29fd76da7854105da4ebc5bcffa36941_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29fd76da7854105da4ebc5bcffa36941_JaffaCakes118
Size

270KB
MD5

29fd76da7854105da4ebc5bcffa36941
SHA1

ab7e31c3cff58d878f355174dd7db07d63623eb4
SHA256

01a2c286fabc9b7e1f202265dda7523617447a7fd53745541c82f834586872ff
SHA512

0491e4b5b9e1e9b434f89f4d37fa1619d3e04748db4ea09f24d8e48c9bc44e5de6fbdd061e7ff029efea68b78869f02d829a0f6554a3a3b1c432ec216b94022d
SSDEEP

6144:fciTVcs/XbLRKH7lj53V6PLgOBSaqmSaEdM9dIb:fciTVc0XPO7lj5F6PLggEmQM7I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29fd76da7854105da4ebc5bcffa36941_JaffaCakes118

Files

29fd76da7854105da4ebc5bcffa36941_JaffaCakes118
.exe windows:4 windows x86 arch:x86

65e56e5678eda4b985187f06a89a9f14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

GopherGetLocatorTypeW
CreateUrlCacheGroup
FindNextUrlCacheGroup
FtpRenameFileW
DetectAutoProxyUrl
InternetQueryFortezzaStatus
ShowX509EncodedCertificate
HttpEndRequestW
InternetShowSecurityInfoByURLA
FtpGetCurrentDirectoryA
RegisterUrlCacheNotification
GetUrlCacheEntryInfoExA
FindNextUrlCacheContainerA
FtpFindFirstFileA
FindFirstUrlCacheContainerW
InternetSetFilePointer
InternetAlgIdToStringW
InternetOpenA
InternetGoOnline
GetUrlCacheConfigInfoA
SetUrlCacheEntryGroup
InternetCombineUrlA

user32

GetCursor
GetActiveWindow
ReleaseDC
DrawCaption
SwitchToThisWindow
GetClassInfoA
GetDlgItemInt
GetSystemMenu
CreateIconIndirect
CharUpperBuffA
DdeCreateStringHandleW

advapi32

CryptDuplicateKey
RegDeleteKeyA
CryptGetProvParam
LookupAccountNameA
RegQueryValueA

shell32

ExtractAssociatedIconA
DragQueryPoint
SHFileOperationW
SHBrowseForFolder
SHGetDataFromIDListW
SHEmptyRecycleBinW
SHGetDataFromIDListA
SHGetPathFromIDListA
DuplicateIcon
RealShellExecuteA
DoEnvironmentSubstW
DragQueryFile
SHAppBarMessage
ShellHookProc
SHGetDiskFreeSpaceA
ShellExecuteW
SHGetDesktopFolder
ShellExecuteA
SHGetInstanceExplorer
ExtractAssociatedIconExW
SHChangeNotify

kernel32

HeapAlloc
WideCharToMultiByte
HeapFree
GetVersionExA
LCMapStringA
GetLogicalDriveStringsW
GetCurrentThread
GetUserDefaultLCID
SetConsoleCtrlHandler
EnterCriticalSection
GetDateFormatA
GetCurrentThreadId
GetTempFileNameA
RtlUnwind
GetLocaleInfoA
GetModuleFileNameW
InitializeCriticalSection
GetOEMCP
GetCurrentProcess
FillConsoleOutputAttribute
HeapReAlloc
VirtualFree
InterlockedExchange
GetNamedPipeHandleStateW
SetLastError
lstrcatA
TlsFree
GetTimeZoneInformation
TlsAlloc
GetStringTypeA
HeapCreate
SetHandleCount
IsValidLocale
ExpandEnvironmentStringsA
OpenFile
LeaveCriticalSection
GetSystemTimeAsFileTime
GlobalFix
GetThreadLocale
GetTimeFormatA
GetCommandLineW
GlobalDeleteAtom
OpenMutexW
LCMapStringW
WriteProfileSectionW
GetModuleHandleA
DeleteCriticalSection
EnumDateFormatsExA
GetACP
GetEnvironmentStrings
FreeEnvironmentStringsA
WritePrivateProfileSectionA
GetProcAddress
WriteFile
GetModuleFileNameA
GetCPInfo
GetStdHandle
GetStartupInfoA
LocalAlloc
InterlockedDecrement
GetFileType
GetEnvironmentStringsW
IsValidCodePage
LoadLibraryA
FreeEnvironmentStringsW
InterlockedIncrement
EnumSystemLocalesA
GetCurrentProcessId
QueryPerformanceCounter
SetConsoleOutputCP
GetTickCount
LoadModule
FreeLibrary
WaitCommEvent
IsDebuggerPresent
CompareStringA
TlsSetValue
VirtualQuery
UnhandledExceptionFilter
ExitProcess
Sleep
CreateRemoteThread
CreateFileMappingW
CreateSemaphoreA
SetUnhandledExceptionFilter
GetCommandLineA
MultiByteToWideChar
TerminateProcess
TlsGetValue
GetStringTypeW
CreateEventA
GetLocaleInfoW
GetLastError
GetStartupInfoW
HeapDestroy
VirtualProtect
SetEnvironmentVariableA
CompareStringW
HeapSize
GetProcessHeap
VirtualAlloc
SetConsoleTextAttribute

gdi32

GdiPlayScript
SetTextAlign
PolyBezier
GetViewportOrgEx
CopyEnhMetaFileW
SetDeviceGammaRamp
UpdateColors
GetObjectType
EnumMetaFile
DeleteDC
SetTextJustification

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65e56e5678eda4b985187f06a89a9f14

Headers

File Characteristics

Imports

wininet

user32

advapi32

shell32

kernel32

gdi32

Sections

.text Size: 144KB - Virtual size: 143KB

.data Size: 114KB - Virtual size: 118KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 144KB - Virtual size: 143KB

.data
Size: 114KB - Virtual size: 118KB

.rsrc
Size: 11KB - Virtual size: 11KB