3a80c98c4b73aa2a66b31d365f300b8a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3a80c98c4b73aa2a66b31d365f300b8a_JaffaCakes118
Size

1.1MB
MD5

3a80c98c4b73aa2a66b31d365f300b8a
SHA1

e937bbb2b590b2a05eae3b0a1be84e74a2828262
SHA256

987d6f8988b81b94bf3092549ff32c42f461ce1e6f2b6939b0a8dbc8711b2f32
SHA512

f62cc4d3890af9341c1ff79c0da2a7b5ca92f7270de3417ca846d149208affa4de968db77c3ec58c3908f2ed10f0c950bfb8ab19121bc3049163dfc995f5eb29
SSDEEP

24576:hUcZ1WuzzUivXkYKRwDetY3zTPWFaqaZuAiC5YY4XZx9iT:hD9huwDetY3zT+TaZuAi5jF0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a80c98c4b73aa2a66b31d365f300b8a_JaffaCakes118

Files

3a80c98c4b73aa2a66b31d365f300b8a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e9f873120be694059330f02e88cd37b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\svn\APPS\temp\GMUnpacker\ReleaseGMUnpacker.pdb

Imports

kernel32

FindClose
FindFirstFileW
FindNextFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
FreeResource
FindResourceW
LoadResource
LockResource
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SizeofResource
InterlockedDecrement
MulDiv
InterlockedIncrement
ResumeThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetCurrentThreadId
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
VirtualAlloc
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
RtlUnwind
RaiseException
HeapReAlloc
CreateThread
ExitThread
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WaitForSingleObject
GetTickCount
DeleteFileW
GetFullPathNameW
GetWindowsDirectoryW
GetTempPathW
lstrlenW
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
GetLongPathNameW
SetFileAttributesW
GetTempFileNameW
GetFileAttributesW
GetCurrentDirectoryW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
ReadFile
WriteFile
SetEndOfFile
GetLastError
SetFileTime
SetFilePointer
GetEnvironmentVariableW
lstrcmpW
GetModuleHandleW
GetModuleFileNameW
WinExec
CreateEventW
ResetEvent
SetEvent
Sleep
CreateProcessW
FreeLibrary
LoadLibraryW
CloseHandle
CreateFileA
GetProcAddress

user32

HideCaret
CreateCaret
SetCaretPos
RedrawWindow
ClientToScreen
ShowCaret
OffsetRect
InvalidateRgn
MoveWindow
DestroyAcceleratorTable
SetWindowLongW
GetWindowLongW
CreateAcceleratorTableW
GetDesktopWindow
KillTimer
LoadIconW
MonitorFromWindow
PostQuitMessage
CharPrevW
DrawIconEx
FillRect
DrawTextW
TrackMouseEvent
GetAsyncKeyState
LoadBitmapW
GetMonitorInfoW
SetTimer
SendMessageW
GetClassNameW
ShowWindow
EnumThreadWindows
PostMessageW
LoadStringW
GetParent
SetWindowPos
DestroyWindow
InvalidateRect
GetFocus
ReleaseCapture
GetCursorPos
UpdateLayeredWindow
GetUpdateRect
SetWindowRgn
GetDC
IsChild
SetCapture
ScreenToClient
ReleaseDC
EndPaint
GetKeyState
BeginPaint
IntersectRect
PtInRect
IsRectEmpty
CharNextW
SetCursor
GetClassInfoExW
RegisterClassW
EnableWindow
SetPropW
DispatchMessageW
TranslateMessage
DestroyIcon
IsWindow
GetMessageW
LoadCursorW
CreateWindowExW
RegisterClassExW
GetPropW
SetFocus
IsIconic
LoadImageW
CallWindowProcW
DefWindowProcW
CharNextA
SetForegroundWindow
GetWindow
MapWindowPoints
GetWindowTextLengthW
SetWindowTextW
GetWindowTextW
IsZoomed
SystemParametersInfoW
GetWindowRect
GetClientRect
GetActiveWindow
GetSysColor

gdi32

CreateRectRgnIndirect
CreateRoundRectRgn
GetStockObject
CreateRectRgn
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
CreateDIBSection
DeleteDC
CreatePen
SelectObject
BitBlt
StretchBlt
Rectangle
DeleteObject
GetTextMetricsW
CombineRgn
TextOutW
SetBitmapBits
SelectClipRgn
SetTextColor
GetBitmapBits
SetStretchBltMode
ExtSelectClipRgn
GetClipBox
RoundRect
GetCharABCWidthsW
SetBkMode
SetBkColor
GetTextExtentPoint32W
ExtTextOutW
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW
SHBrowseForFolderW

ole32

OleLockRunning
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleInitialize
OleUninitialize

oleaut32

OleLoadPicture
SysAllocString
SysFreeString

wininet

HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetCloseHandle

riched20

ord4

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e9f873120be694059330f02e88cd37b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

riched20

comctl32

msimg32

Sections

.text Size: 520KB - Virtual size: 519KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 84KB - Virtual size: 81KB

.text
Size: 520KB - Virtual size: 519KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 84KB - Virtual size: 81KB