44b53365892faa3d92d284fb17801bb1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

44b53365892faa3d92d284fb17801bb1_JaffaCakes118
Size

399KB
MD5

44b53365892faa3d92d284fb17801bb1
SHA1

44ff14550f6471f46e5a0511f57e53768cec786e
SHA256

cef1cb3ab2a71a10f4e655594335be8dd20107bf0189d6c3d4522feb71ab82a2
SHA512

922fc429f2b3cab079cad51d8a7c5fdadd74540d8089a601b7e397692cd8389eda38c5efceb3d77d5c24201884f551ba457845479c88bca50f0f3171b58dd39f
SSDEEP

6144:m4w1sqfeX48K0EflfzhwNKpm6OO7p295FYTUx3Ttfn8+pumjR:as4eX48K0EfDtIcTUx318mPR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44b53365892faa3d92d284fb17801bb1_JaffaCakes118

Files

44b53365892faa3d92d284fb17801bb1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

490d5e589fbf99079a04b508b9a1f767

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
VirtualQueryEx
WriteConsoleA
GetFullPathNameA
GlobalUnWire
EnumSystemLocalesW
GlobalFindAtomW
GetPrivateProfileStructW
EnumCalendarInfoW
GetPrivateProfileSectionW
lstrlenA
GetCurrencyFormatW
lstrcmpiA
lstrcmpiW
FillConsoleOutputCharacterA
GetLogicalDriveStringsW
LockResource
GetEnvironmentStrings
FindResourceExA
GlobalAddAtomA
Module32Next
FormatMessageW
CreateDirectoryA
SuspendThread
GetProcAddress
GetComputerNameA
GetSystemDefaultLangID
SetHandleCount
GlobalHandle
GetDateFormatW
CreateTapePartition
CommConfigDialogA
FreeResource
WriteFileEx
GetNamedPipeInfo
RtlMoveMemory
GetThreadPriorityBoost
GetLocaleInfoA
DosDateTimeToFileTime
GetConsoleMode
lstrcmp
LoadLibraryW
GetCompressedFileSizeA
SetEvent
ReadFileEx
MulDiv
GetEnvironmentVariableW
GetVersionExA
OpenFile
SetFilePointer
GetDiskFreeSpaceW
GlobalUnlock
GetStartupInfoA
Heap32First
SetConsoleMode
Heap32ListNext
TransactNamedPipe
SetThreadExecutionState
LoadResource
WritePrivateProfileSectionA
SetThreadLocale
SetSystemTimeAdjustment
TlsSetValue
ReadConsoleW
lstrcmpi
GetProcessPriorityBoost
GetNamedPipeHandleStateA
OpenEventA
DisconnectNamedPipe
FindResourceA
SetVolumeLabelW
SetConsoleTitleW
ReadConsoleOutputW
RemoveDirectoryA
OpenFileMappingA
EnumResourceTypesA
WideCharToMultiByte
GetConsoleTitleW
ReleaseSemaphore
GetEnvironmentStringsA
ConvertDefaultLocale
GetStringTypeW
TlsAlloc
GlobalFix
CompareStringA
LockFileEx
RtlFillMemory
lstrcpynW
GetFileAttributesW
PeekConsoleInputW
GetModuleHandleW
GetProcessHeap
FindFirstFileA
GetSystemInfo
LocalFlags
ResumeThread
GlobalSize
ContinueDebugEvent
SetEnvironmentVariableW
GetFileInformationByHandle
WriteFile
WriteConsoleOutputW
WritePrivateProfileStructA
SetConsoleTitleA
TlsGetValue
FreeLibraryAndExitThread
WaitNamedPipeW
SetEnvironmentVariableA
HeapCreate
WriteProfileSectionW
HeapCompact
GetCurrentDirectoryW
GetACP
GetProfileSectionW
GetConsoleTitleA
GetLogicalDrives
LocalHandle
SetThreadPriority
FlushFileBuffers
ReadConsoleInputA
FindFirstFileW
SetConsoleTextAttribute
VirtualProtect
ReadProcessMemory
ExitThread
InterlockedCompareExchange
ExpandEnvironmentStringsW
EnumTimeFormatsW
lstrcmpA
GetLongPathNameA
CreateRemoteThread
GetNamedPipeHandleStateW
SetLastError
lstrcatW
SetSystemTime
GlobalFlags
lstrlen
GetDiskFreeSpaceExA
DefineDosDeviceA
GlobalWire
GetLastError
CreateSemaphoreA
GetStringTypeA
GetWindowsDirectoryW
lstrcpy
GetAtomNameA
CreateNamedPipeW
GlobalCompact
lstrlenW
GetFileAttributesExW
WaitForMultipleObjectsEx
OutputDebugStringA
GetHandleInformation
RemoveDirectoryW
FindNextFileW
LocalFree
GetWriteWatch
lstrcpynA
DisableThreadLibraryCalls
DeleteFiber
EnumDateFormatsExA
SetConsoleCP
GetConsoleCP
SetEndOfFile
GetTempFileNameA
GetCalendarInfoA
SetWaitableTimer
Module32First
FindFirstFileExA
GetNumberOfConsoleMouseButtons
GetNumberFormatW
GetDateFormatA
ReadDirectoryChangesW
SystemTimeToFileTime
SearchPathA
DeviceIoControl
lstrcpyA
SetFileAttributesA
FileTimeToSystemTime
GetFileAttributesA
ReleaseMutex
GetThreadContext
WriteConsoleOutputCharacterA
SetComputerNameW
DefineDosDeviceW
GetProcessShutdownParameters
GetTimeFormatA
WriteProfileSectionA
DeleteFileA
WaitForMultipleObjects
LoadModule
SetThreadAffinityMask
SetLocaleInfoW
CreateConsoleScreenBuffer
WaitForSingleObjectEx
GetThreadLocale
SetConsoleActiveScreenBuffer
GetVersion
TransmitCommChar
MapViewOfFileEx
GetVolumeInformationW
Toolhelp32ReadProcessMemory
EscapeCommFunction
GetDriveTypeW
GetLocaleInfoW
CreateDirectoryW
HeapWalk
OpenMutexA
GlobalAddAtomW
CreateNamedPipeA
Sleep
SetCriticalSectionSpinCount
SetConsoleCursorPosition
EnumCalendarInfoExW
FindAtomA
GetCommandLineW
GetThreadPriority
GetDriveTypeA
WriteConsoleInputW
GetProcessTimes
LocalFileTimeToFileTime
SetFileAttributesW
BeginUpdateResourceW
