JaffaCakes118_3aab695f8c882adfb7cd72648e4ea989

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_3aab695f8c882adfb7cd72648e4ea989
Size

244KB
MD5

3aab695f8c882adfb7cd72648e4ea989
SHA1

65b171b982e5323437b0faa92ad932f3f0fdcba9
SHA256

1af69e14851b715125f80cd86d5b06b03dcdaa68cf70aed04d84ac2010f33c9c
SHA512

372aa7ca93ef89df84185252cd60bca59da7c1884914be9cbdb8af415ded0036c8f3bce9d658ffd3f9a1c4db6deee382bedd2e852b4597d86d9818079409a97a
SSDEEP

6144:8JCigFH/PMxyVngY3KXGPISSJx09Y59PwM0EU:SQX+yhISSYjMjU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3aab695f8c882adfb7cd72648e4ea989

Files

JaffaCakes118_3aab695f8c882adfb7cd72648e4ea989
.exe windows:4 windows x86 arch:x86

d56e77e6689bc4819fb4970441913f07

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToDosDateTime
SetCurrentDirectoryA
OpenMutexW
GetSystemDefaultLangID
GetStartupInfoW
GetNumberFormatA
GetSystemDirectoryW
GetCommandLineA
GetOEMCP
ReadDirectoryChangesW
GetProcessHeaps
GetSystemInfo
GetProcAddress
CreateMutexA
FileTimeToSystemTime
GetWindowsDirectoryW
LoadLibraryExA
LoadResource
OpenSemaphoreA
GlobalDeleteAtom
MulDiv
FileTimeToLocalFileTime
lstrcmpiA
RemoveDirectoryA
lstrcmpA
GetCurrentThreadId
OpenFile
lstrcpyW
AddAtomW
GetMailslotInfo
CreateMailslotA
GetEnvironmentVariableA
OpenWaitableTimerA
lstrcpyn
IsValidCodePage
lstrcmpW
lstrcpyA
GetDateFormatA
GetHandleInformation
ReplaceFileW
IsBadWritePtr
GetLogicalDrives
DuplicateHandle
MoveFileW
CreateSemaphoreA
GlobalFindAtomA
IsBadStringPtrW
lstrcmp
IsBadCodePtr
GetEnvironmentStringsA
GetShortPathNameA
SetComputerNameW
lstrcpynA
DosDateTimeToFileTime
GetCurrentThread
GetTickCount
GetLogicalDriveStringsA
Sleep
LoadLibraryW
IsBadReadPtr
GetCurrentDirectoryA
GetModuleHandleA
ExpandEnvironmentStringsW
CreateDirectoryW
SetEvent
GetComputerNameA
MoveFileA
CompareFileTime
IsValidLocale
FindAtomA
SetCalendarInfoA
GetFileAttributesA
GetLongPathNameW

user32

EndDialog
GetActiveWindow
UnregisterClassW
CreateDialogIndirectParamA
DialogBoxParamA
WaitForInputIdle
AppendMenuA
GetMenuItemInfoA

gdi32

RemoveFontResourceExW
GetStockObject
CreatePalette
CreateMetaFileA
GetTextExtentPointW
CreateDIBPatternBrush
RemoveFontResourceExA
CreateBitmap
ExtCreateRegion
GetEnhMetaFileA
StretchDIBits
CreateBitmapIndirect
CreateRoundRectRgn
CreatePen
UpdateICMRegKeyW
RemoveFontResourceW
GetEnhMetaFilePixelFormat
CreateScalableFontResourceA
UpdateICMRegKeyA
GdiGetBatchLimit
SetEnhMetaFileBits
CreatePolyPolygonRgn
GetMetaFileA
CreateFontA
CreateICA
CreateDIBSection

shell32

StrCmpNA
SHGetDiskFreeSpaceExA
ExtractAssociatedIconExW
ExtractIconW
StrRStrA
SHGetDiskFreeSpaceExW
ShellExecuteEx

comdlg32

PrintDlgExA
ReplaceTextW
GetOpenFileNameW
FindTextW
GetSaveFileNameW
ChooseFontA
FindTextA
PrintDlgA

ws2_32

socket

wininet

CommitUrlCacheEntryA
FindFirstUrlCacheEntryExA
RetrieveUrlCacheEntryStreamW

winmm

waveOutBreakLoop
midiStreamPosition
mmioStringToFOURCCA
joyGetPosEx
mmioOpenA
DefDriverProc
timeKillEvent
mixerGetDevCapsW
midiInGetErrorTextA

wsock32

GetTypeByNameA
dn_expand
rresvport
rexec
GetNameByTypeA
WSAAsyncGetHostByAddr
listen
WSAAsyncGetProtoByName
WSACleanup
WSACancelBlockingCall
getsockopt
WSAStartup
sendto
NPLoadNameSpaces
__WSAFDIsSet
MigrateWinsockConfiguration
WSAAsyncGetHostByName
gethostbyaddr
bind

Sections

.Zs
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.w
Size: 2KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zHjPGy
Size: 4KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YtVPM
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CWZ
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.M
Size: 4KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rL
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KJE
Size: 9KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oFwgb
Size: 5KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d56e77e6689bc4819fb4970441913f07

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ws2_32

wininet

winmm

wsock32

Sections

.Zs Size: 4KB - Virtual size: 4KB

.w Size: 2KB - Virtual size: 166KB

.zHjPGy Size: 4KB - Virtual size: 369KB

.YtVPM Size: 91KB - Virtual size: 91KB

.CWZ Size: 12KB - Virtual size: 12KB

.M Size: 4KB - Virtual size: 50KB

.rL Size: 88KB - Virtual size: 88KB

.KJE Size: 9KB - Virtual size: 217KB

.oFwgb Size: 5KB - Virtual size: 445KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 1024B

.Zs
Size: 4KB - Virtual size: 4KB

.w
Size: 2KB - Virtual size: 166KB

.zHjPGy
Size: 4KB - Virtual size: 369KB

.YtVPM
Size: 91KB - Virtual size: 91KB

.CWZ
Size: 12KB - Virtual size: 12KB

.M
Size: 4KB - Virtual size: 50KB

.rL
Size: 88KB - Virtual size: 88KB

.KJE
Size: 9KB - Virtual size: 217KB

.oFwgb
Size: 5KB - Virtual size: 445KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 1024B