556c4221a6c9a84af3409781fafa9183_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

556c4221a6c9a84af3409781fafa9183_JaffaCakes118
Size

130KB
MD5

556c4221a6c9a84af3409781fafa9183
SHA1

ba2627e96ca773f7c424f546eb60e758b6ff048c
SHA256

23325fdf32e7281eaacae07094c0a34c660d0f794d34d94db6bbca5c3b88ac8e
SHA512

fac69864bc7ee7e17d9d0c3159e454af00f8541b8e7d187b714930e2329e036a576b689b496db62d2e69213cac461352e206a9171e8ea3e08bce2044cdf0c607
SSDEEP

3072:ZDzbN+o76j4fumxSzlfSk4TJMg4Yclx7LhyohQ:ZX1OkXSzl1OY1yoO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
556c4221a6c9a84af3409781fafa9183_JaffaCakes118

Files

556c4221a6c9a84af3409781fafa9183_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eeb472ee3fd7bc88851875c9fd4a3fac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadStringPtrA
GetFileTime
SetLocaleInfoA
lstrcmpi
FindAtomW
GetModuleHandleA
GetProcAddress
GetCommandLineA
GetTempPathW
GetSystemDefaultLangID
CreateFileA
QueryPerformanceFrequency
CopyFileA
lstrcmpiA
GetCurrentDirectoryW
GetLocaleInfoW
CreateEventA
lstrlen
lstrlenW
ExpandEnvironmentStringsA
OpenMutexA
GetComputerNameA
SetLocaleInfoW
BeginUpdateResourceW
GetCurrentProcessId
GetCPInfo
GetProcessHeap
MoveFileA
lstrcatA
GetExpandedNameA
GetShortPathNameW
GetUserDefaultLangID
GetLocalTime
ReplaceFileW
GetEnvironmentVariableW
LoadResource
ExitProcess
ReadFile
lstrcmpA
GetSystemDefaultLCID
GetStartupInfoW
GetTempPathA
EnumDateFormatsW
SystemTimeToFileTime
GetEnvironmentStringsA

user32

GetKeyState
CreateDialogIndirectParamA
CheckDlgButton
SetCursorPos
InsertMenuA
UpdateLayeredWindow
RegisterClassExA
GetMenuItemID
GetClientRect
CreateDialogParamA
DialogBoxIndirectParamA
CreatePopupMenu
OffsetRect
EnumChildWindows
CopyRect
CheckRadioButton
CharLowerW
WinHelpA
PeekMessageW
ActivateKeyboardLayout
GetClassNameW
wvsprintfA
PostMessageA
RegisterWindowMessageW
GetCursorPos
PostMessageW
MessageBoxA
InvalidateRect
GetMenuState
SetWindowLongA
IsWindow
MessageBoxW
SendDlgItemMessageA
DestroyCursor
CreateMenu
CharPrevA
IsIconic
CopyImage
EnableWindow
DrawIcon
FindWindowW
GetWindowLongW
wvsprintfW
BringWindowToTop
SendDlgItemMessageW
LoadBitmapW
DefFrameProcA

gdi32

Polyline
EnumFontsW
MoveToEx
GetNearestColor
GetCharWidthA
UpdateColors
CreateDCA
GetPixelFormat
OffsetRgn
CombineRgn
GetLogColorSpaceA
SetColorSpace
SetDIBits
SetColorAdjustment
InvertRgn
GetPolyFillMode

advapi32

RegSaveKeyA
RegReplaceKeyA
RegOpenKeyExA
RegDeleteKeyW

inetcomm

EssReceiptDecodeEx
EssSecurityLabelEncodeEx
MimeOleGetPropertySchema
MimeOleAlgNameFromSMimeCap
HrGetAttachIcon
MimeOleGetCertsFromThumbprints
MimeOleCreateHeaderTable
EssContentHintEncodeEx
HrGetLastOpenFileDirectory
MimeOleGetFileExtension
MimeOleCreateMessageParts
MimeOleDecodeHeader
MimeOleCreateHashTable

sqlunirl

_EnumResourceNames_@16
ConvertMultiSZNameToW
_CreateEnhMetaFile_@16
_CreateProcessAsUser_@44
_EnumResourceTypes_@12
_AddAtom_@4
_DefFrameProc_@20
_GetPrivateProfileSectionNames_@12
_DrawState_@40
_DialogBoxParam_@20
_DlgDirList_@20
_NDdeShareAdd_@20

wsock32

NPLoadNameSpaces
getpeername
send
connect
GetNameByTypeA
WSAAsyncGetServByPort
getsockname
gethostbyname
closesocket

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.YtM
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.brp
Size: 512B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GtLiHu
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NtXc
Size: 1KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NIBZ
Size: 1024B - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zsP
Size: 1KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eeb472ee3fd7bc88851875c9fd4a3fac

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

inetcomm

sqlunirl

wsock32

Sections

.text Size: 11KB - Virtual size: 11KB

.YtM Size: 1024B - Virtual size: 6KB

.brp Size: 512B - Virtual size: 48KB

.GtLiHu Size: 4KB - Virtual size: 16KB

.NtXc Size: 1KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 4KB

.NIBZ Size: 1024B - Virtual size: 43KB

.zsP Size: 1KB - Virtual size: 254KB

.rsrc Size: 169KB - Virtual size: 168KB

.reloc Size: 1024B - Virtual size: 908B

.text
Size: 11KB - Virtual size: 11KB

.YtM
Size: 1024B - Virtual size: 6KB

.brp
Size: 512B - Virtual size: 48KB

.GtLiHu
Size: 4KB - Virtual size: 16KB

.NtXc
Size: 1KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 4KB

.NIBZ
Size: 1024B - Virtual size: 43KB

.zsP
Size: 1KB - Virtual size: 254KB

.rsrc
Size: 169KB - Virtual size: 168KB

.reloc
Size: 1024B - Virtual size: 908B