fec0962bec0769ce59742b880fb7ec82_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fec0962bec0769ce59742b880fb7ec82_JaffaCakes118
Size

568KB
MD5

fec0962bec0769ce59742b880fb7ec82
SHA1

f2aa869bd8aa2c4efffbe22e7fe9dc9f208d4a18
SHA256

3e5ccb4edb14ce7eb32a01e0ee26aa82a02601c2adf60e2a7a6cbd0b15d0c80b
SHA512

c21b16e49ba179c671f8f4c43eda571b7416aaa2663965bfc5c836631f6293818bf69cdd6e0cb99d7c62afd024c16e4a9a210590e3f5c3ce8ea75134c4cc865c
SSDEEP

12288:bERolszvoft0Q76yricFs8s/Bw/5SMy3id8we9Y:bKoqzvofCQ76yvFQqclx9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fec0962bec0769ce59742b880fb7ec82_JaffaCakes118

Files

fec0962bec0769ce59742b880fb7ec82_JaffaCakes118
.exe windows:4 windows x86 arch:x86

95bd8e05d0d1c6861114692d49562ae0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

n:\woatq\nqedej\ovbosjrw\

Imports

user32

GetMenuInfo
DdeClientTransaction
CopyIcon
GetPriorityClipboardFormat
SendDlgItemMessageA
DestroyCursor
DefFrameProcW
CharUpperW
DdeImpersonateClient
DlgDirListW
SetClassLongA
GetDlgItemInt
DefWindowProcW
CharPrevExA
AnimateWindow
PeekMessageA
MessageBoxW
SetWindowPlacement
SetParent
RegisterClassExA
OemToCharBuffW
ToUnicode
UnregisterClassW
RegisterDeviceNotificationA
CreateWindowExW
CharLowerW
GetSysColorBrush
DestroyWindow
UnhookWindowsHookEx
GetClassLongW
AttachThreadInput
EditWndProc
GetWindowContextHelpId
SetCaretBlinkTime
GetClipboardFormatNameA
FindWindowA
SetMenuContextHelpId
GetSystemMenu
ShowWindow
GetSubMenu
RegisterClassA
ToAscii
LoadBitmapA
InsertMenuItemA
GetLastActivePopup
SetCursorPos
DragDetect
GetPropW
PostThreadMessageA
MessageBeep
wsprintfA
IsDialogMessage
InSendMessageEx

comdlg32

GetFileTitleW
PageSetupDlgW

gdi32

PolylineTo
GetCharWidthA
FixBrushOrgEx
GetGlyphOutline
DeleteObject
GetObjectW
GetFontData
CreateDCA
GetViewportOrgEx
GetDeviceCaps
GetMetaRgn
CreateDIBSection
DeleteDC
SelectObject
EnumObjects
SetDeviceGammaRamp
PolyPolygon
RectInRegion
GetEnhMetaFileDescriptionA
GetArcDirection

kernel32

LCMapStringA
FileTimeToSystemTime
GetFileType
FindResourceA
GlobalFlags
VirtualFree
GetProfileStringW
CloseHandle
SetCurrentDirectoryW
FindFirstFileW
HeapFree
ConnectNamedPipe
GetVersionExA
RemoveDirectoryA
HeapSize
FreeEnvironmentStringsW
TlsAlloc
GetModuleFileNameA
HeapDestroy
SetStdHandle
CreateMutexA
GetShortPathNameA
GetLocaleInfoW
GetCurrentThread
GetShortPathNameW
GetConsoleCP
InitializeCriticalSection
LockFile
QueryPerformanceCounter
GetCurrentProcess
LeaveCriticalSection
GetEnvironmentStrings
GetProcessHeap
GetModuleHandleA
GetLastError
WriteProfileSectionA
CreateFileA
CreateFileW
VirtualAlloc
GetVolumeInformationW
HeapValidate
GetEnvironmentStringsW
LoadLibraryA
FreeEnvironmentStringsA
CreateDirectoryExW
lstrcmpW
GetSystemInfo
WriteConsoleInputA
ExitProcess
MultiByteToWideChar
GetStringTypeA
DeleteFileW
ReadFile
ResetEvent
ReadConsoleInputA
TlsSetValue
LCMapStringW
InterlockedExchange
GetDateFormatA
CompareStringA
VirtualProtect
SystemTimeToTzSpecificLocalTime
HeapCreate
GetSystemTimeAsFileTime
HeapReAlloc
IsBadWritePtr
GetThreadTimes
GetTimeFormatA
lstrcmpA
SetLastError
WriteFile
TlsGetValue
CreateToolhelp32Snapshot
DeleteCriticalSection
EnumSystemLocalesA
TlsFree
MoveFileA
GetStartupInfoA
EnterCriticalSection
VirtualQuery
SetLocaleInfoW
WideCharToMultiByte
SetConsoleMode
SetHandleCount
GetACP
FlushFileBuffers
GetLongPathNameW
WriteConsoleA
GetProcAddress
GetOEMCP
IsValidLocale
GetEnvironmentVariableW
GetCurrentProcessId
CompareStringW
UnhandledExceptionFilter
GetEnvironmentStringsA
AddAtomW
GetLocaleInfoA
RtlUnwind
GetUserDefaultLCID
LocalAlloc
EnumTimeFormatsA
GetStringTypeExA
FindNextFileA
GetTimeZoneInformation
GetSystemDirectoryW
GetCurrentThreadId
IsValidCodePage
GetStdHandle
SetConsoleScreenBufferSize
OpenMutexA
TerminateProcess
CreateMutexW
HeapAlloc
InterlockedDecrement
GetCommandLineW
GlobalReAlloc
FindResourceW
GetCommandLineA
SetFilePointer
GetTickCount
GetComputerNameW
GetStringTypeW
SetEnvironmentVariableA
GetCPInfo

wininet

GopherGetAttributeW
InternetTimeFromSystemTime

comctl32

InitCommonControlsEx
ImageList_SetIconSize
MakeDragList
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetFilter
ImageList_SetFlags
ImageList_Write
ImageList_BeginDrag
_TrackMouseEvent
ImageList_Duplicate
ImageList_SetBkColor
CreatePropertySheetPageA
ImageList_DragMove
ImageList_DrawIndirect
ImageList_GetFlags
ImageList_DragEnter
ImageList_GetIconSize

shell32

InternalExtractIconListA

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95bd8e05d0d1c6861114692d49562ae0

Headers

File Characteristics

PDB Paths

Imports

user32

comdlg32

gdi32

kernel32

wininet

comctl32

shell32

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 260KB - Virtual size: 257KB

.data Size: 112KB - Virtual size: 129KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 260KB - Virtual size: 257KB

.data
Size: 112KB - Virtual size: 129KB

.rsrc
Size: 12KB - Virtual size: 10KB