f507be97767ebbe412d1933e2854b002_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f507be97767ebbe412d1933e2854b002_JaffaCakes118
Size

180KB
MD5

f507be97767ebbe412d1933e2854b002
SHA1

d09ac1d2ab3e2d80915990f38e9ecad52b39ffd4
SHA256

ee54109c1ecb83dd41eb99304cda2666f5ac09e052c095fb9d8d59b7a3a2830b
SHA512

8db45581782da9f6c88fffa9b3d7b07a846ee597e0c8ca5038ebb443a621ceedcf5d764894f40bd6861c940f3b4e51e066f8fe00d5eb647bc538b57fe06db15a
SSDEEP

3072:/d15AwGsxCBoOhHXiMGRB9DWmnxR38xKz1BhsIQdrKHkGLqNhaN:/d15ahSKxGH9jswmhKEGLKhaN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f507be97767ebbe412d1933e2854b002_JaffaCakes118

Files

f507be97767ebbe412d1933e2854b002_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fe6949909c802edd5df394abd1d4df75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime
timeSetEvent

kernel32

GetSystemInfo
FindResourceA
LeaveCriticalSection
CreateThread
WriteProcessMemory
GlobalSize
GetCurrentThreadId
GetLastError
GetShortPathNameW
VirtualProtect
SetEnvironmentVariableW
QueryPerformanceCounter
CreateFileMappingA
CreateFileA
DeviceIoControl
GetSystemTimeAsFileTime
WriteFile
MultiByteToWideChar
GetTempPathA
OutputDebugStringW
GetVolumeInformationW
GetCurrentThread
CreateDirectoryW
_llseek
GetProcessAffinityMask
WaitForSingleObject
GlobalLock
SetThreadPriority
GlobalFree
HeapAlloc
GetTickCount
MapViewOfFile
GetCurrentProcessId
GlobalUnlock
GlobalReAlloc
TerminateProcess
lstrcpyA
IsBadWritePtr
GetSystemTime
OpenFileMappingA
InitializeCriticalSection
GlobalAlloc
Beep
GetThreadLocale
WideCharToMultiByte
GetVersionExA
CreateEventA
lstrcmpiA
EnterCriticalSection
IsDebuggerPresent
GetTempPathW
LoadLibraryA
EnumResourceTypesW
Sleep
lstrcmpA
HeapFree
FlushInstructionCache
FreeLibrary
GetThreadPriority
GetProcAddress
VirtualQuery
CloseHandle
VirtualAlloc
DeleteCriticalSection
GetLocaleInfoA
GetFileAttributesA
IsBadReadPtr
MulDiv
DeleteFileA
OutputDebugStringA
lstrcpynA
LocalFree
ResetEvent
GetModuleFileNameA
ReadFile
SizeofResource
GetACP
VirtualFree
InterlockedExchange
WaitForMultipleObjects
GetModuleFileNameW
LoadLibraryExA
InterlockedDecrement
GetDriveTypeW
GetFileAttributesW
CreateDirectoryA
IsDBCSLeadByte
CreateSemaphoreA
ExitProcess
GetCurrentProcess
InterlockedIncrement
lstrlenA
GetProcessHeap
SetEvent
GetModuleHandleA
RaiseException
LoadLibraryW
LoadResource
lstrlenW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

ole32

CoTaskMemFree
StgIsStorageFile
GetRunningObjectTable
OleInitialize
CoGetClassObject
StgOpenStorage
CoUninitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
OleLockRunning
CoSetProxyBlanket
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoInitialize
BindMoniker
CoTaskMemAlloc
CreateStreamOnHGlobal
CreateItemMoniker
StgCreateDocfile
OleUninitialize
CLSIDFromString

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

user32

DefWindowProcA
PostMessageA
PostThreadMessageA
DrawTextA
RegisterWindowMessageA
GetWindowTextA
PeekMessageA
GetFocus
GetDlgItem
EndPaint
GetWindowLongA
SetWindowTextA
DestroyAcceleratorTable
ReleaseCapture
wsprintfA
MoveWindow
FillRect
GetDesktopWindow
SetTimer
FindWindowA
SetCapture
LoadCursorA
SetParent
DestroyWindow
GetParent
GetSysColor
GetWindow
DispatchMessageA
CreateAcceleratorTableA
ShowWindow
GetQueueStatus
CreateWindowExA
KillTimer
GetClassNameA
GetClientRect
MsgWaitForMultipleObjects
GetWindowTextLengthA
RegisterClassExA
IsWindow
SetFocus
IsChild
SendMessageA
UnregisterClassA
GetClassInfoExA
SendNotifyMessageA
GetDC
RedrawWindow
GetActiveWindow
CallWindowProcA
ReleaseDC
CopyRect
BeginPaint
InvalidateRect
InvalidateRgn
CreateDialogParamA
SendMessageTimeoutA
wvsprintfA
GetWindowRect
SetRect
CharNextA
EqualRect
EnumDisplayDevicesA
SetWindowLongA
SetWindowPos

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

gdiplus

GdipCreateBitmapFromFileICM
GdipGetImagePixelFormat
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromFile
GdipCloneImage

advapi32

CryptCreateHash
RegEnumKeyExA
CryptHashData
CryptImportKey
CryptReleaseContext
RegEnumValueA
CryptGetHashParam
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CryptDestroyHash
RegOpenKeyExA
CryptAcquireContextA
CryptDestroyKey
RegQueryInfoKeyA
RegDeleteValueA
CryptEncrypt
RegQueryValueExA
RegDeleteKeyA

version

GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

shlwapi

PathFileExistsW
PathCombineW

gdi32

CreateSolidBrush
CreateDIBSection
GetDIBits
SetStretchBltMode
SelectObject
DeleteDC
RealizePalette
GetStockObject
ExtEscape
CreateFontA
CreateDIBitmap
DeleteObject
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
SelectPalette
StretchDIBits
GetObjectA
GetDeviceCaps
SetBkMode

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe6949909c802edd5df394abd1d4df75

Headers

File Characteristics

Imports

winmm

kernel32

setupapi

ole32

wininet

user32

shell32

gdiplus

advapi32

version

shlwapi

gdi32

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 7KB - Virtual size: 6KB

.bss Size: 69KB - Virtual size: 68KB

.tls Size: 1024B - Virtual size: 372KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 7KB - Virtual size: 6KB

.bss
Size: 69KB - Virtual size: 68KB

.tls
Size: 1024B - Virtual size: 372KB