JaffaCakes118_6529fdafbfd66484515e1578a08d1895

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_6529fdafbfd66484515e1578a08d1895
Size

184KB
MD5

6529fdafbfd66484515e1578a08d1895
SHA1

8058d1978902a3bba52fc839e6e3d9f8dc752649
SHA256

495da484cef759211fd773b30a029984c591387f3eac73d4114a6703e8d6c9a2
SHA512

e7675c657f10010589607c57bfd6b390f8d24e38322ffed07a52e2eccfdf18685c6d546ff66aeaee5fe42df4899b56880e11ce8aa1b04cbccac974e1e644ce3b
SSDEEP

3072:Hr57etotAEgTYgS5d9YeV4+0muwGbt+DgwWUTZM+bwyr14d4wKU:LFefEgMTH9J4/btugvUOfo8O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6529fdafbfd66484515e1578a08d1895

Files

JaffaCakes118_6529fdafbfd66484515e1578a08d1895
.exe windows:4 windows x86 arch:x86

1b402de770f58e5395ea76635648b644

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW
PathCombineW

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

gdi32

CreateFontA
ExtEscape
StretchDIBits
SelectObject
CreateDIBSection
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
BitBlt
SetStretchBltMode
GetStockObject
DeleteDC
GetObjectA
RealizePalette
GetDIBits
SelectPalette
CreateDIBitmap
SetBkMode

winmm

timeGetTime
timeSetEvent

kernel32

GetShortPathNameW
CreateFileMappingA
LocalAlloc
UnmapViewOfFile
GlobalFree
ReadFile
LocalFree
GetProcessAffinityMask
Sleep
MapViewOfFile
EnumResourceTypesW
GlobalSize
CreateFileW
CreateFileA
GlobalAlloc
DisableThreadLibraryCalls
GetFileSize
GetFileAttributesA
SetFilePointer
WriteFile
GetTickCount
WideCharToMultiByte
CloseHandle

ole32

OleLockRunning
CoSetProxyBlanket
CoTaskMemFree
StgCreateDocfile
CoInitialize
CreateStreamOnHGlobal
StgOpenStorage
CreateItemMoniker
CoCreateInstance
CreateBindCtx
CLSIDFromProgID
BindMoniker
CoTaskMemRealloc
GetRunningObjectTable
StringFromGUID2
OleUninitialize
CoUninitialize
StgIsStorageFile
CoGetClassObject
CoTaskMemAlloc
CoInitializeSecurity
OleInitialize
CLSIDFromString

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueA

gdiplus

GdipFree
GdipAlloc
GdipCreateBitmapFromFileICM
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipDisposeImage
GdipCloneImage

user32

MsgWaitForMultipleObjects
BeginPaint
GetClassNameA
GetDC
DestroyAcceleratorTable
IsChild
SetWindowTextA
PostThreadMessageA
GetActiveWindow
KillTimer
ReleaseCapture
DestroyWindow
UnregisterClassA
PeekMessageA
CopyRect
GetWindowTextA
IsWindow
GetWindowLongA
GetDesktopWindow
DispatchMessageA
GetWindow
EqualRect
SetWindowLongA
RegisterWindowMessageA
SendMessageTimeoutA
FillRect
GetSysColor
DrawTextA
CharNextA
GetWindowRect
GetQueueStatus
GetFocus
InvalidateRect
CreateWindowExA
CallWindowProcA
CreateAcceleratorTableA
SendMessageA
GetWindowTextLengthA
CreateDialogParamA
GetParent
GetDlgItem
SetParent
ShowWindow
RedrawWindow
GetClientRect
EndPaint
FindWindowA
SetCapture
wvsprintfA
LoadCursorA
wsprintfA
RegisterClassExA
DefWindowProcA
PostMessageA
GetClassInfoExA
EnumDisplayDevicesA
SetRect
SetTimer
SetFocus
MoveWindow
ReleaseDC
SendNotifyMessageA
InvalidateRgn
SetWindowPos

advapi32

RegQueryValueExA
RegOpenKeyExA
CryptDestroyKey
CryptDestroyHash
CryptImportKey
RegCloseKey
CryptGetHashParam
RegEnumValueA
CryptAcquireContextA
RegSetValueExA
RegQueryInfoKeyA
CryptHashData
RegEnumKeyExA
CryptCreateHash
CryptReleaseContext
RegDeleteValueA
RegCreateKeyExA
CryptEncrypt
RegDeleteKeyA

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b402de770f58e5395ea76635648b644

Headers

File Characteristics

Imports

shlwapi

wininet

setupapi

shell32

gdi32

winmm

kernel32

ole32

version

gdiplus

user32

advapi32

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 5KB - Virtual size: 4KB

.bss Size: 75KB - Virtual size: 74KB

.tls Size: 1024B - Virtual size: 120KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 5KB - Virtual size: 4KB

.bss
Size: 75KB - Virtual size: 74KB

.tls
Size: 1024B - Virtual size: 120KB