fd8dcad6006a5c4cf5e4cb1dd0f9ac63_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fd8dcad6006a5c4cf5e4cb1dd0f9ac63_JaffaCakes118
Size

834KB
MD5

fd8dcad6006a5c4cf5e4cb1dd0f9ac63
SHA1

ae039707a732f19a22ebee2ced7a9bfa81562652
SHA256

61697ef43dd7466ae631f86542c02d1512b39d146dc21291e58274f8a22e5a22
SHA512

2e3a3520e68ccbf25199e9182590b7ab1664cc3fda980fb9131f0ef938c294c08d21acfb24635bbd8785a0548569dfc06679ed33d5cdc0aba86956f0562d83b8
SSDEEP

12288:AXoJ3pFAFuIqlJzyi7m1IxXT0vHwkx+CxkpZhEKRO30OVkc1+QFpr8U:Vn2QA1IXwvlxshEKRO3VT7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
fd8dcad6006a5c4cf5e4cb1dd0f9ac63_JaffaCakes118

Files

fd8dcad6006a5c4cf5e4cb1dd0f9ac63_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5027b04d806ea18a4b8f674e550d56a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
lstrcatA
GetTickCount
ExitProcess
GetProcAddress
GetStartupInfoA
GetLastError
GlobalFree
GetModuleFileNameA
SetLastError
TerminateProcess
GetFullPathNameA
lstrlenA
GlobalAlloc
lstrcpyA
lstrcpynA
CloseHandle
AreFileApisANSI
MultiByteToWideChar
GetFileAttributesA
GlobalLock
LocalFree
CreateMutexA
LoadLibraryA
CreateProcessA
OutputDebugStringA
FreeLibrary
InterlockedDecrement
GetModuleHandleA
GetVersion
WideCharToMultiByte
lstrlenW
GlobalUnlock

user32

ReleaseCapture
GetParent
DestroyIcon
LoadMenuA
GetDlgCtrlID
DrawIconEx
SetWindowRgn
SendMessageA
GetLastActivePopup
LoadBitmapA
GetMenuItemInfoA
FillRect
EnableWindow
IsWindowVisible
GetDC
LoadIconA
DrawTextA
LoadImageA
PtInRect
GetMenuItemCount
SetWindowTextA
GetClientRect
PostMessageA
GetWindowDC
GetWindowTextA
SystemParametersInfoA
CopyRect
OffsetRect
SetRect
SetMenuItemInfoA
GetWindowRect
GrayStringA
DefWindowProcA
SetForegroundWindow
SetCapture
InvalidateRect
FindWindowA
IsWindow
EnumChildWindows
ReleaseDC
IsIconic
DeleteMenu
IsZoomed
UpdateWindow
LoadCursorA
ClientToScreen
GetSysColor
TabbedTextOutA
GetSystemMenu
GetSystemMetrics
GetSubMenu
TrackPopupMenu

gdi32

GetPaletteEntries
CreateCompatibleDC
CombineRgn
SetPixel
CreateFontIndirectA
DPtoLP
PtVisible
GetObjectA
SetBkMode
DeleteObject
GetBkColor
Polyline
ExtTextOutA
GetTextColor
CreateHalftonePalette
CreatePen
CreatePalette
SetWindowOrgEx
SelectPalette
RectVisible
PatBlt
GetDeviceCaps
SetRectRgn
CreateCompatibleBitmap
SetTextColor
StretchBlt
BitBlt
Escape
PtInRegion
DeleteDC
CreatePolygonRgn
LPtoDP
TextOutA
RealizePalette
GetMapMode
GetStockObject
GetCurrentObject
CreateSolidBrush
CreateRectRgn
SelectObject

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
SHGetDesktopFolder

ole32

CoTaskMemFree
CLSIDFromProgID
StringFromCLSID
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantClear
SysFreeString
SysAllocStringLen

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindFileNameA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wtsapi32

WTSVirtualChannelClose

msvcrt

_cexit
_strdup
_initterm
_onexit
?terminate@@YAXXZ
__dllonexit
_CxxThrowException
_acmdln
_splitpath
__CxxFrameHandler
__p__fmode
__set_app_type
_controlfp
_mbsicmp
__p__commode
_exit
__setusermatherr
_XcptFilter
free
__getmainargs
_except_handler3
_setmbcp
??1type_info@@UAE@XZ
_vsnprintf
_mbscmp
_adjust_fdiv
exit
fopen
fread
fclose
_c_exit

Sections

.text
Size: 490KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hk
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zt
Size: - Virtual size: 193KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zx
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zz
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5027b04d806ea18a4b8f674e550d56a7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

version

wtsapi32

msvcrt

Sections

.text Size: 490KB - Virtual size: 490KB

.hk Size: 49KB - Virtual size: 49KB

.zt Size: - Virtual size: 193KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 872B

.zx Size: 236KB - Virtual size: 236KB

.zz Size: 45KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 490KB - Virtual size: 490KB

.hk
Size: 49KB - Virtual size: 49KB

.zt
Size: - Virtual size: 193KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 872B

.zx
Size: 236KB - Virtual size: 236KB

.zz
Size: 45KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB