f00751ee2e43e907415338c9caff630d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f00751ee2e43e907415338c9caff630d_JaffaCakes118
Size

632KB
MD5

f00751ee2e43e907415338c9caff630d
SHA1

495baf629242e81da52f9eeb0b7c7040c9df6097
SHA256

26df5e753784b7aaed487ba1c67db3131f579693f006e192955657653ed9df6e
SHA512

70448c088693a4e49f818576857d8b192c74e12f4491c99ded74fd6cfd201330f9f3f92fc34ab9b087a8734cf5dab603349a3d1b6765ffd8df971965085e8a47
SSDEEP

12288:XpCBD3iQ4LflV0Mz9VneZlSdjUX1iaMDvkixE9Zj7EqLfmw:Xg7b4Lf71hZAlSdQXYFgixE9Z3EqL+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f00751ee2e43e907415338c9caff630d_JaffaCakes118

Files

f00751ee2e43e907415338c9caff630d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

30a40bf9b492db8999f49b93c05bda7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\excihrv\teekdkkq\k

Imports

advapi32

CryptGetDefaultProviderA
RegDeleteKeyW
CryptAcquireContextA
StartServiceA
CryptSignHashW
CryptGetDefaultProviderW
AbortSystemShutdownW
InitiateSystemShutdownA
RegCreateKeyExA
RegEnumValueW
CryptSetProviderA
RegRestoreKeyW
LookupAccountSidA
DuplicateTokenEx
CryptDuplicateHash
RegSetValueExW
ReportEventW
RegEnumKeyA

comctl32

InitCommonControlsEx
MakeDragList
CreateToolbar
ImageList_GetImageRect
CreateToolbarEx
DrawInsert
ImageList_Destroy
CreateStatusWindowW
ImageList_SetDragCursorImage
ImageList_GetIconSize
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Duplicate
_TrackMouseEvent
ImageList_SetFlags
ImageList_ReplaceIcon
ImageList_Write
InitMUILanguage
ImageList_AddIcon
ImageList_DragLeave
ImageList_GetImageCount
CreateStatusWindowA
CreatePropertySheetPage
ImageList_Replace

shell32

SHFileOperation
SheChangeDirA
InternalExtractIconListW
RealShellExecuteA

wininet

InternetErrorDlg
FtpGetCurrentDirectoryA
InternetConnectW
InternetGetLastResponseInfoW
GetUrlCacheGroupAttributeA
FindNextUrlCacheEntryA
InternetGoOnline

kernel32

CreateMailslotA
RtlUnwind
GetOEMCP
CommConfigDialogA
GetProfileStringW
VirtualFree
CloseHandle
GetUserDefaultLCID
GetCommandLineW
CreateNamedPipeA
FindAtomW
VirtualProtect
GetLastError
GetCurrentThreadId
GetCommandLineA
GetTimeZoneInformation
GetModuleFileNameA
CompareFileTime
GetLocaleInfoA
GetLocaleInfoW
GetFileType
LoadLibraryA
WideCharToMultiByte
ExpandEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
SystemTimeToFileTime
EnumSystemLocalesA
GetProcessAffinityMask
GetSystemTime
LCMapStringW
WriteProfileStringW
UnhandledExceptionFilter
CompareStringA
CreateFileW
GetCurrentThread
TerminateProcess
QueryPerformanceCounter
GetFileAttributesExA
FlushFileBuffers
CreateFileMappingA
LockFileEx
WriteConsoleA
GetCurrentProcessId
FillConsoleOutputCharacterW
LeaveCriticalSection
GetVolumeInformationA
CreatePipe
VirtualAlloc
GetStringTypeW
SetHandleCount
GetPrivateProfileStructA
LCMapStringA
TlsGetValue
HeapSize
GetVersionExA
OpenWaitableTimerA
GetFullPathNameW
CompareStringW
EnumCalendarInfoExW
GetFileAttributesExW
HeapFree
MultiByteToWideChar
IsValidLocale
SetEnvironmentVariableA
GetStdHandle
ExitProcess
LoadLibraryExA
SetCriticalSectionSpinCount
GetCurrentDirectoryW
GetTempPathA
GetProfileIntA
WaitCommEvent
HeapReAlloc
VirtualAllocEx
HeapAlloc
FreeResource
ReleaseSemaphore
GetStringTypeExA
OpenMutexA
FreeEnvironmentStringsA
CopyFileExA
SetVolumeLabelA
TlsAlloc
InitializeCriticalSection
GetDateFormatA
DeleteCriticalSection
IsValidCodePage
IsBadWritePtr
DeleteFileW
ReadConsoleOutputCharacterW
GetEnvironmentStringsW
GetTickCount
GetFileTime
SetFileAttributesW
SetPriorityClass
MoveFileW
TlsFree
UnmapViewOfFile
HeapDestroy
GetTimeFormatA
GetCPInfo
LocalFileTimeToFileTime
GetProcAddress
GetStringTypeExW
SetStdHandle
ReadFile
GetStringTypeA
WriteFile
SetConsoleCtrlHandler
GetModuleHandleA
GetDiskFreeSpaceA
GetSystemDefaultLangID
GetSystemInfo
CreateMutexA
GetStartupInfoA
TlsSetValue
SetFilePointer
InterlockedExchange
GetThreadContext
GetWindowsDirectoryA
VirtualQuery
GetTimeFormatW
WaitForDebugEvent
lstrcmpiA
OpenMutexW
GetSystemTimeAsFileTime
SetLastError
HeapCreate
lstrcmp
GetConsoleOutputCP
FindClose
GetACP
EnterCriticalSection
GetCurrentProcess
GetProcessHeap
WriteProfileSectionA
GetUserDefaultLangID

user32

MessageBoxW
InSendMessage
CharLowerW
RealChildWindowFromPoint
GetWindowThreadProcessId
DestroyWindow
EnumWindows
RemovePropA
CreateWindowExA
ShowWindow
LockWindowUpdate
SwitchToThisWindow
RegisterClassA
GetUserObjectInformationA
RegisterClassExA
FindWindowExA
GetKeyboardLayout
DefWindowProcA
DefWindowProcW
DdeNameService
AppendMenuA
RealGetWindowClass
OemToCharW
GetMonitorInfoA

Sections

.text
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30a40bf9b492db8999f49b93c05bda7d

Headers

File Characteristics

PDB Paths

Imports

advapi32

comctl32

shell32

wininet

kernel32

user32

Sections

.text Size: 236KB - Virtual size: 234KB

.rdata Size: 256KB - Virtual size: 253KB

.data Size: 120KB - Virtual size: 124KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 236KB - Virtual size: 234KB

.rdata
Size: 256KB - Virtual size: 253KB

.data
Size: 120KB - Virtual size: 124KB

.rsrc
Size: 16KB - Virtual size: 12KB