3f45cb16ae9ed4bbdbfdb0fda9b58514_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f45cb16ae9ed4bbdbfdb0fda9b58514_JaffaCakes118
Size

368KB
MD5

3f45cb16ae9ed4bbdbfdb0fda9b58514
SHA1

d313e0dd32fc89e7b07af78a202f6b3edd1e8b8c
SHA256

33332c84edaed93520b571dafded1e36861411e9e7a863ae5172cd9bb42297bd
SHA512

17c0055c931b73a0899db48f1d67c16e6b1e778dcbe1b8d66f37575c1f15a53ca68cc6f005340369fbd1d4f3e44b01f7771c221e76200aaf12ca7dfc48d7238d
SSDEEP

6144:iHUgPsWGb54yd/Nq2TcxZn8detN2PbAyUUFo9WB:iHUgUWGBXcxZnyetlEo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f45cb16ae9ed4bbdbfdb0fda9b58514_JaffaCakes118

Files

3f45cb16ae9ed4bbdbfdb0fda9b58514_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1b242db0093af085e55eb6631e87feba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
HeapFree
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapAlloc
HeapReAlloc
HeapSize
GetACP
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetStdHandle
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
GetProcessVersion
LoadLibraryA
InterlockedExchange
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
lstrcpyA
lstrcatA
WritePrivateProfileStringA
InterlockedDecrement
GlobalFlags
lstrlenA
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
SetLastError
FreeLibrary
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
CreateDirectoryA
CreateFileMappingA
MapViewOfFile
CreateProcessA
WaitForSingleObject
CloseHandle
WinExec
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetEnvironmentVariableA
SizeofResource

user32

GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
GetSysColorBrush
LoadStringA
DestroyMenu
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
UnhookWindowsHookEx
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
LoadCursorA
GetCapture
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostQuitMessage
FindWindowA
PostMessageA
MessageBoxA
ClientToScreen
UnregisterClassA

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
RestoreDC
SetViewportOrgEx
SetTextColor
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetMapMode
SaveDC
DeleteDC
SetBkColor
GetStockObject
CreateBitmap
DeleteObject
SelectObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

wsock32

WSAStartup
WSACleanup

wininet

InternetOpenA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

?RecvData@@YAPADPBDPAJ@Z
?RsrcToFile@@YA_NPBDH00@Z
?TakeVers@@YAPADPAD@Z

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b242db0093af085e55eb6631e87feba

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

wsock32

wininet

version

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 20KB - Virtual size: 30KB

.vmp0 Size: 24KB - Virtual size: 22KB

.rsrc Size: 204KB - Virtual size: 203KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 20KB - Virtual size: 30KB

.vmp0
Size: 24KB - Virtual size: 22KB

.rsrc
Size: 204KB - Virtual size: 203KB