3868b065f306255da3175357308a22ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3868b065f306255da3175357308a22ca_JaffaCakes118
Size

252KB
MD5

3868b065f306255da3175357308a22ca
SHA1

51310e21de0849d054e0516359b76a9be8f51570
SHA256

f5c800c6e9e4b19e6ee34e159e959404f48e360c8c3b3dedca74cc4bccde6d49
SHA512

291e21da27e8b9e764892974111c8cda6caec49b457b921dd336e235b6fe49a3a82a50f251cedcc03559ebd8b451506e221a0dae8385c3a617e293b1af3aa03a
SSDEEP

3072:8SjfMomFc2B5jNaq26d0y+eP11QLXRn9bdS+Pl5MgA5BJpY+52H3FAtyzsu:zCc2B5jN06n+eP11QLhn9bdHMgCJsHf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3868b065f306255da3175357308a22ca_JaffaCakes118

Files

3868b065f306255da3175357308a22ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e0fe5a49f5075043dabb4d8121183cb7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\WinXRar\Project\18winxrar_new_design_withfilelist_with3sms\tempview\Release\winxrarview.pdb

Imports

kernel32

GetVolumeInformationW
GetStdHandle
GetShortPathNameW
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
FindResourceW
LoadResource
InterlockedDecrement
LoadLibraryW
SizeofResource
GetProcAddress
LockResource
CreateEventW
InterlockedCompareExchange
InterlockedExchange
LocalFree
GetModuleFileNameW
SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
LoadLibraryA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetOEMCP
GetACP
DeleteCriticalSection
EnterCriticalSection
OpenMutexW
WritePrivateProfileStringW
LeaveCriticalSection
Sleep
InitializeCriticalSection
GetPrivateProfileStringW
CreateMutexW
HeapSize
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FlushFileBuffers
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
ExitProcess
SetUnhandledExceptionFilter
GetModuleHandleA
RaiseException
RtlUnwind
GetCPInfo
GetStartupInfoW
GetProcessHeap
GetVersionExA
GetSystemTimeAsFileTime
HeapAlloc
GetFileType
SetStdHandle
IsDebuggerPresent
InterlockedIncrement

user32

DefWindowProcW
SetWindowTextW
UpdateWindow
MessageBoxW
CreateWindowExW
EndDialog
SetWindowLongW
GetDlgItem
GetWindowLongW
MoveWindow
RegisterClassExW
LoadCursorW
DialogBoxParamW
PostMessageW
PostQuitMessage
GetWindowRect
GetSystemMetrics
LoadAcceleratorsW
DestroyWindow
DispatchMessageW
LoadIconW
GetDlgCtrlID
ShowWindow
TranslateAcceleratorW
GetMessageW
TranslateMessage
SendMessageW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

shell32

ShellExecuteW

ole32

CoCreateInstance
CoCreateGuid
CoInitialize
CoUninitialize

oleaut32

SysFreeString
VariantInit
SysAllocString

htmlayout

HTMLayoutGetRootElement
HTMLayoutGetElementLocation
HTMLayoutLoadFile
HTMLayoutVisitElements
HTMLayoutSetCallback
HTMLayoutProcND
HTMLayoutDataReady
HTMLayoutGetParentElement
HTMLayoutSelectElements
HTMLayoutPostEvent
HTMLayoutWindowAttachEventHandler
HTMLayoutGetElementHwnd
HTMLayoutCombineURL
HTMLayoutRequestElementData
HTMLayoutScrollToView
HTMLayoutSetElementState
HTMLayoutGetAttributeByName
HTMLayout_UnuseElement
HTMLayoutGetElementState
HTMLayout_UseElement

iphlpapi

GetAdaptersInfo

wininet

InternetSetOptionW
InternetCloseHandle
HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetOpenW

Sections

.text
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0fe5a49f5075043dabb4d8121183cb7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

htmlayout

iphlpapi

wininet

Sections

.text Size: 188KB - Virtual size: 184KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 188KB - Virtual size: 184KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 8KB - Virtual size: 6KB