JaffaCakes118_c3798a3caf9ef33e4f58cf8a6a588880

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_c3798a3caf9ef33e4f58cf8a6a588880
Size

175KB
MD5

c3798a3caf9ef33e4f58cf8a6a588880
SHA1

4b4db34ec828543ef96feeabbb888a085e492971
SHA256

4d36bdcce13c87c8f6a4315cde9a69e621155f8fb32a65413f793a9faf868572
SHA512

55efbee851752d401960075713027a5c8d9e5586aff1b07b712d83450c2f506284b0252bb89f648c1252a573a7b9ddaec8d709ff89ef893bd7de776c5f506e40
SSDEEP

3072:KeF7Dpd7BzkiXI+wl9N/iqAx9xbWl/3u88Zw8WUL65+V3ZsXng:KeFnpXzkCwbZ/3P8RLWe3uXn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_c3798a3caf9ef33e4f58cf8a6a588880

Files

JaffaCakes118_c3798a3caf9ef33e4f58cf8a6a588880
.exe windows:4 windows x86 arch:x86

43e491e22c0bcf8928d3ef5dd5ad6938

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptEncrypt
CryptImportKey
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegOpenKeyExA
CryptCreateHash
RegQueryValueExA
RegEnumValueA
RegCreateKeyExA
RegQueryInfoKeyA
RegDeleteValueA
CryptDestroyKey
CryptAcquireContextA
RegSetValueExA
CryptReleaseContext
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA

winmm

timeGetTime
timeSetEvent

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
VerQueryValueA

gdi32

GetStockObject
BitBlt
CreateDIBitmap
StretchDIBits
GetObjectA
GetDIBits
CreateCompatibleBitmap
RealizePalette
GetDeviceCaps
SelectPalette
ExtEscape
CreateFontA
SetStretchBltMode
DeleteObject
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
CreateSolidBrush
SetBkMode

gdiplus

GdipFree
GdipAlloc
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipDisposeImage
GdipCreateBitmapFromFileICM
GdipCloneImage

ole32

OleLockRunning
OleInitialize
CoUninitialize
CreateStreamOnHGlobal
StgIsStorageFile
StringFromGUID2
CoTaskMemFree
OleUninitialize
CoGetClassObject
CoInitialize
StgOpenStorage
CoTaskMemRealloc
CoInitializeSecurity
CoSetProxyBlanket
CreateBindCtx
GetRunningObjectTable
CLSIDFromProgID
CreateItemMoniker
StgCreateDocfile
CoCreateInstance
CoTaskMemAlloc
BindMoniker
CLSIDFromString

user32

IsWindow
GetQueueStatus
GetWindowRect
ReleaseDC
UnregisterClassA
SetWindowLongA
SendMessageTimeoutA
MoveWindow
MsgWaitForMultipleObjects
IsChild
SetRect
SetCapture
CreateWindowExA
CreateAcceleratorTableA
EqualRect
RedrawWindow
ShowWindow
InvalidateRect
wsprintfA
GetWindow
SetTimer
DrawTextA
LoadCursorA
GetWindowTextA
GetActiveWindow
GetDC
GetParent
CreateDialogParamA
DispatchMessageA
EnumDisplayDevicesA
GetDesktopWindow
SendMessageA
GetWindowLongA
InvalidateRgn
ReleaseCapture
GetSysColor
CharNextA
SetFocus
BeginPaint
PostThreadMessageA
KillTimer
GetWindowTextLengthA
FindWindowA
CopyRect
RegisterWindowMessageA
EndPaint
GetClientRect
FillRect
GetClassInfoExA
SetWindowTextA
wvsprintfA
DestroyWindow
SetParent
DestroyAcceleratorTable
PostMessageA
PeekMessageA
SendNotifyMessageA
CallWindowProcA
RegisterClassExA
DefWindowProcA
GetDlgItem
GetClassNameA
GetFocus
SetWindowPos

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

kernel32

WriteFile
DisableThreadLibraryCalls
GetShortPathNameW
GetFileSize
WideCharToMultiByte
LocalAlloc
CreateFileA
GetProcessId
CreateFileW
UnmapViewOfFile
GlobalSize
Sleep
EnumResourceTypesA
LocalFree
GetTickCount
CreateFileMappingA
GetFileAttributesA
GlobalAlloc
SetFilePointer
MapViewOfFile
GlobalFree
ReadFile
CloseHandle

shlwapi

PathFileExistsW
PathCombineW

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43e491e22c0bcf8928d3ef5dd5ad6938

Headers

File Characteristics

Imports

advapi32

winmm

version

gdi32

gdiplus

ole32

user32

wininet

shell32

kernel32

shlwapi

setupapi

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 5KB - Virtual size: 4KB

.bss Size: 69KB - Virtual size: 69KB

.tls Size: 1024B - Virtual size: 92KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 5KB - Virtual size: 4KB

.bss
Size: 69KB - Virtual size: 69KB

.tls
Size: 1024B - Virtual size: 92KB