e108985fc38ba9f5c33ea5b4f7c4c25d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e108985fc38ba9f5c33ea5b4f7c4c25d_JaffaCakes118
Size

207KB
MD5

e108985fc38ba9f5c33ea5b4f7c4c25d
SHA1

943d70c4f58726b96380567d62010a2e10cc76b4
SHA256

66b1b0c9f47b042d080c94ff0499e7865c6708620b095d4eac398273160fb440
SHA512

5bb36cfd3328502a525a0cc1e7852250a4e994233282d1a690f20899cbb5487e33ef7d7014d3dd1604cfdc251b261876f54e2f7074ff817ff942458bdb90c1fd
SSDEEP

6144:yCd6BBQkUZ3hufnsUx/3GeGVGUX2Y6XTY:y/kwfceG7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e108985fc38ba9f5c33ea5b4f7c4c25d_JaffaCakes118

Files

e108985fc38ba9f5c33ea5b4f7c4c25d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

49da6afd05b2c1dd99aed2179a16aed7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

BitBlt
CreateCompatibleDC
CreateDIBitmap
DeleteDC
GetDeviceCaps
SelectObject
RealizePalette
DeleteObject
ExtEscape
CreateSolidBrush
CreateDIBSection
SetStretchBltMode
GetObjectA
GetStockObject
StretchDIBits
SelectPalette
CreateFontA
CreateCompatibleBitmap
GetDIBits
SetBkMode

shlwapi

PathFileExistsW
PathCombineW

kernel32

LoadLibraryA
lstrcmpA
GetCurrentThreadId
ResetEvent
FindResourceA
GetLocaleInfoA
CreateThread
CreateDirectoryW
VirtualProtect
IsDebuggerPresent
GlobalLock
InterlockedDecrement
GetProcessHeap
GetShortPathNameW
TerminateProcess
MapViewOfFile
InterlockedExchange
HeapFree
MultiByteToWideChar
IsBadWritePtr
CloseHandle
GetProcessAffinityMask
WaitForMultipleObjects
GetThreadLocale
VirtualAlloc
LeaveCriticalSection
OutputDebugStringA
GetSystemTime
GlobalReAlloc
VirtualFree
InterlockedIncrement
Beep
lstrcpynA
VirtualQuery
GlobalUnlock
GetProcAddress
CreateDirectoryA
SizeofResource
WriteProcessMemory
GetThreadPriority
lstrcmpiA
RaiseException
WideCharToMultiByte
GetSystemInfo
GetTempPathA
Sleep
EnumResourceTypesW
LoadLibraryW
WriteFile
GetVolumeInformationW
LoadResource
GetDriveTypeW
CreateFileMappingA
SetEvent
IsBadReadPtr
ReadFile
GetACP
CreateFileA
GetModuleFileNameW
GetCurrentThread
GetCurrentProcess
GlobalFree
IsDBCSLeadByte
LoadLibraryExA
_llseek
GetCurrentProcessId
lstrlenA
CreateEventA
ExitProcess
HeapAlloc
WaitForSingleObject
GetModuleFileNameA
GetFileAttributesA
GlobalAlloc
GetSystemTimeAsFileTime
OpenFileMappingA
OutputDebugStringW
DeviceIoControl
GetFileAttributesW
SetThreadPriority
GetModuleHandleA
GetLastError
FlushInstructionCache
InitializeCriticalSection
GetTempPathW
DeleteFileA
DeleteCriticalSection
SetEnvironmentVariableW
CreateSemaphoreA
LocalFree
EnterCriticalSection
lstrcpyA
GetTickCount
FreeLibrary
GlobalSize
GetVersionExA
MulDiv
QueryPerformanceCounter
lstrlenW

advapi32

RegEnumKeyExA
RegDeleteValueA
RegCloseKey
CryptDestroyKey
CryptEncrypt
RegCreateKeyExA
CryptDestroyHash
CryptCreateHash
RegOpenKeyExA
CryptAcquireContextA
CryptHashData
RegEnumValueA
RegQueryValueExA
CryptGetHashParam
CryptImportKey
RegQueryInfoKeyA
CryptReleaseContext
RegSetValueExA
RegDeleteKeyA

ole32

CoGetClassObject
CoTaskMemAlloc
StgCreateDocfile
StringFromGUID2
CreateBindCtx
CoUninitialize
OleUninitialize
BindMoniker
OleInitialize
StgOpenStorage
CoTaskMemFree
CLSIDFromProgID
CoInitializeSecurity
CreateStreamOnHGlobal
CoInitialize
StgIsStorageFile
CoTaskMemRealloc
CoSetProxyBlanket
CreateItemMoniker
GetRunningObjectTable
OleLockRunning
CoCreateInstance
CLSIDFromString

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

user32

SetCapture
SendMessageA
DefWindowProcA
KillTimer
GetParent
CreateWindowExA
DestroyWindow
GetWindowLongA
DrawTextA
CharNextA
GetClassNameA
LoadCursorA
PeekMessageA
wsprintfA
GetActiveWindow
MsgWaitForMultipleObjects
DispatchMessageA
wvsprintfA
UnregisterClassA
CopyRect
SetWindowTextA
DestroyAcceleratorTable
SetRect
GetSysColor
PostThreadMessageA
GetQueueStatus
EndPaint
SetTimer
ReleaseCapture
GetWindowTextA
RegisterWindowMessageA
GetDC
GetDlgItem
GetClassInfoExA
ShowWindow
GetWindow
FindWindowA
SendNotifyMessageA
EqualRect
ReleaseDC
GetDesktopWindow
InvalidateRect
GetWindowRect
SendMessageTimeoutA
GetClientRect
PostMessageA
GetWindowTextLengthA
CallWindowProcA
SetWindowLongA
IsWindow
IsChild
GetFocus
SetFocus
CreateAcceleratorTableA
BeginPaint
InvalidateRgn
FillRect
MoveWindow
RedrawWindow
EnumDisplayDevicesA
RegisterClassExA
CreateDialogParamA
SetParent
SetWindowPos

gdiplus

GdipFree
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromFileICM
GdipCloneImage

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

timeGetTime
timeSetEvent

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49da6afd05b2c1dd99aed2179a16aed7

Headers

File Characteristics

Imports

gdi32

shlwapi

kernel32

advapi32

ole32

shell32

user32

gdiplus

setupapi

version

winmm

wininet

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 7KB - Virtual size: 6KB

.bss Size: 80KB - Virtual size: 79KB

.tls Size: 1024B - Virtual size: 92KB

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 7KB - Virtual size: 6KB

.bss
Size: 80KB - Virtual size: 79KB

.tls
Size: 1024B - Virtual size: 92KB