fb0a6ed9dd925b5636511ced0c00bb67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb0a6ed9dd925b5636511ced0c00bb67_JaffaCakes118
Size

632KB
MD5

fb0a6ed9dd925b5636511ced0c00bb67
SHA1

de9f204fc36da4717b840c2102f94c38fd89702b
SHA256

ebab41bdf142cf3018a3e4ee8716a5dd399936c5b002d5993a8f9473d6eaf20b
SHA512

a68d8b65530ffd12fa55fe53c97cbc4556fe823a59ee7c59cadda4bc1f28b9cd765b59e65a1c9e4f7b7325e3bfac07671a2c6e7179fd194f3e678bda2b29b7fb
SSDEEP

12288:tITYipz681R9NvGdTcRWeu7GT/lPEJ8jhCHxU3UXBJSrXobBWiVwb:2Tjrf6TcRO7G/NEJIoHxUQ0obsb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb0a6ed9dd925b5636511ced0c00bb67_JaffaCakes118

Files

fb0a6ed9dd925b5636511ced0c00bb67_JaffaCakes118
.exe windows:4 windows x86 arch:x86

241efff3694144ec98eda147335aa2f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

n:\amudefh\eqeo\kog\hvod.pdb

Imports

wininet

InternetQueryDataAvailable
FtpCreateDirectoryW
FtpRenameFileA
CreateUrlCacheEntryW
CommitUrlCacheEntryA
InternetLockRequestFile

comdlg32

GetFileTitleW

kernel32

GetCurrentThreadId
GetDateFormatA
HeapReAlloc
HeapAlloc
GetStdHandle
CreateDirectoryExA
lstrcpyW
GetStartupInfoA
VirtualProtect
GetACP
GetOEMCP
SystemTimeToTzSpecificLocalTime
IsValidCodePage
GetStringTypeW
GetProcAddress
MultiByteToWideChar
GetEnvironmentStringsW
GetNamedPipeHandleStateW
GetVersionExA
EnterCriticalSection
DeleteCriticalSection
HeapDestroy
LoadLibraryA
GetCurrentProcess
UnhandledExceptionFilter
WideCharToMultiByte
VirtualFree
WriteFileEx
SetLastError
GetModuleHandleA
EnumSystemLocalesA
WriteFile
GetSystemInfo
GetCurrentProcessId
SetFilePointer
GetTickCount
GetCurrentThread
GetTimeZoneInformation
CloseHandle
TlsFree
GetUserDefaultLCID
HeapFree
TlsGetValue
OpenMutexA
VirtualQuery
FlushFileBuffers
GetFileType
GetModuleFileNameA
GetCPInfo
GetCompressedFileSizeW
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCommandLineA
GetLocaleInfoW
InitializeCriticalSection
GetAtomNameW
GetPriorityClass
TlsSetValue
SetConsoleCP
RtlUnwind
CompareStringA
HeapCreate
PulseEvent
GetProcAddress
VirtualAlloc
lstrcmpi
LCMapStringA
SetHandleCount
CompareStringW
RemoveDirectoryW
GetTimeFormatA
GetStringTypeA
IsBadWritePtr
SetEnvironmentVariableA
TerminateProcess
CreateMutexA
ExitProcess
lstrcat
TlsAlloc
LocalUnlock
SetStdHandle
IsValidLocale
GetEnvironmentStrings
HeapSize
GetThreadContext
QueryPerformanceCounter
FreeEnvironmentStringsW
LeaveCriticalSection
GetLastError
GetLocaleInfoA
LCMapStringW
ReadFile
InterlockedExchange

user32

IsWindowEnabled
SetCursor
PtInRect
IsDlgButtonChecked
GetAncestor
EqualRect
ValidateRgn
GetComboBoxInfo
SetClipboardViewer
GetShellWindow
DdeConnect
CreateMDIWindowA
MapVirtualKeyW
MessageBoxA
LoadCursorW
ShowWindow
SetWindowContextHelpId
OemKeyScan
FlashWindow
CharPrevW
MonitorFromRect
SetCursorPos
SendMessageA
InternalGetWindowText
IsZoomed
LoadIconA
GetCaretBlinkTime
ChangeDisplaySettingsA
DlgDirSelectExW
RegisterClassA
RegisterClassExA
DrawCaption
AdjustWindowRect
DefWindowProcW
GetClipboardOwner
RegisterDeviceNotificationW
DdeAccessData
SetTimer
CheckMenuItem
MessageBeep
DestroyWindow
GetUserObjectSecurity
CreateWindowExW
SetUserObjectInformationW

shell32

SHGetDesktopFolder
DragQueryFileAorW

comctl32

ImageList_DragMove
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_GetBkColor
ImageList_Replace
ImageList_Copy
ImageList_Add
ImageList_SetOverlayImage
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIconSize
ImageList_LoadImageA
CreateUpDownControl
CreateStatusWindow
ImageList_DrawIndirect
ImageList_Merge
DrawInsert
CreateToolbarEx

advapi32

LookupAccountNameW
CryptGetKeyParam
RegCloseKey
RegQueryValueA
CryptEnumProviderTypesW
CryptSetProviderExW
CryptHashSessionKey
LookupSecurityDescriptorPartsW

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

241efff3694144ec98eda147335aa2f0

Headers

File Characteristics

PDB Paths

Imports

wininet

comdlg32

kernel32

user32

shell32

comctl32

advapi32

Sections

.text Size: 200KB - Virtual size: 197KB

.rdata Size: 248KB - Virtual size: 245KB

.data Size: 120KB - Virtual size: 122KB

.rsrc Size: 60KB - Virtual size: 57KB

.text
Size: 200KB - Virtual size: 197KB

.rdata
Size: 248KB - Virtual size: 245KB

.data
Size: 120KB - Virtual size: 122KB

.rsrc
Size: 60KB - Virtual size: 57KB