e0a338daaa920ad9884257f725440205_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e0a338daaa920ad9884257f725440205_JaffaCakes118
Size

196KB
MD5

e0a338daaa920ad9884257f725440205
SHA1

7c5a798b88ec52d07491d05a6e284533955f743b
SHA256

a3563874619c2009c804b33269ee2e80626173423e3328c57839e816363f8eca
SHA512

32f5605163e2745cb51cdb136a9e341b5f4d9dd22e9cdfa11c1502e31368b18d60231a4e8524b28355038334f5d8431ede0921c3d41bbc6265a9093374412031
SSDEEP

3072:P5IGQr+QpO1rUXiJqA35FnIzJ+vLJ4AH3J4AHmN2hQO6UfATvp1Zo7D0+BBK:hIGQHxXiqAJ5B4AHZ4AHmAeUYK7D/w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0a338daaa920ad9884257f725440205_JaffaCakes118

Files

e0a338daaa920ad9884257f725440205_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8781ca8d8288e3880e88f6f860cd6579

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntW
GetModuleFileNameW
GetCurrentDirectoryW
GlobalAlloc
FreeLibrary
GetProcAddress
GetUserDefaultLangID
GetCurrentThread
WriteFile
SetThreadPriority
GetModuleHandleW
IsBadStringPtrW
IsBadWritePtr
IsBadReadPtr
GetStartupInfoW
lstrcpyW
FindResourceW
LoadResource
LockResource
GlobalHandle
GlobalFree
FreeResource
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
CreateProcessW
CloseHandle
DeleteFileW
WritePrivateProfileStringW
MoveFileW
GetTempPathW
GetFileAttributesW
GetFileSize
CreateFileW
ReadFile
WideCharToMultiByte
WaitForSingleObject
Sleep
MulDiv
GetTickCount
HeapDestroy
SetCurrentDirectoryW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpW
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
lstrlenA
lstrlenW
lstrcpynW

user32

GetClassInfoExW
DefWindowProcW
PostMessageW
SetWindowTextW
RegisterWindowMessageW
RegisterClassExW
DialogBoxIndirectParamW
SetWindowLongW
GetWindow
IsWindow
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
CallWindowProcW
GetSysColor
SetFocus
IsChild
GetFocus
ReleaseDC
GetDC
EndPaint
FillRect
GetClientRect
BeginPaint
SetWindowPos
GetSystemMetrics
PtInRect
DrawTextW
ShowWindow
LoadIconW
GetPropW
RemovePropW
SetPropW
GetForegroundWindow
ClientToScreen
ScreenToClient
TranslateMessage
MoveWindow
OffsetRect
CopyRect
FindWindowW
LoadStringW
GetWindowRect
SystemParametersInfoW
MapWindowPoints
PeekMessageW
DispatchMessageW
SetDlgItemTextW
KillTimer
EnableWindow
EndDialog
SetTimer
GetDlgItem
SendMessageW
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
wsprintfW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
GetDesktopWindow
GetParent
GetClassNameW
RedrawWindow

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetObjectW
GetStockObject
GetTextExtentPoint32W
GetTextMetricsW
ExtTextOutW
SetBkColor
SelectObject
SetBkMode
SetTextColor
BitBlt
GetDeviceCaps
DeleteDC

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
OleLockRunning

oleaut32

VariantClear
SysStringLen
LoadRegTypeLi
SysAllocString
SysAllocStringLen
SysFreeString
OleCreateFontIndirect

wininet

InternetOpenW
InternetSetOptionW
InternetOpenUrlW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetCanonicalizeUrlW

msvcrt

calloc
_wcsicmp
wcsncmp
_except_handler3
wcstok
wcsrchr
malloc
wcscmp
wcscat
_wmkdir
rand
wcscpy
wcslen
memset
strlen
strstr
free
memcmp
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z
time
__CxxFrameHandler
_beginthread
_endthread
_wcsdup
_wtoi
swscanf
memmove
wcschr
wcsstr
vswprintf
swprintf
iswdigit
iswspace
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
_exit

comctl32

InitCommonControlsEx
ord17

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8781ca8d8288e3880e88f6f860cd6579

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

msvcrt

comctl32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 47KB - Virtual size: 47KB

.rrdata Size: 72KB - Virtual size: 72KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 47KB - Virtual size: 47KB

.rrdata
Size: 72KB - Virtual size: 72KB