f4a8bce125fa645533d7f1a750a87bd2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f4a8bce125fa645533d7f1a750a87bd2_JaffaCakes118
Size

560KB
MD5

f4a8bce125fa645533d7f1a750a87bd2
SHA1

c247b2ba9272ad48b7602eb35c70b628c7b874b2
SHA256

710636620e4e59b17a2610205d044f637547602fa2517c32f59c39f93c01ed47
SHA512

d5f5e91c3a646318fe3dee07df27b32e1bba0bcc248254f0ef6cfc8554b366e8c706f9a789849a5dc7a8fa0fc0846255f1ebb4789cfe0d1abf075d75f1f773e3
SSDEEP

12288:9Z43R3og2kEWUlMD+Yt5N0fpkusxOgw/2tf/ci2h:yRAcyYtjEg+M/ciS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4a8bce125fa645533d7f1a750a87bd2_JaffaCakes118

Files

f4a8bce125fa645533d7f1a750a87bd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a4093a1b95ba9547f19693da4d81eba5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFile
CreateProcessA
DeleteCriticalSection
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
InitializeCriticalSection
GetCommandLineA
CreateMutexA
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetModuleHandleA
ExitProcess
FlushFileBuffers
ReadFile
SetStdHandle
SetFilePointer
IsBadCodePtr
IsBadReadPtr
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
HeapSize
TerminateProcess
GetLocaleInfoA
GetVersion
GetStartupInfoA
RaiseException
HeapReAlloc
HeapFree
HeapAlloc
RtlUnwind
LocalFree
GetSystemDefaultLCID
CloseHandle
CreateFileA
CopyFileA
GetSystemDirectoryA
Sleep
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetVersionExA
GetLastError
OutputDebugStringA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
lstrlenW
lstrlenA
GetShortPathNameA
FindResourceA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource

user32

EnumChildWindows
BeginPaint
EndPaint
PostMessageA
CreateDialogParamA
CallWindowProcA
SetWindowLongA
wsprintfA
InvalidateRect
GetParent
DialogBoxParamA
ScreenToClient
GetSystemMenu
EnableMenuItem
GetWindowRect
LoadStringA
WinHelpA
DefWindowProcA
ShowWindow
GetDlgItem
SetWindowTextA
EndDialog
SendMessageA
RegisterClassA
GetMessageA
MessageBoxA
SetFocus
ReleaseDC
FillRect
GetWindowDC
GetClientRect
SetRectEmpty
GetIconInfo
MapWindowPoints
BroadcastSystemMessage
FindWindowA
FrameRect
GetCursorPos
WindowFromPoint
GetWindowTextA
ChangeDisplaySettingsA
EnableWindow
EnumDisplaySettingsA
DrawTextA
SetTimer
GetDC
KillTimer
SetCursor
GetSystemMetrics
DestroyWindow
CopyImage
UpdateWindow
PtInRect
IsWindow
RegisterClassExA
LoadCursorA
GetClassInfoExA
MoveWindow
CopyRect
GetSysColor
OffsetRect
GetDlgCtrlID
IntersectRect
GetWindowLongA
CreateWindowExA
IsWindowEnabled
UnionRect
DispatchMessageA
PostQuitMessage
PostThreadMessageA
CharNextA
DestroyIcon
ReleaseCapture
SetCapture

gdi32

LineTo
GetTextExtentPoint32A
SetROP2
DeleteObject
DeleteDC
BitBlt
StretchBlt
GetObjectA
SelectObject
CreateCompatibleDC
Polyline
CreatePen
GetStockObject
SetPixel
CreateCompatibleBitmap
GetPixel
SetTextColor
SetBkColor
CreateSolidBrush
MoveToEx
GetTextMetricsA
SetBkMode
Rectangle
CreateFontIndirectA

comdlg32

GetOpenFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueA
RegDeleteValueA

shell32

ShellExecuteExA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoSuspendClassObjects
CoUninitialize
CLSIDFromString
CoInitialize
CoRegisterClassObject
CoRevokeClassObject

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayUnlock
SafeArrayRedim
SafeArrayCreate
SafeArrayGetElemsize
SysStringByteLen
LoadRegTypeLi
SysStringLen
SysAllocStringByteLen
SysFreeString
SafeArrayLock
VariantClear
VariantInit
SysAllocStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SafeArrayAccessData

comctl32

ImageList_Destroy
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
ord17
ImageList_Draw
ImageList_GetImageInfo
PropertySheetA
ImageList_Add

hccutils

GetHardwareKey
CreateThisKey
EnumDspDev
EnumDeviceByClass
ReleaseClassDevice
LoadIMAGE
LoadCURSOR
DeleteString
StretchBitmap
SaveString
LoadBitmapFromFile
LoadBITMAP
LoadICON
FindResources
IsDisplayValid
LoadDialogString
LoadSTRING
GetMyRegKey

Sections

.text
Size: 392KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.grdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a4093a1b95ba9547f19693da4d81eba5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

hccutils

Sections

.text Size: 392KB - Virtual size: 388KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 28KB - Virtual size: 47KB

.rsrc Size: 8KB - Virtual size: 7KB

.grdata Size: 68KB - Virtual size: 68KB

.text
Size: 392KB - Virtual size: 388KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 28KB - Virtual size: 47KB

.rsrc
Size: 8KB - Virtual size: 7KB

.grdata
Size: 68KB - Virtual size: 68KB