cae42ec80a74d5dfe5aa09beb3805821_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

cae42ec80a74d5dfe5aa09beb3805821_JaffaCakes118
Size

204KB
MD5

cae42ec80a74d5dfe5aa09beb3805821
SHA1

7710f3ab01d5f1c6bde7d813f00d79f7f3446cea
SHA256

8a95169f84a5d5fe649aa62fdc7d8afd2946f4998bdb1d90997452f9fda9f19d
SHA512

3fc3eed23dd9136d5a454ada7951a60e19252cb6d8159a737efd6f9fbe2f135a89210c4a37c4dfc70826940ee937f163df16f130231771c54fa10439aacf67fe
SSDEEP

3072:qOJM8BUIyMh/fuGk4SGkjyu3wMD32onjlWnrBJke78ilZHMOke7QezadcarPCYpx:8IU9MheRXngMDmgV2Mk0JcRYenA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cae42ec80a74d5dfe5aa09beb3805821_JaffaCakes118

Files

cae42ec80a74d5dfe5aa09beb3805821_JaffaCakes118
.exe windows:3 windows x86 arch:x86

562bef84679104f4bb60284c80d2d238

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
SetErrorMode
CreateDirectoryW
SuspendThread
FreeResource
lstrcmpiA
GetWindowsDirectoryW
IsValidLocale
LoadResource
OpenProcess
EndUpdateResourceA
CreateNamedPipeW
ReplaceFileA
GetProcAddress
MoveFileW
GetLastError
lstrcmpi
GetSystemDirectoryA
FindResourceA
LoadLibraryW
GetAtomNameA
GetCurrentThreadId
GetDiskFreeSpaceA
GetSystemDirectoryA
GetSystemDirectoryW
IsValidCodePage
GetTempPathA
GetComputerNameA
GetTempFileNameA
GetFileType
IsBadWritePtr
CompareFileTime
lstrcmp
ExpandEnvironmentStringsW
CreateEventA
BeginUpdateResourceA
GetTimeFormatW
OpenWaitableTimerA
GetTempPathW
GetPriorityClass
QueryPerformanceFrequency
GetModuleHandleW
WaitForMultipleObjects
GetTickCount
GetDiskFreeSpaceW
GetExpandedNameW
GetModuleHandleA
lstrcpy
ExpandEnvironmentStringsA
HeapCreate
CopyFileExA
FileTimeToLocalFileTime
OpenSemaphoreW
EnumDateFormatsW
GetEnvironmentStringsA

user32

CreateDialogIndirectParamA
GetMenuItemRect
SetWindowPos
GetCapture
WinHelpA
GetSysColor
ActivateKeyboardLayout
PeekMessageW
FillRect
GetScrollPos
MessageBoxW
EndMenu
MessageBoxIndirectW
LoadMenuA
wvsprintfA
DialogBoxParamA
ShowCaret
CreateDialogParamW
GetClassInfoExA
SetCursor
GetCaretPos
EnumDesktopsA
EnumDesktopsW
UpdateLayeredWindow
GetKeyboardType
ClientToScreen
GetMenu
CreateDialogParamA
GetMenuStringA
ChildWindowFromPoint
GetActiveWindow
CreateDesktopA
IsIconic
PostMessageW
DefWindowProcW
GetTopWindow
GetClassNameA
LoadIconW
LoadCursorA
MonitorFromWindow
GetWindowTextLengthW
SetWindowTextA
GetCursorPos
wvsprintfW
GetSubMenu
RemoveMenu
GetMessageA
IsDlgButtonChecked
GetMenuItemCount
GetDCEx
GetWindowTextLengthA

gdi32

DeleteObject
CreateRectRgn
StretchDIBits
CreatePolygonRgn
GetTextExtentExPointW
GetWorldTransform
GetGlyphIndicesA
EnumFontsA
StartPage
ResetDCW
SetGraphicsMode
GetBitmapBits
GetTextMetricsA
PolyPolyline
SetBrushOrgEx
CreateColorSpaceA
MoveToEx
GetICMProfileW
EnumFontFamiliesW
CreatePolyPolygonRgn
GetCharWidth32A
GetEnhMetaFileDescriptionW
TranslateCharsetInfo
SetPixel
Pie
SetViewportExtEx
EndFormPage
OffsetClipRgn
GetTextMetricsW
EqualRgn
RemoveFontResourceExA

advapi32

RegDeleteKeyA
RegEnumKeyW
RegQueryInfoKeyA
CryptSetProviderW
RegReplaceKeyA
RegCloseKey
RegEnumValueA
RegQueryMultipleValuesA
RegQueryValueExA
RegOpenKeyA
RegQueryValueExW
RegCreateKeyExA
RegEnumKeyExA
RegSetValueA
RegRestoreKeyW
RegRestoreKeyA

shell32

ExtractIconExW

shlwapi

SHRegDeleteUSValueW
SHDeleteKeyW
PathIsSameRootA
PathSkipRootA
StrRChrW

version

VerFindFileA
VerQueryValueA

ws2_32

inet_ntoa
accept
getsockopt
WSAEnumNetworkEvents
WSACloseEvent
WSACreateEvent
getprotobyname
WSAIoctl

urlmon

HlinkNavigateMoniker

winmm

waveOutUnprepareHeader
mixerGetLineControlsW
mmioRenameW
PlaySound
midiOutCacheDrumPatches
mmioOpenA
timeSetEvent
waveInGetNumDevs
tid32Message

Sections

.MQ
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZHYj
Size: 102KB - Virtual size: 203KB

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

562bef84679104f4bb60284c80d2d238

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

version

ws2_32

urlmon

winmm

Sections

.MQ Size: 22KB - Virtual size: 21KB

.rdata Size: 5KB - Virtual size: 5KB

.ZHYj Size: 102KB - Virtual size: 203KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 512B - Virtual size: 60KB

.MQ
Size: 22KB - Virtual size: 21KB

.rdata
Size: 5KB - Virtual size: 5KB

.ZHYj
Size: 102KB - Virtual size: 203KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 60KB