JaffaCakes118_693393035ce26d82c50c4dead504c6bd

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_693393035ce26d82c50c4dead504c6bd
Size

170KB
MD5

693393035ce26d82c50c4dead504c6bd
SHA1

5524c7d882591610a9ce960cefeabfb5160f5a56
SHA256

a7e019440254f6e46023f64685405f1a592cf2ef96e8e36445b4cdc9ac09080a
SHA512

002240080d976cac7244d183a4b0fd0f295f790a83e7b5c94174c9cbacd51eaa5204a9763c23e2e40a1cd7567cae70be75a2fe7ed9fda926f7acd3732823c262
SSDEEP

3072:zD+/JEC1T8A3C/CXm9wFfsSnE5u3UDBKfySQ8kT1KEJqy:uRENUNlfsWE5ukDBjH84wE9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_693393035ce26d82c50c4dead504c6bd

Files

JaffaCakes118_693393035ce26d82c50c4dead504c6bd
.exe windows:4 windows x86 arch:x86

2767314fbe27486bf221af8be7748ced

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipFree
GdipCreateBitmapFromFileICM
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipCloneImage

user32

GetWindowLongA
DefWindowProcA
GetWindowTextLengthA
RegisterWindowMessageA
SetRect
GetSysColor
SetCapture
DestroyAcceleratorTable
SetWindowTextA
wvsprintfA
MsgWaitForMultipleObjects
GetWindow
ShowWindow
EndPaint
SetParent
UnregisterClassA
CharNextA
CreateAcceleratorTableA
GetActiveWindow
KillTimer
GetClientRect
RedrawWindow
GetDC
GetWindowTextA
CreateDialogParamA
DestroyWindow
DrawTextA
SetFocus
FillRect
ReleaseCapture
SetTimer
SetWindowLongA
MoveWindow
GetClassInfoExA
GetParent
InvalidateRect
ReleaseDC
CallWindowProcA
EnumDisplayDevicesA
IsChild
PostMessageA
InvalidateRgn
BeginPaint
GetDlgItem
PeekMessageA
CopyRect
GetDesktopWindow
SendNotifyMessageA
FindWindowA
SendMessageTimeoutA
GetFocus
SendMessageA
DispatchMessageA
RegisterClassExA
IsWindow
GetQueueStatus
LoadCursorA
GetWindowRect
wsprintfA
CreateWindowExA
PostThreadMessageA
EqualRect
GetClassNameA
SetWindowPos

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

kernel32

SizeofResource
GetCurrentThreadId
GetDriveTypeW
InterlockedIncrement
GetSystemInfo
GlobalUnlock
QueryPerformanceCounter
LoadLibraryExA
LoadLibraryW
OutputDebugStringA
OutputDebugStringW
lstrcpyA
CreateThread
LocalFree
GetShortPathNameW
ExitProcess
OpenFileMappingA
CreateFileMappingA
CreateEventA
IsDBCSLeadByte
TerminateProcess
WideCharToMultiByte
GetACP
InitializeCriticalSection
SetThreadPriority
ReadFile
GetCurrentProcess
GetProcessAffinityMask
_llseek
VirtualProtect
lstrcmpA
MapViewOfFile
ResetEvent
LoadResource
MulDiv
IsBadWritePtr
GetFileAttributesW
SetEnvironmentVariableW
GetCurrentThread
RaiseException
CreateFileA
WaitForMultipleObjects
InterlockedDecrement
Beep
DeviceIoControl
VirtualAlloc
WaitForSingleObject
GetSystemTime
LoadLibraryA
IsDebuggerPresent
GlobalSize
CreateSemaphoreA
DeleteFileA
HeapFree
GetProcessHeap
GetModuleFileNameW
DeleteCriticalSection
EnumResourceTypesW
CloseHandle
WriteProcessMemory
GlobalAlloc
GlobalReAlloc
HeapAlloc
GetCurrentProcessId
VirtualFree
GetTempPathW
GetTempPathA
InterlockedExchange
GetFileAttributesA
GetSystemTimeAsFileTime
GetThreadLocale
GetProcAddress
GetThreadPriority
IsBadReadPtr
GetModuleHandleA
EnterCriticalSection
VirtualQuery
MultiByteToWideChar
GetModuleFileNameA
GlobalFree
SetEvent
GlobalLock
GetTickCount
LeaveCriticalSection
GetLocaleInfoA
lstrcmpiA
CreateDirectoryA
WriteFile
FreeLibrary
GetLastError
GetVersionExA
lstrlenA
CreateDirectoryW
FlushInstructionCache
Sleep
lstrcpynA
FindResourceA
GetVolumeInformationW
lstrlenW

ole32

CLSIDFromProgID
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
CoGetClassObject
CoCreateInstance
StgOpenStorage
CoUninitialize
CreateStreamOnHGlobal
StgCreateDocfile
CoSetProxyBlanket
OleUninitialize
GetRunningObjectTable
CoTaskMemAlloc
StgIsStorageFile
OleInitialize
OleLockRunning
CreateBindCtx
CreateItemMoniker
CoInitialize
BindMoniker
CoInitializeSecurity
CLSIDFromString

gdi32

CreateFontA
GetDeviceCaps
DeleteDC
CreateDIBSection
GetStockObject
RealizePalette
BitBlt
DeleteObject
CreateDIBitmap
GetObjectA
SetStretchBltMode
ExtEscape
SelectObject
CreateCompatibleBitmap
StretchDIBits
CreateSolidBrush
SelectPalette
GetDIBits
CreateCompatibleDC
SetBkMode

winmm

timeGetTime
timeSetEvent

advapi32

CryptDestroyHash
RegEnumKeyExA
CryptHashData
CryptEncrypt
CryptCreateHash
RegQueryValueExA
CryptGetHashParam
CryptReleaseContext
RegQueryInfoKeyA
CryptImportKey
CryptAcquireContextA
CryptDestroyKey
RegDeleteValueA
RegEnumValueA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA

shlwapi

PathFileExistsW
PathCombineW

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2767314fbe27486bf221af8be7748ced

Headers

File Characteristics

Imports

gdiplus

user32

wininet

setupapi

version

shell32

kernel32

ole32

gdi32

winmm

advapi32

shlwapi

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 7KB - Virtual size: 6KB

.bss Size: 62KB - Virtual size: 61KB

.tls Size: 1024B - Virtual size: 100KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 7KB - Virtual size: 6KB

.bss
Size: 62KB - Virtual size: 61KB

.tls
Size: 1024B - Virtual size: 100KB