e274ef2c11b862fb7701c0b84e33bcc5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e274ef2c11b862fb7701c0b84e33bcc5_JaffaCakes118
Size

684KB
MD5

e274ef2c11b862fb7701c0b84e33bcc5
SHA1

f88289ed245862c29e9f5d46077ba4d14c3bf402
SHA256

254a3f57ed6fe10b8f2600f769ddc1145363171d5e92cc8f766438f2da523077
SHA512

31304b7ad94357faef7ae51403f59549768f722d014b2bb28e8ddcb6160bf1fa72d2f94c44a2ec51298aacfb06cb66a46400299020ba33de0679f6c9c77c25c1
SSDEEP

12288:l7xoE/sJqq8oFKubqQjEYa0otkxF9hqDPBrrFYMqkVcSdxs:NCEEgq8oFKdGaHtoqD1rqUJxs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e274ef2c11b862fb7701c0b84e33bcc5_JaffaCakes118

Files

e274ef2c11b862fb7701c0b84e33bcc5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d37f8b26620de251a33f0c0e4a34ab84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\wbqoezrt\epioe\svaz.pdb

Imports

user32

RegisterClassExW
GetMenuDefaultItem
FillRect
SetWindowPos
ShowWindow
MessageBeep
EnumChildWindows
DragDetect
GetDoubleClickTime
SetTimer
SetWindowLongW
GetIconInfo
IsZoomed
EndDialog
OpenClipboard
SendDlgItemMessageA
InvalidateRgn
GetWindowTextLengthW
ClientToScreen
SetForegroundWindow
GetMenu
SetFocus
GetSysColor
DrawFocusRect
GetActiveWindow
IntersectRect
SetWindowsHookExW
GetWindowPlacement
SetRectEmpty
GetMenuItemCount
DestroyMenu
GetKeyState
DestroyIcon
UpdateWindow
GetWindow
GetDC
GetMenuState
GetDlgCtrlID
GetWindowTextW
GetMessageW
TranslateMessage
SetMenu
DispatchMessageW
DrawMenuBar
MoveWindow
ScreenToClient
SetWindowRgn
DrawEdge
RegisterClassW
TrackPopupMenu

gdi32

GetDeviceCaps
SelectObject
TextOutW
SetPolyFillMode
GetCharABCWidthsW
GetDIBits
GetObjectW
GetClipBox
PtInRegion
DeleteDC
CreateDCW

ole32

OleUninitialize
OleRegGetUserType
StringFromGUID2
OleIsCurrentClipboard
CoRegisterMessageFilter
OleGetClipboard
OleRun
CoRegisterClassObject

shell32

SHGetSpecialFolderLocation
ExtractIconW

advapi32

OpenProcessToken
RegDeleteValueA
RegEnumKeyA
RegOpenKeyA
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegCreateKeyExA

comctl32

ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
CreatePropertySheetPageW
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
DestroyPropertySheetPage
InitCommonControlsEx
_TrackMouseEvent
ImageList_Create
ImageList_GetImageInfo
ord17
ImageList_DrawEx
PropertySheetW
ImageList_ReplaceIcon
ImageList_Draw

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

TerminateProcess
GetTimeZoneInformation
GetModuleFileNameA
DeleteCriticalSection
HeapSize
VirtualAlloc
GetEnvironmentStringsW
FlushFileBuffers
GlobalSize
GetVersionExA
GetModuleFileNameW
GetStartupInfoA
TlsAlloc
GetEnvironmentStrings
LCMapStringA
GetProcAddress
GetSystemTime
CreateMutexW
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
CompareStringA
InterlockedExchange
VirtualQuery
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FatalAppExitA
LocalFree
GetDateFormatA
GetStringTypeA
ReadFile
lstrcpyW
GetStringTypeW
CreateFileA
GetTickCount
CloseHandle
GetFileType
SetUnhandledExceptionFilter
GetCurrentThread
InterlockedDecrement
SetLastError
IsBadCodePtr
ExitProcess
LoadLibraryA
HeapAlloc
GetCurrentThreadId
MultiByteToWideChar
lstrlenA
HeapDestroy
IsValidLocale
TlsFree
DeleteFileA
GetStartupInfoW
RtlUnwind
SetHandleCount
GlobalUnlock
TlsGetValue
VirtualFree
IsBadWritePtr
InitializeCriticalSection
GetACP
UnhandledExceptionFilter
EnterCriticalSection
HeapReAlloc
GetLastError
WriteFile
GetLocalTime
HeapFree
GlobalFree
CreateDirectoryA
GetCommandLineW
RaiseException
GetCPInfo
WideCharToMultiByte
GetUserDefaultLCID
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GlobalLock
GetModuleHandleA
CompareStringW
FindNextFileA
TlsSetValue
ConvertDefaultLocale
LCMapStringW
GetCurrentProcess
InterlockedIncrement
GetModuleHandleW
GetVersion
SetEnvironmentVariableA
SetStdHandle
GetExitCodeProcess
SetFilePointer
QueryPerformanceCounter
LeaveCriticalSection
HeapCreate
IsBadReadPtr

mpr

WNetEnumResourceA
WNetOpenEnumA
WNetCloseEnum
WNetGetUniversalNameA

winspool.drv

DocumentPropertiesA
ord204
ClosePrinter

comdlg32

ChooseColorA
GetOpenFileNameA

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d37f8b26620de251a33f0c0e4a34ab84

Headers

File Characteristics

PDB Paths

Imports

user32

gdi32

ole32

shell32

advapi32

comctl32

version

kernel32

mpr

winspool.drv

comdlg32

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 448KB - Virtual size: 446KB

.data Size: 100KB - Virtual size: 96KB

.rsrc Size: 56KB - Virtual size: 55KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 448KB - Virtual size: 446KB

.data
Size: 100KB - Virtual size: 96KB

.rsrc
Size: 56KB - Virtual size: 55KB