04e936f49b0851c48e3037f34d13f622_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04e936f49b0851c48e3037f34d13f622_JaffaCakes118
Size

520KB
MD5

04e936f49b0851c48e3037f34d13f622
SHA1

20f64f3971c1e3f05a4a603918eb47345ecd0de9
SHA256

77b0ad45477d1183e684a49ec046417cf9683aa0f33f61192daddb2c79c3345a
SHA512

3507df14b59443970889a2e1ee1b92625ed6370de4d94b8f26e68914f02fc0250617621511f1745172952e2e9ef1ca595971024b657f94b9c3c97ff7eceb9a79
SSDEEP

12288:yhBzJ2MXwSfXhqAPzBmvTtsXMfYtWe+/sM:MjfxLPzQBsXMfYse87

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04e936f49b0851c48e3037f34d13f622_JaffaCakes118

Files

04e936f49b0851c48e3037f34d13f622_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7940e453752f8dbf1284bbac05300283

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
LocalAlloc
GetExitCodeThread
TerminateThread
DeleteCriticalSection
SetPriorityClass
GetCurrentProcess
GetOverlappedResult
InitializeCriticalSection
GetDriveTypeA
GetFullPathNameA
SetEvent
SetThreadPriority
GetCurrentThread
CreateEventA
lstrcpyA
ReadFile
LoadLibraryA
GetLocaleInfoA
GetThreadLocale
GetCurrentThreadId
WriteFile
QueryPerformanceCounter
CreateSemaphoreA
SetCurrentDirectoryA
QueryPerformanceFrequency
GetLastError
GetEnvironmentStrings
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GlobalLock
GlobalHandle
HeapReAlloc
ExitProcess
HeapAlloc
HeapFree
WaitForSingleObject
CreateThread
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetUnhandledExceptionFilter
IsBadCodePtr
GetTimeZoneInformation
SetEndOfFile
HeapSize
GetFileAttributesA
CloseHandle
ReleaseSemaphore
SetHandleCount
GetLocalTime
TlsSetValue
ExitThread
GetStartupInfoA
GetCommandLineA
GetVersion
HeapCreate
GetStringTypeA
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
TlsAlloc
SetLastError
TlsGetValue
SetFilePointer
Sleep
GetFileType
GetModuleHandleA
GetStdHandle
GetProcAddress
UnhandledExceptionFilter
GetModuleFileNameA
GetFileSize
CreateFileMappingA
MapViewOfFile
DeviceIoControl
UnmapViewOfFile
CreateFileA
GlobalAlloc
RtlUnwind
GlobalUnlock
GlobalFree
EnterCriticalSection
LeaveCriticalSection

user32

IsDlgButtonChecked
GetDlgItem
EnableWindow
SetDlgItemInt
SendMessageA
GetMessageA
CreateWindowExA
CheckDlgButton
ShowWindow
MoveWindow
SetWindowTextA
PostThreadMessageA
EndDialog
DialogBoxParamA
GetDlgItemInt
ShowCursor
TranslateMessage
DestroyWindow
PostQuitMessage
DispatchMessageA
LoadIconA
SystemParametersInfoA
FillRect
LoadStringA
SetWindowWord
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetWindowWord
GetCursorPos
GetUpdateRgn
GetFocus
DrawTextA
GetWindowRect
OffsetRect
DrawTextExA
BeginPaint
EndPaint
InvalidateRect
LoadCursorA
SetCursor
KillTimer
CheckRadioButton
SendDlgItemMessageA
SetTimer
SetFocus
MessageBeep
PeekMessageA
GetKeyboardState
GetKeyboardLayoutNameA
MessageBoxA
PostMessageA
RegisterWindowMessageA
DefWindowProcA
RegisterClassA
UpdateWindow

gdi32

SetBkColor
CreateFontA
SelectObject
SetTextColor
SetBkMode
GetTextExtentPoint32A
TextOutA
GetRegionData
DeleteObject
CreateRectRgn
CreateRectRgnIndirect
AddFontResourceA
RemoveFontResourceA
GetStockObject
LineTo
MoveToEx
CreatePen

advapi32

RegCloseKey
RegEnumValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegFlushKey
RegEnumKeyExA
RegCreateKeyExA
RegDeleteKeyA

ddraw

DirectDrawCreate

dsound

DirectSoundCreate

winmm

mmioGetInfo
midiStreamPause
midiOutReset
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamRestart
midiOutSetVolume
joySetCapture
mmioAdvance
mmioSetInfo
mmioSeek
mmioOpenA
mmioDescend
mmioRead
mmioAscend
timeKillEvent
timeSetEvent
joyGetPosEx
mciGetDeviceIDA
mciSendCommandA
joyGetDevCapsA
mmioClose
joyReleaseCapture

msacm32

acmMetrics

comctl32

ord17

wsock32

getsockname
ntohs
send
WSAGetLastError
recv
WSACleanup
WSAStartup
gethostname
setsockopt
gethostbyname
connect
inet_ntoa
recvfrom
htonl
htons
socket
bind
sendto
closesocket

aweman32

ord2

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7940e453752f8dbf1284bbac05300283

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ddraw

dsound

winmm

msacm32

comctl32

wsock32

aweman32

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 78KB - Virtual size: 374KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 56KB - Virtual size: 72KB

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 78KB - Virtual size: 374KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 56KB - Virtual size: 72KB