e43bfbdaf98a56bafaa9a2335f4f5308_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e43bfbdaf98a56bafaa9a2335f4f5308_JaffaCakes118
Size

176KB
MD5

e43bfbdaf98a56bafaa9a2335f4f5308
SHA1

c311ec51e5ce9c89294fe9b7a670cc7209e8d104
SHA256

ba01d0bc21857a70b3871bba9248508357342b1f05c25e3b02201c2a5d7fac99
SHA512

a33501a29e38a75e543e3e05753ac7e78385f0aed610a608d9fe09732b986e887bc47d7b71e54f567ec60da1583d869c99821ffc51f1054ec94cabcfc2c2aed1
SSDEEP

3072:H6NJ7am8oFpXqNz4ozeL8UoizcoDh9oPQY3VzyAXmKLdiGsy5VQs3:aqoFpw2tcRtBzXmKj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e43bfbdaf98a56bafaa9a2335f4f5308_JaffaCakes118

Files

e43bfbdaf98a56bafaa9a2335f4f5308_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5fc274b28d2ed4e05e7ad130e299d864

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoSetProxyBlanket
StgIsStorageFile
CoCreateInstance
CreateItemMoniker
CreateBindCtx
BindMoniker
CoInitializeSecurity
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
CoInitialize
OleUninitialize
CoUninitialize
StgOpenStorage
StringFromGUID2
CoTaskMemRealloc
CreateStreamOnHGlobal
StgCreateDocfile
OleLockRunning
OleInitialize
GetRunningObjectTable
CoTaskMemFree
CLSIDFromString

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

version

GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueA

gdiplus

GdipDisposeImage
GdipGetImagePixelFormat
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipFree
GdipAlloc
GdipCloneImage

winmm

timeGetTime
timeSetEvent

user32

IsWindow
FillRect
PostMessageA
InvalidateRect
InvalidateRgn
DrawTextA
GetWindowTextLengthA
CreateAcceleratorTableA
CreateWindowExA
wvsprintfA
UnregisterClassA
SetParent
GetQueueStatus
ShowWindow
GetParent
EnumDisplayDevicesA
MoveWindow
CharNextA
RegisterClassExA
DefWindowProcA
GetClassNameA
GetDesktopWindow
PeekMessageA
KillTimer
LoadCursorA
SendMessageTimeoutA
SetFocus
FindWindowA
GetClassInfoExA
SendMessageA
EqualRect
ReleaseCapture
DestroyAcceleratorTable
GetFocus
GetWindow
GetWindowTextA
GetSysColor
DestroyWindow
GetActiveWindow
CallWindowProcA
BeginPaint
wsprintfA
SetWindowLongA
RedrawWindow
RegisterWindowMessageA
CopyRect
SetCapture
DispatchMessageA
MsgWaitForMultipleObjects
IsChild
CreateDialogParamA
SetRect
PostThreadMessageA
GetDlgItem
SetWindowTextA
GetWindowLongA
GetDC
SetTimer
EndPaint
GetWindowRect
SendNotifyMessageA
ReleaseDC
GetClientRect
SetWindowPos

kernel32

SetEnvironmentVariableW
WriteProcessMemory
GetLastError
WaitForMultipleObjects
LocalFree
WriteFile
VirtualFree
GetShortPathNameW
MultiByteToWideChar
WaitForSingleObject
GlobalFree
GlobalSize
GetCurrentThreadId
GetModuleFileNameW
lstrcpyA
RaiseException
GlobalReAlloc
VirtualAlloc
InterlockedDecrement
GetProcAddress
Sleep
LoadLibraryExA
IsDebuggerPresent
EnterCriticalSection
GetProcessAffinityMask
GlobalAlloc
ReadFile
GetThreadLocale
OutputDebugStringW
GetDriveTypeW
Beep
HeapAlloc
GetSystemInfo
VirtualProtect
lstrcpynA
GetVolumeInformationW
GlobalUnlock
FlushInstructionCache
OutputDebugStringA
CreateFileMappingA
GetCurrentProcess
SizeofResource
lstrcmpA
CreateThread
TerminateProcess
GetFileAttributesW
MulDiv
VirtualQuery
ResetEvent
GetACP
InterlockedExchange
GetTickCount
DeleteFileA
EnumResourceTypesW
DeviceIoControl
DeleteCriticalSection
OpenFileMappingA
LoadResource
GetSystemTime
CreateDirectoryA
FreeLibrary
GetLocaleInfoA
lstrlenA
InitializeCriticalSection
SetEvent
HeapFree
_llseek
InterlockedIncrement
GetProcessHeap
IsDBCSLeadByte
MapViewOfFile
ExitProcess
GlobalLock
LoadLibraryA
IsBadWritePtr
CreateEventA
CreateDirectoryW
GetFileAttributesA
FindResourceA
IsBadReadPtr
CreateSemaphoreA
GetVersionExA
GetCurrentProcessId
GetCurrentThread
CloseHandle
GetTempPathW
CreateFileA
lstrcmpiA
WideCharToMultiByte
GetSystemTimeAsFileTime
GetTempPathA
SetThreadPriority
QueryPerformanceCounter
LoadLibraryW
GetModuleHandleA
GetThreadPriority
LeaveCriticalSection
GetModuleFileNameA
lstrlenW

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

gdi32

GetObjectA
DeleteObject
ExtEscape
GetStockObject
GetDIBits
SelectPalette
GetDeviceCaps
DeleteDC
SetStretchBltMode
CreateDIBitmap
BitBlt
CreateSolidBrush
CreateDIBSection
StretchDIBits
CreateFontA
SelectObject
CreateCompatibleDC
RealizePalette
CreateCompatibleBitmap
SetBkMode

shlwapi

PathFileExistsW
PathCombineW

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

advapi32

RegQueryInfoKeyA
CryptEncrypt
CryptGetHashParam
RegEnumKeyExA
RegQueryValueExA
CryptImportKey
RegEnumValueA
RegCreateKeyExA
CryptReleaseContext
RegOpenKeyExA
CryptCreateHash
CryptHashData
CryptDestroyKey
RegDeleteValueA
CryptAcquireContextA
RegSetValueExA
CryptDestroyHash
RegCloseKey
RegDeleteKeyA

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fc274b28d2ed4e05e7ad130e299d864

Headers

File Characteristics

Imports

ole32

shell32

version

gdiplus

winmm

user32

kernel32

wininet

gdi32

shlwapi

setupapi

advapi32

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 7KB - Virtual size: 6KB

.bss Size: 66KB - Virtual size: 66KB

.tls Size: 1024B - Virtual size: 244KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 7KB - Virtual size: 6KB

.bss
Size: 66KB - Virtual size: 66KB

.tls
Size: 1024B - Virtual size: 244KB