GetExitCodeProcess
RtlZeroMemory
CreateToolhelp32Snapshot
WritePrivateProfileStructW
FindFirstChangeNotificationW
DeleteCriticalSection
EnumResourceNamesW
OpenProcess
MoveFileExW
GetNumberOfConsoleInputEvents
MoveFileExA
GetWindowsDirectoryA
CreateEventW
CreateThread
SignalObjectAndWait
CloseHandle
WritePrivateProfileStringW
GetConsoleScreenBufferInfo
EnumCalendarInfoExA
SetThreadContext
GetNumberFormatA
EnumResourceTypesW
LoadLibraryExA
AddAtomW
GetPrivateProfileStringA
GlobalReAlloc
SetFileTime
WriteConsoleOutputAttribute
GetPrivateProfileSectionA
EnumSystemCodePagesW
UnlockFileEx
FindResourceW
GetFileSize
BeginUpdateResourceA
PeekConsoleInputA
VirtualProtectEx
GetTimeFormatW
AddAtomA
LocalLock
EnumSystemLocalesA
OpenFileMappingW
SetCurrentDirectoryW
GetQueuedCompletionStatus
EnumDateFormatsA
GetPrivateProfileIntW
ResetWriteWatch
ConnectNamedPipe
FillConsoleOutputCharacterW
Process32Next
FindCloseChangeNotification
WriteProfileStringW
UnlockFile
SetPriorityClass
lstrcpyn
CreateDirectoryExA
InitializeCriticalSectionAndSpinCount
GetFileAttributesExA
GlobalFindAtomA
GetEnvironmentVariableA
FileTimeToDosDateTime
OpenSemaphoreW
CreateFileA
LocalAlloc
GetShortPathNameA
GetFileType
ReadConsoleOutputAttribute
GetConsoleCursorInfo
GetSystemTimeAdjustment
OpenWaitableTimerW
GetSystemDirectoryW
SearchPathW
GetPrivateProfileSectionNamesA
FlushViewOfFile
GetAtomNameW
GetStringTypeExW
SetCurrentDirectoryA
SetTimeZoneInformation
CommConfigDialogW
InterlockedIncrement
GlobalGetAtomNameA
UnhandledExceptionFilter
CreateSemaphoreW
CreateDirectoryExW
WaitForSingleObject
VirtualLock
LocalShrink
GetComputerNameW
TlsFree
FreeEnvironmentStringsA
LocalReAlloc
EnumResourceLanguagesW
IsValidLocale
CreateWaitableTimerW
SleepEx
CopyFileA
SetConsoleScreenBufferSize
CreateMutexW
ExpandEnvironmentStringsA
EnumDateFormatsW
lstrcmpW
EnumSystemCodePagesA
FoldStringW
HeapValidate
GetCommandLineA
HeapUnlock
MoveFileW
SetConsoleCursorInfo
GetTempPathA
GetPrivateProfileSectionNamesW
LocalSize
GetCurrentThread
GetSystemDirectoryA
WinExec
GetProfileSectionA
LoadLibraryExW
GlobalAlloc
FreeLibrary
CreateFileMappingW
GetStartupInfoW
ReadFileScatter
DuplicateHandle
Heap32ListFirst
ReadConsoleOutputA
UpdateResourceW
PulseEvent
GetProcessAffinityMask
WaitNamedPipeA
CreateProcessA
FindFirstChangeNotificationA
GetThreadTimes
GetVolumeInformationA
LockFile
GetThreadSelectorEntry
LocalCompact
GetShortPathNameW
EnumCalendarInfoA
MapViewOfFile
EnumResourceLanguagesA
ReadConsoleInputW
GetLargestConsoleWindowSize
WriteConsoleInputA
PeekNamedPipe
GetStringTypeExA
ReadConsoleA
CreateFileMappingA
GetDiskFreeSpaceExW
GlobalDeleteAtom
LocalUnlock
CopyFileExA
GetSystemDefaultLCID
CreatePipe
WriteConsoleOutputCharacterW
GlobalGetAtomNameW
SetConsoleOutputCP
ReadConsoleOutputCharacterW
FreeEnvironmentStringsW
VirtualUnlock
SetConsoleCtrlHandler
VirtualAllocEx
GetLongPathNameW
GetLogicalDriveStringsA
GetTempPathW
DeleteFileW
Thread32Next
WriteProcessMemory
GetUserDefaultLangID
WriteFileGather
GetProfileIntA
SetLocaleInfoA
HeapLock
VirtualFreeEx
FindClose
FindAtomW
OpenMutexW
CreateProcessW
OutputDebugStringW
DebugBreak
InterlockedDecrement
WaitCommEvent
TerminateThread
FindNextFileA
Heap32Next
SetVolumeLabelA
FreeConsole
MoveFileA
GlobalMemoryStatus
ReadFile
GetUserDefaultLCID
CreateMailslotW
CreateWaitableTimerA
GetProcessHeaps
WriteConsoleW
EnumResourceNamesA
TryEnterCriticalSection
DebugActiveProcess
EnterCriticalSection
GetPrivateProfileStructA
OpenSemaphoreA
InitializeCriticalSection
GetDiskFreeSpaceA
FileTimeToLocalFileTime
FindNextChangeNotification
GetProfileStringW
UnmapViewOfFile
WaitForDebugEvent
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
FoldStringA
lstrcat
MultiByteToWideChar
SetThreadIdealProcessor
GetProcessVersion
FindResourceExW
WriteProfileStringA
UpdateResourceA
HeapDestroy
LeaveCriticalSection
GetEnvironmentStringsW
GlobalUnfix
GetStdHandle
VirtualFree
CreateEventA
CompareFileTime
GetLocalTime
WritePrivateProfileSectionW
SetLocalTime
HeapSize
EnumTimeFormatsA
GetCurrentDirectoryA
EraseTape
Thread32First
GlobalLock
WritePrivateProfileStringA
GetExitCodeThread
GetCompressedFileSizeW
GetCalendarInfoW
FlushConsoleInputBuffer
SetThreadPriorityBoost
FormatMessageA
lstrcpyW
GetFullPathNameW
GetFileTime
OpenWaitableTimerA
GetProfileStringA
GetProfileIntW
SetComputerNameA
SetConsoleWindowInfo
lstrcatA
ResetEvent
CreateMutexA
FlushInstructionCache
CreateFileW
GetPrivateProfileIntA
InterlockedExchangeAdd
ReadConsoleOutputCharacterA
FillConsoleOutputAttribute
FindFirstFileExW
OpenEventW
DeleteAtom

