3e150d84842a88637f683f7a69177db0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3e150d84842a88637f683f7a69177db0_JaffaCakes118
Size

460KB
MD5

3e150d84842a88637f683f7a69177db0
SHA1

88e7ed7b865c2c56f26f31117f116a241c04af4a
SHA256

d5b0d2a89874689ae9be27b452f486279ecfca5092ed3f08846198ee2e34b1e1
SHA512

7430ae86e6e5b80858ec14bcf7231a06a4c7a0fab0e1b68b44ba8b14a0ea297d122eb86252fe42fdf2f79370cace2e02182902d8a8b010442691380a7a059cc6
SSDEEP

6144:orYXg/uHk4u6LJ1jhbCz0qhnHcqO7RBiyQlTgALXqo1jmUZxL6xQGQgg:bEoL6thORIPZNLXqs76P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e150d84842a88637f683f7a69177db0_JaffaCakes118

Files

3e150d84842a88637f683f7a69177db0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11c417c151e8724fb476c99e9c365058

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GlobalAlloc
SetLastError
GetCurrentThreadId
SetEvent
OpenEventW
GlobalAddAtomW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
SetErrorMode
GlobalFree
GlobalHandle
GetVersionExW
LoadLibraryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
RtlUnwind
GetModuleFileNameA
GetStdHandle
WriteFile
IsValidCodePage
GetOEMCP
GetCPInfo
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapCreate
GetTimeZoneInformation
WideCharToMultiByte
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
ExitProcess
GetModuleHandleA
CreateThread
ResumeThread
ExitThread
GetSystemTimeAsFileTime
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
MulDiv
lstrcmpW
GetLastError
lstrlenW
GetTickCount
LoadLibraryW
FreeLibrary
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetPrivateProfileStringW
RaiseException
CreateFileW
GetFileTime
CloseHandle
GetPrivateProfileIntW
GetModuleHandleW
GetProcAddress
GetUserDefaultLangID
GetModuleFileNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeEnvironmentStringsW

user32

GetCursorPos
MoveWindow
GetParent
CopyRect
GetSystemMetrics
GetWindowRect
PostMessageW
SetTimer
IsWindowVisible
KillTimer
UnregisterClassA
CreatePopupMenu
InsertMenuW
LoadMenuW
TrackPopupMenu
GetSubMenu
CreateDialogIndirectParamW
LoadIconW
SetWindowRgn
AnimateWindow
WindowFromPoint
InsertMenuItemW
PostQuitMessage
DestroyIcon
SetWindowLongW
SetForegroundWindow
ModifyMenuW
MonitorFromPoint
GetMonitorInfoW
IsDialogMessageW
MessageBoxW
SetActiveWindow
CreateDialogParamW
FindWindowW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DrawTextW
SetCursor
SetRect
IsRectEmpty
OffsetRect
LoadImageW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
MapDialogRect
SetWindowContextHelpId
CreateWindowExW
IsWindow
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ReleaseDC
GetDC
ClientToScreen
CharNextW
EndPaint
BeginPaint
CallWindowProcW
GetSysColor
DefWindowProcW
PtInRect
SetRectEmpty
SendMessageW
GetDlgItem
ShowWindow
InvalidateRect
ScreenToClient
GetClientRect
SetWindowPos
IsIconic
SetWindowTextW
GetWindowLongW

gdi32

GetDeviceCaps
BitBlt
CreateSolidBrush
SelectObject
DeleteDC
DeleteObject
GetObjectW
GetStockObject
StretchBlt
CreateRectRgn
CreateEllipticRgn
CombineRgn
CreateFontIndirectW
SetTextColor
SetBkMode
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

Shell_NotifyIconW
ShellExecuteW

ole32

StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning

oleaut32

SysFreeString
VariantInit
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocString
SysStringLen
VariantClear
SysAllocStringLen

shlwapi

PathFindFileNameW
PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

urlmon

URLDownloadToFileW

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11c417c151e8724fb476c99e9c365058

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

urlmon

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 40KB - Virtual size: 36KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 40KB - Virtual size: 36KB