e82820ba02574e75d762c96b1af98dc1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e82820ba02574e75d762c96b1af98dc1_JaffaCakes118
Size

517KB
MD5

e82820ba02574e75d762c96b1af98dc1
SHA1

6bc361278539fbb107554a38201526f2b2ca9b2e
SHA256

a6bbb303f7c0326effc66c9c833fdb0bf77f9ebf4cda4fb9fa71aabad0e8003d
SHA512

f6147b77a2993d7d635c4f68d74869a398f28d4fb93e4474648e5170e01784aa9eae4c0b2d5936c7931a35800de46771424bfb6bd58174acb8123c6536cad163
SSDEEP

12288:OZeZWccDw7AC+WJXHnNoVU2xh2JYUO/S/Zvti22ElubXHELD7v6qCCIT458g32cc:OZeZWccE8C+WJXHnAtxh2JYUO/S/ZvtC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e82820ba02574e75d762c96b1af98dc1_JaffaCakes118

Files

e82820ba02574e75d762c96b1af98dc1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a964504f11da6bbf8ec3f47ee1d0996

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegDeleteKeyA
RegEnumValueA
RegSetValueExA
RegCloseKey
RegDeleteValueA

kernel32

Sleep
ResetEvent
CreateEventA
WaitForSingleObject
GetTickCount
GetSystemTimeAsFileTime
ReleaseMutex
GetModuleFileNameA
CloseHandle
CreateMutexA
OpenProcess
SetEvent
WaitForMultipleObjects
WinExec
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentProcessId
SetHandleCount
GetLocaleInfoA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetPrivateProfileStringA
OutputDebugStringA
DebugBreak
GetDiskFreeSpaceA
CopyFileA
GetExitCodeProcess
FindClose
FindNextFileA
FindFirstFileA
FileTimeToDosDateTime
SetEnvironmentVariableW
SystemTimeToFileTime
MoveFileA
GetFullPathNameA
GetACP
GetEnvironmentStrings
DosDateTimeToFileTime
CreateFileA
GetTempPathA
GetTempFileNameA
RemoveDirectoryA
SetCurrentDirectoryA
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetVersionExA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
ResumeThread
GetLastError
CreateThread
TlsSetValue
ExitThread
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
VirtualAlloc
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
MultiByteToWideChar
PeekNamedPipe
ReadFile
GetWindowsDirectoryA
WideCharToMultiByte
GetCPInfo
CompareStringA
GetOEMCP
WritePrivateProfileStringA
GetFileType
GetStdHandle
WriteFile
SetFilePointer
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetProcAddress
LoadLibraryA
SetStdHandle
MoveFileExA
GetLocaleInfoW
FlushFileBuffers
SearchPathA
CompareStringW
HeapReAlloc
CreateProcessA
CreateDirectoryA
DeleteFileA
GetFileAttributesA
GetCurrentDirectoryA
GetSystemDirectoryA
GetVolumeInformationA
GlobalAlloc
GetLogicalDrives
GetDriveTypeA
FreeLibrary
SetEndOfFile
GlobalLock
GlobalUnlock
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle

user32

SetWindowTextA
SetForegroundWindow
GetDlgItem
EndDialog
SendMessageA
MessageBoxA
UpdateWindow
InvalidateRect
ExitWindowsEx
PostMessageA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMenu
InsertMenuA
DrawMenuBar
LoadIconA
DialogBoxParamA
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
MessageBeep
wsprintfA
GetSystemMetrics

winmm

ord2
timeGetTime

wsock32

WSAStartup
WSACleanup
WSAAsyncGetHostByName
ntohs
htons
socket
gethostbyaddr
gethostbyname
ioctlsocket
WSAAsyncSelect
connect
recv
closesocket
WSAGetLastError
send
getsockname

comctl32

ord17

comdlg32

GetOpenFileNameA
GetSaveFileNameA

ole32

OleUninitialize
CoCreateInstance
OleInitialize

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3a964504f11da6bbf8ec3f47ee1d0996

Headers

File Characteristics

Imports

advapi32

kernel32

user32

winmm

wsock32

comctl32

comdlg32

ole32

shell32

version

Sections

.text Size: 358KB - Virtual size: 358KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 51KB - Virtual size: 218KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 88KB - Virtual size: 92KB

.text
Size: 358KB - Virtual size: 358KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 51KB - Virtual size: 218KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 88KB - Virtual size: 92KB