JaffaCakes118_63f66e853c3b3138c8786d61b14fceb0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_63f66e853c3b3138c8786d61b14fceb0
Size

187KB
MD5

63f66e853c3b3138c8786d61b14fceb0
SHA1

d2fdaf8fdcc3c756eb2b5f72ee709820360879f9
SHA256

93970059a62b0ef64a5785d9cdd924d498583c6732a4d912de6f7909d874beda
SHA512

72d9c5b440eca40c42f563fba190ec620bc21d6444a59d84928e63032424a89ff9f50d2962120871a46ca4cf171765ba38c45f0205a28c9c13346c0b69e4c864
SSDEEP

3072:4bqUNDd7v8kp2UvQcheQmPAJWnFMymMwua28i0lyFp2uBI0tJtKswDMNAZ8B:4jHU22UYc7SAJkMif8i0lyL2snKs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_63f66e853c3b3138c8786d61b14fceb0

Files

JaffaCakes118_63f66e853c3b3138c8786d61b14fceb0
.exe windows:4 windows x86 arch:x86

fa33c365498c7ab5c04926b8c5f06a69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
CryptDestroyHash
CryptGetHashParam
RegDeleteValueA
RegCloseKey
CryptReleaseContext
RegCreateKeyExA
CryptCreateHash
RegQueryValueExA
CryptHashData
CryptImportKey
CryptDestroyKey
RegOpenKeyExA
RegEnumKeyExA
CryptAcquireContextA
CryptEncrypt
RegDeleteKeyA

kernel32

ResetEvent
DeviceIoControl
CreateDirectoryW
GetVolumeInformationW
Beep
GetLastError
GetSystemTimeAsFileTime
GetShortPathNameW
IsBadReadPtr
GetCurrentProcessId
FlushInstructionCache
GetTempPathW
GlobalLock
HeapAlloc
WaitForMultipleObjects
GetDriveTypeW
IsBadWritePtr
GetSystemTime
GlobalFree
VirtualQuery
HeapFree
VirtualAlloc
WideCharToMultiByte
GetProcessAffinityMask
LeaveCriticalSection
SetEvent
CreateEventA
GetModuleFileNameA
lstrlenA
LocalFree
GetSystemInfo
GetThreadLocale
OutputDebugStringW
GlobalAlloc
RaiseException
IsDBCSLeadByte
DeleteCriticalSection
GlobalReAlloc
EnterCriticalSection
CreateThread
CreateDirectoryA
GetFileAttributesW
GetCurrentThreadId
EnumResourceTypesW
GetLocaleInfoA
GetACP
SetThreadPriority
ReadFile
MulDiv
LoadLibraryExA
GetVersionExA
FindResourceA
VirtualFree
SetEnvironmentVariableW
InitializeCriticalSection
IsDebuggerPresent
GlobalUnlock
lstrcpynA
InterlockedExchange
GetTickCount
CreateFileA
GlobalSize
GetCurrentThread
LoadLibraryA
TerminateProcess
DeleteFileA
CreateSemaphoreA
_llseek
WaitForSingleObject
InterlockedIncrement
GetFileAttributesA
CloseHandle
SizeofResource
WriteProcessMemory
lstrcpyA
lstrcmpA
VirtualProtect
OpenFileMappingA
CreateFileMappingA
MultiByteToWideChar
InterlockedDecrement
GetProcessHeap
LoadLibraryW
GetCurrentProcess
FreeLibrary
GetProcAddress
MapViewOfFile
GetTempPathA
OutputDebugStringA
GetModuleFileNameW
QueryPerformanceCounter
GetThreadPriority
ExitProcess
Sleep
GetModuleHandleA
WriteFile
lstrcmpiA
LoadResource
lstrlenW

winmm

timeGetTime
timeSetEvent

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

shlwapi

PathFileExistsW
PathCombineW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

ole32

CoUninitialize
CoCreateInstance
CoGetClassObject
OleLockRunning
CoTaskMemRealloc
CreateItemMoniker
OleInitialize
StgIsStorageFile
CoSetProxyBlanket
GetRunningObjectTable
OleUninitialize
CoTaskMemAlloc
StgCreateDocfile
CoTaskMemFree
BindMoniker
CoInitializeSecurity
CoInitialize
CLSIDFromProgID
StgOpenStorage
CreateStreamOnHGlobal
StringFromGUID2
CreateBindCtx
CLSIDFromString

gdiplus

GdipFree
GdipAlloc
GdipCreateBitmapFromFile
GdipDisposeImage
GdipGetImagePixelFormat
GdipCreateBitmapFromFileICM
GdipCloneImage

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

gdi32

CreateCompatibleBitmap
GetObjectA
CreateCompatibleDC
CreateDIBSection
GetDeviceCaps
DeleteDC
SetStretchBltMode
RealizePalette
ExtEscape
SelectPalette
StretchDIBits
BitBlt
CreateFontA
GetStockObject
CreateDIBitmap
GetDIBits
CreateSolidBrush
SelectObject
DeleteObject
SetBkMode

user32

PostMessageA
SetWindowTextA
InvalidateRgn
UnregisterClassA
ReleaseDC
EqualRect
CopyRect
GetWindowTextLengthA
RegisterWindowMessageA
DispatchMessageA
GetParent
SetTimer
CreateAcceleratorTableA
GetActiveWindow
GetSysColor
GetClassInfoExA
DrawTextA
CreateDialogParamA
RegisterClassExA
GetFocus
SetRect
PeekMessageA
IsWindow
FindWindowA
GetClassNameA
LoadCursorA
SetFocus
ShowWindow
GetQueueStatus
GetWindowLongA
GetDC
SetParent
SendNotifyMessageA
GetDesktopWindow
wsprintfA
SendMessageA
EnumDisplayDevicesA
ReleaseCapture
GetWindowTextA
MsgWaitForMultipleObjects
GetClientRect
DestroyAcceleratorTable
GetDlgItem
IsChild
SetWindowLongA
MoveWindow
RedrawWindow
BeginPaint
PostThreadMessageA
SendMessageTimeoutA
GetWindowRect
FillRect
GetWindow
CharNextA
InvalidateRect
EndPaint
KillTimer
DestroyWindow
DefWindowProcA
wvsprintfA
CallWindowProcA
SetCapture
CreateWindowExA
SetWindowPos

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa33c365498c7ab5c04926b8c5f06a69

Headers

File Characteristics

Imports

advapi32

kernel32

winmm

shell32

shlwapi

setupapi

ole32

gdiplus

wininet

gdi32

user32

version

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 7KB - Virtual size: 6KB

.bss Size: 73KB - Virtual size: 72KB

.tls Size: 1024B - Virtual size: 116KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 7KB - Virtual size: 6KB

.bss
Size: 73KB - Virtual size: 72KB

.tls
Size: 1024B - Virtual size: 116KB