shell32

ExtractIconExW
SHLoadInProc
SHInvokePrinterCommandW
SHQueryRecycleBinA
SHGetSpecialFolderLocation
ShellAboutW
ShellExecuteExW
ShellExecuteW
ExtractIconA
DragQueryFile
ExtractAssociatedIconExW
DragAcceptFiles
CommandLineToArgvW
SHUpdateRecycleBinIcon
DoEnvironmentSubstW
FindExecutableW
ShellExecuteEx
SHBrowseForFolderA
SHBrowseForFolderW
SHGetSettings
ShellAboutA
SHGetFileInfo
RealShellExecuteW
SheSetCurDrive

wininet

FtpOpenFileA
HttpQueryInfoA
FtpRemoveDirectoryA
FtpPutFileEx
InternetReadFileExA
UnlockUrlCacheEntryFile
InternetGetConnectedStateEx
FindFirstUrlCacheEntryExW
InternetSetOptionA
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
SetUrlCacheEntryGroupA
GopherFindFirstFileW
FtpGetCurrentDirectoryA
InternetSecurityProtocolToStringW
HttpOpenRequestA
InternetConnectA
GetUrlCacheConfigInfoW
InternetAlgIdToStringA
InternetCreateUrlW
ShowClientAuthCerts
DeleteUrlCacheContainerW
FindNextUrlCacheContainerA
InternetOpenUrlW
InternetOpenW
FindNextUrlCacheEntryA

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

490d5e589fbf99079a04b508b9a1f767

Headers

File Characteristics

Imports

kernel32

shell32

wininet

Sections

.text Size: 91KB - Virtual size: 90KB

.data Size: 289KB - Virtual size: 288KB

.reloc Size: 13KB - Virtual size: 12KB

.bss Size: 5KB - Virtual size: 5KB

.text
Size: 91KB - Virtual size: 90KB

.data
Size: 289KB - Virtual size: 288KB

.reloc
Size: 13KB - Virtual size: 12KB

.bss
Size: 5KB - Virtual size: 5KB