle@CFolder@@QAEXPBD@Z

kernel32

GetDateFormatA
CreateThread
IsSystemResumeAutomatic
GetExitCodeThread
GetConsoleMode
CloseProfileUserMapping
GetModuleHandleA
GetBinaryTypeA
GlobalFindAtomW
GetProcessHeaps
CreateEventW
DebugBreakProcess
GetCommandLineA
LZCreateFileW
CreateFileW
GetCurrentThread
VirtualAlloc
SetConsoleCtrlHandler
BaseUpdateAppcompatCache
GetTimeZoneInformation
LoadLibraryA

Sections

.text
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 355KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d9a11b1681f2e1e72ace033d46cc200

Headers

DLL Characteristics

File Characteristics

Imports

wininet

ntdll

ctl3d32

hhsetup

kernel32

Sections

.text Size: 487KB - Virtual size: 486KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 355KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 600B

.text
Size: 487KB - Virtual size: 486KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 355KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 600B