43eca4499fe629d8f5656bba6e535a22_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

43eca4499fe629d8f5656bba6e535a22_JaffaCakes118
Size

1.1MB
MD5

43eca4499fe629d8f5656bba6e535a22
SHA1

a70e5e5ba5ac0b77d6b0952e1b8ab53f0a1ae595
SHA256

b9df99138f90343b695cd2a38aafc9609e441eb466f81f4445a89294da509326
SHA512

28613d6636355ca0b536cef6295b7f57237512010c01bdd92df2c28e938af6c1a1f73e05b5762c81611d22a8f4aaf184b73c0630515b24d50698c4ba0e3d3828
SSDEEP

24576:lBhEFq9Wts0dyhrXWvzEuAwj2fNuIy+sNHn:PhEE+zvKfNuImHn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43eca4499fe629d8f5656bba6e535a22_JaffaCakes118

Files

43eca4499fe629d8f5656bba6e535a22_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da6b97340700795f2bb48449fa549502

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
DuplicateHandle
GetLastError
HeapDestroy
CreateProcessA
GetPrivateProfileIntA
SetFileAttributesA
GetFileAttributesExA
LocalFree
LocalAlloc
GetPrivateProfileStringA
RemoveDirectoryA
CreateDirectoryA
ExpandEnvironmentStringsA
lstrcatA
SetFilePointer
ReadFile
GetDriveTypeA
MapViewOfFile
CreateFileMappingA
GetFileSize
UnmapViewOfFile
DeleteFileW
GetFileAttributesW
GetCurrentProcessId
SetEndOfFile
DeviceIoControl
TerminateProcess
LoadLibraryA
WideCharToMultiByte
lstrlenW
CreateThread
GetLogicalDriveStringsA
GetExitCodeThread
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetTempFileNameA
GetTickCount
ExitThread
LoadLibraryW
CreateFileW
MoveFileA
FileTimeToSystemTime
GetFileInformationByHandle
GetLocalTime
WaitForMultipleObjects
GetStartupInfoA
LoadLibraryExA
OutputDebugStringW
IsBadReadPtr
GlobalFree
QueryDosDeviceA
GetLogicalDrives
GetFileTime
DosDateTimeToFileTime
MoveFileExA
GetProcAddress
FreeLibrary
InterlockedIncrement
DebugBreak
GetShortPathNameA
MultiByteToWideChar
Process32First
Process32Next
OpenProcess
CreateToolhelp32Snapshot
Module32First
VirtualAlloc
ReadProcessMemory
VirtualFree
Module32Next
FindFirstFileA
FindNextFileA
FindClose
WaitForSingleObject
OutputDebugStringA
GetSystemDirectoryA
Sleep
SetEvent
CreateEventA
TerminateThread
DeleteCriticalSection
InitializeCriticalSection
GetFileAttributesA
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
FindResourceA
LoadResource
GetTempPathA
GetVersionExA
LockResource
SizeofResource
LeaveCriticalSection
CreateFileA
WriteFile
CloseHandle
FreeResource
GetWindowsDirectoryA
DeleteFileA
GetCurrentProcess
FlushInstructionCache
CompareStringA
lstrcmpiA
MulDiv
lstrcpyA
lstrlenA
lstrcpynA
GetModuleFileNameA
GetCurrentThreadId
EnterCriticalSection
GetModuleHandleA

user32

InvalidateRect
ReleaseDC
SetWindowLongA
EndDialog
GetDlgCtrlID
GetWindowLongA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
PostMessageA
MessageBoxA
GetDlgItem
PtInRect
SetCursor
UpdateWindow
GetDC
EndPaint
BeginPaint
CharNextA
SetFocus
GetWindowTextA
CreateDialogParamA
GetWindowTextLengthA
CreateCursor
GetClassNameA
DrawTextA
CreateWindowExA
FillRect
DrawFocusRect
GetFocus
GetSysColor
IsWindowEnabled
CallWindowProcA
SetCapture
GetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
IsWindow
DefWindowProcA
SetRectEmpty
SetWindowTextA
GetActiveWindow
DialogBoxParamA
DestroyWindow
DestroyCursor
SendMessageA
LoadImageA
EnableWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SetDlgItemTextA
ShowWindow
GetForegroundWindow
GetDesktopWindow
wsprintfA
ExitWindowsEx
SetForegroundWindow
WaitForInputIdle
FindWindowA
GetMessageA
LoadStringA
wvsprintfA
PeekMessageA
TranslateMessage
DispatchMessageA
OffsetRect

gdi32

SetBkMode
SetTextColor
DeleteObject
CreateFontIndirectA
DPtoLP
GetDeviceCaps
SelectObject
GetObjectA
DeleteDC
GetStockObject

advapi32

RegDeleteValueA
ControlService
DeleteService
RegQueryInfoKeyA
RegEnumValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyA
DeleteAce
GetExplicitEntriesFromAclA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
GetUserNameA
RegEnumKeyA
RegEnumKeyExA
RegFlushKey
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CreateServiceA
StartServiceA
QueryServiceStatus

shell32

ShellExecuteA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

ntdll

_snwprintf
strstr
_splitpath
ZwQuerySystemInformation
ZwQueryInformationFile
atol
memchr
tolower
strncpy
sprintf
strchr
wcslen
_alloca_probe
wcsstr
_chkstk
memmove
_snprintf
atoi
_vsnprintf
_stricmp
isalnum
strrchr
_alldiv
_allshr
strncmp
mbstowcs
wcsncmp
_strnicmp
RtlUnwind
_strupr
NtQueryVirtualMemory

cabinet

FDICreate
FDIDestroy
FDIIsCabinet
FDICopy

comctl32

InitCommonControlsEx
_TrackMouseEvent

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses
GetModuleFileNameExA

wsock32

WSACleanup
WSAStartup
closesocket
connect
socket
gethostbyname
send
__WSAFDIsSet
select
recv
htons

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shlwapi

PathCombineA
PathIsDirectoryA
StrStrIA
SHDeleteKeyA
wnsprintfW
SHDeleteValueA
SHGetValueA
SHSetValueA
PathFileExistsA
wnsprintfA
StrCmpNIA
PathAppendA

netapi32

Netbios

ws2_32

WSCEnumProtocols
WSCGetProviderPath
WSCDeinstallProvider

msvcrt

_stat
fputs
_mbscmp
__p___argc
__p___argv
_ismbcdigit
fread
_mbsnbicmp
_mbsstr
_beginthread
_mbsrchr
fopen
fwrite
fclose
malloc
free
??2@YAPAXI@Z
__CxxFrameHandler
_mbsicmp
_mbsnbcpy
_mbschr
fprintf
_mbsnbcmp
_mbslwr
time
_mbsnicmp
rand
srand
rename
ctime
_purecall
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_CxxThrowException
??1exception@@UAE@XZ
strerror
_errno
realloc
_open
_read
_write
_close
_lseek
fflush
memcpy
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_controlfp
__set_app_type
__p__fmode
__p__commode
fgets

setupapi

SetupIterateCabinetA

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetGetConnectedState

urlmon

URLDownloadToFileA

winmm

timeGetTime

sfc

SfcIsFileProtected

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da6b97340700795f2bb48449fa549502

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ntdll

cabinet

comctl32

psapi

wsock32

version

shlwapi

netapi32

ws2_32

msvcrt

setupapi

wininet

urlmon

winmm

sfc

Sections

.text Size: 256KB - Virtual size: 255KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 208KB - Virtual size: 224KB

.sxdata Size: 4KB - Virtual size: 4B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 256KB - Virtual size: 255KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 208KB - Virtual size: 224KB

.sxdata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB