44dabf2d6faae5eef5fa8013d6dc95ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44dabf2d6faae5eef5fa8013d6dc95ef_JaffaCakes118
Size

591KB
MD5

44dabf2d6faae5eef5fa8013d6dc95ef
SHA1

5e2c732226cbdcec3a040a07d818c6bd127332a3
SHA256

a13be21004c821ab0a4f85c7ee1d31086e61b3cbdfdc4fef095101a47e65dcda
SHA512

fed35033a9421c692170e340c848a95f18644670b0d214470ad42ded8abfafd11b5ca3d4f63ca2f5825039a926b93be0a13ecdc1ced0614518f55dddfdc39760
SSDEEP

12288:46peAFO/BDT8bF+idc00/ErYC1XCNcHMZylqpfpCd3NwgzfCRBo5+ajygDu4vPWB:46X0a5J0/BwXpM0lqpxCd3NwgzfCRBo+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44dabf2d6faae5eef5fa8013d6dc95ef_JaffaCakes118

Files

44dabf2d6faae5eef5fa8013d6dc95ef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1fd76d121384945876b04dabb43fc7bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetTimeFromSystemTime
SetUrlCacheEntryInfoA
InternetGetLastResponseInfoA
HttpSendRequestW
FindFirstUrlCacheEntryA
InternetSetOptionW
FtpSetCurrentDirectoryA

advapi32

CreateServiceA
CryptAcquireContextW
CryptGetProvParam
RegConnectRegistryW
RegSaveKeyA
LookupPrivilegeNameA
LookupSecurityDescriptorPartsA
RegEnumKeyW
CreateServiceW
StartServiceW
CryptImportKey
RegConnectRegistryA

kernel32

GetSystemTimeAsFileTime
HeapReAlloc
InterlockedExchange
GetLastError
GetFileType
GetStringTypeW
GetVolumeInformationA
GetEnvironmentStrings
DebugBreak
InterlockedDecrement
MultiByteToWideChar
GetCommandLineA
SetEnvironmentVariableA
RtlUnwind
HeapFree
GetCurrentThreadId
TerminateProcess
IsValidCodePage
VirtualFree
CompareStringA
FlushFileBuffers
CompareStringW
CloseHandle
ExitProcess
WideCharToMultiByte
OutputDebugStringA
HeapAlloc
InitializeCriticalSection
SetStdHandle
GetDateFormatA
WriteFile
IsBadReadPtr
CreateMutexA
VirtualAlloc
WritePrivateProfileStructW
TlsAlloc
GetSystemInfo
SetHandleCount
GetCurrentProcess
GetModuleFileNameW
LoadLibraryA
GetEnvironmentStringsW
GetCPInfo
DeleteCriticalSection
UnhandledExceptionFilter
ReadFile
GetPrivateProfileStringW
HeapCreate
GetCurrentThread
GetStartupInfoA
GetStdHandle
HeapDestroy
GetProcAddress
FreeEnvironmentStringsA
LCMapStringW
GetCommandLineW
GetLocaleInfoA
GetVersionExA
GetStringTypeA
GetCurrentProcessId
InterlockedIncrement
VirtualQuery
GetTimeFormatA
GetTickCount
TlsSetValue
LCMapStringA
LeaveCriticalSection
VirtualProtect
SetFilePointer
OpenMutexA
EnumSystemLocalesA
EnterCriticalSection
HeapValidate
GetOEMCP
SetConsoleCtrlHandler
IsBadWritePtr
GetACP
SetLastError
IsValidLocale
GetStartupInfoW
TlsFree
GetUserDefaultLCID
FreeEnvironmentStringsW
QueryPerformanceCounter
TlsGetValue
GetLocaleInfoW
GetModuleHandleA
GetTimeZoneInformation
GetModuleFileNameA

user32

DefWindowProcW
MessageBoxA
FreeDDElParam
InSendMessage
InvalidateRect
AppendMenuW
GetClipboardSequenceNumber
RemovePropA
DefWindowProcA
CreateWindowExA
CopyIcon
DrawTextA
CharNextW
UpdateWindow
BlockInput
RegisterClassA
DrawTextW
LoadImageW
DestroyWindow
IsDialogMessageA
EndTask
SetUserObjectInformationA
RegisterClassExA
EnumDisplaySettingsExA
ShowWindow
MapDialogRect
InsertMenuItemW
DdeQueryStringW

comctl32

InitCommonControlsEx
ImageList_Create
CreateMappedBitmap
ImageList_SetFilter
ImageList_Write
ImageList_DrawIndirect
CreateStatusWindowA
ImageList_SetFlags
DestroyPropertySheetPage
CreateUpDownControl
ImageList_SetOverlayImage
CreateToolbar
ImageList_SetImageCount
ImageList_LoadImage
ImageList_Replace
ImageList_LoadImageA
ImageList_GetIconSize
ImageList_Draw
DrawStatusText
ImageList_SetIconSize
ImageList_EndDrag
ImageList_ReplaceIcon

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fd76d121384945876b04dabb43fc7bd

Headers

File Characteristics

Imports

wininet

advapi32

kernel32

user32

comctl32

Sections

.text Size: 180KB - Virtual size: 180KB

.rdata Size: 250KB - Virtual size: 263KB

.data Size: 120KB - Virtual size: 119KB

.rsrc Size: 39KB - Virtual size: 39KB

.text
Size: 180KB - Virtual size: 180KB

.rdata
Size: 250KB - Virtual size: 263KB

.data
Size: 120KB - Virtual size: 119KB

.rsrc
Size: 39KB - Virtual size: 39KB