JaffaCakes118_6877d8ce9130e13096d0626d03fc0f10

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_6877d8ce9130e13096d0626d03fc0f10
Size

176KB
MD5

6877d8ce9130e13096d0626d03fc0f10
SHA1

13043b5488d398c06439291c3f29930e8637e2e4
SHA256

e1316573f8db5a63dc2b4e00ee807ab87ea56548f2007b1b75890238096f60bf
SHA512

949fd8ddec19b7462a567b1d095463d372b22a004c7f11a47af95af0577af3587104990448766f4220a10279b64eac40328a894a8b78501e8aa999a73027321f
SSDEEP

3072:NY0z6yXJfDu4sThhOrjdxFH5jEMycV2Y7Ow/33iFMMww1+:PzBJIThhWj/jEMn9Ow3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6877d8ce9130e13096d0626d03fc0f10

Files

JaffaCakes118_6877d8ce9130e13096d0626d03fc0f10
.exe windows:4 windows x86 arch:x86

f0ed1960663e424ada575e184438ce39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImagePixelFormat
GdipCreateBitmapFromFileICM
GdipAlloc
GdipFree
GdipDisposeImage
GdipCreateBitmapFromFile
GdipCloneImage

advapi32

RegCloseKey
RegEnumValueA
RegQueryValueExA
CryptDestroyKey
CryptImportKey
RegCreateKeyExA
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
CryptEncrypt
CryptAcquireContextA
CryptHashData
RegDeleteValueA
RegQueryInfoKeyA
RegDeleteKeyA

ole32

CoTaskMemAlloc
StgOpenStorage
StgIsStorageFile
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
OleLockRunning
CoGetClassObject
CoCreateInstance
BindMoniker
CreateStreamOnHGlobal
CreateBindCtx
OleUninitialize
CoTaskMemFree
StringFromGUID2
CreateItemMoniker
GetRunningObjectTable
OleInitialize
CoInitialize
CoTaskMemRealloc
CLSIDFromProgID
StgCreateDocfile
CLSIDFromString

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

user32

RegisterClassExA
GetWindowLongA
wsprintfA
RedrawWindow
GetClassNameA
GetParent
GetSysColor
SetCapture
GetActiveWindow
ReleaseCapture
CharNextA
CopyRect
InvalidateRect
UnregisterClassA
BeginPaint
EqualRect
GetDesktopWindow
CallWindowProcA
GetDC
ReleaseDC
DrawTextA
DefWindowProcA
CreateAcceleratorTableA
wvsprintfA
PeekMessageA
FindWindowA
MoveWindow
RegisterWindowMessageA
EndPaint
CreateDialogParamA
SetFocus
SetRect
DestroyWindow
GetQueueStatus
PostMessageA
GetDlgItem
DispatchMessageA
GetWindowTextLengthA
LoadCursorA
PostThreadMessageA
MsgWaitForMultipleObjects
SendNotifyMessageA
InvalidateRgn
SendMessageTimeoutA
SetTimer
ShowWindow
GetWindow
SetWindowTextA
KillTimer
IsChild
GetClientRect
SetWindowLongA
GetFocus
GetWindowTextA
EnumDisplayDevicesA
DestroyAcceleratorTable
GetWindowRect
CreateWindowExA
SendMessageA
FillRect
GetClassInfoExA
IsWindow
SetParent
SetWindowPos

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

gdi32

BitBlt
DeleteDC
StretchDIBits
CreateCompatibleBitmap
CreateFontA
RealizePalette
CreateDIBSection
GetStockObject
CreateCompatibleDC
CreateSolidBrush
DeleteObject
SetStretchBltMode
ExtEscape
SelectPalette
GetDeviceCaps
SelectObject
GetObjectA
CreateDIBitmap
GetDIBits
SetBkMode

kernel32

GetShortPathNameW
OutputDebugStringW
EnterCriticalSection
DeleteCriticalSection
HeapFree
GetCurrentThreadId
GetFileAttributesW
InitializeCriticalSection
GetVersionExA
WaitForSingleObject
GlobalAlloc
SetEvent
InterlockedDecrement
GetThreadPriority
_llseek
SetEnvironmentVariableW
GetACP
GetThreadLocale
GetModuleFileNameA
lstrcpynA
CreateFileMappingA
GetVolumeInformationW
GlobalLock
InterlockedExchange
GlobalReAlloc
CreateFileA
TerminateProcess
CreateDirectoryA
WideCharToMultiByte
GetSystemInfo
LoadLibraryW
GetModuleFileNameW
Sleep
FindResourceA
WriteFile
QueryPerformanceCounter
GetProcessAffinityMask
IsDebuggerPresent
CreateThread
LeaveCriticalSection
lstrcpyA
GlobalFree
MultiByteToWideChar
GetLastError
GetModuleHandleA
WaitForMultipleObjects
lstrlenA
VirtualFree
GlobalSize
GetTickCount
LocalFree
FreeLibrary
ReadFile
DeleteFileA
GetTempPathW
SetThreadPriority
EnumResourceTypesW
VirtualProtect
IsDBCSLeadByte
LoadLibraryExA
HeapAlloc
GlobalUnlock
CreateEventA
VirtualAlloc
OpenFileMappingA
SizeofResource
ResetEvent
InterlockedIncrement
IsBadReadPtr
MulDiv
GetDriveTypeW
WriteProcessMemory
RaiseException
GetLocaleInfoA
MapViewOfFile
FlushInstructionCache
GetFileAttributesA
LoadLibraryA
Beep
CreateDirectoryW
GetSystemTimeAsFileTime
VirtualQuery
OutputDebugStringA
lstrcmpiA
LoadResource
GetProcessHeap
ExitProcess
CreateSemaphoreA
GetCurrentProcess
GetTempPathA
CloseHandle
GetSystemTime
DeviceIoControl
lstrcmpA
GetCurrentThread
GetProcAddress
IsBadWritePtr
GetCurrentProcessId
lstrlenW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

shlwapi

PathFileExistsW
PathCombineW

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

winmm

timeGetTime
timeSetEvent

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0ed1960663e424ada575e184438ce39

Headers

File Characteristics

Imports

gdiplus

advapi32

ole32

wininet

user32

version

gdi32

kernel32

setupapi

shlwapi

shell32

winmm

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 7KB - Virtual size: 6KB

.bss Size: 68KB - Virtual size: 68KB

.tls Size: 1024B - Virtual size: 244KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 7KB - Virtual size: 6KB

.bss
Size: 68KB - Virtual size: 68KB

.tls
Size: 1024B - Virtual size: 244KB