03caf5bb72df66de3128d5b7d4e21b3a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

03caf5bb72df66de3128d5b7d4e21b3a_JaffaCakes118
Size

96KB
MD5

03caf5bb72df66de3128d5b7d4e21b3a
SHA1

4980fcba50c9b7b1c597e8e6935854510eb2677f
SHA256

f8947acaac56758bc9bf47c81cfaf5cfa46e3ac923470f1600edf5eb8c44c60e
SHA512

8f57eaf640fb22c28b9de9cc27ac35148680a9894f5d93220b6ab5003452fc3aacbe477a034f4e08986cb70cd9629d9323e13a4afd194b512731368d9211f340
SSDEEP

1536:7ECLKU4+dwC/p0cQ7ZCAINqPDHuXnvE0oK1pfslX9g4:7JLrp0cQ7QAINqPDHQncafW9g4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
03caf5bb72df66de3128d5b7d4e21b3a_JaffaCakes118

Files

03caf5bb72df66de3128d5b7d4e21b3a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b51f22a4896575229889a74a6c48f13a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
ReadFile
EnterCriticalSection
GetFileSize
WriteFile
UnmapViewOfFile
MapViewOfFile
GetVersionExA
SetEvent
LeaveCriticalSection
GetSystemTime
InterlockedIncrement
InterlockedDecrement
SystemTimeToFileTime
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
CompareFileTime
CreateDirectoryA
FindResourceA
GetFileAttributesA
FindFirstFileA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
SetFileAttributesA
SetFileAttributesW
FindNextFileA
FindNextFileW
FindFirstFileW
GetFileAttributesW
ReleaseMutex
GetPrivateProfileIntA
GetPrivateProfileIntW
GetLastError
CreateThread
QueryPerformanceFrequency
MultiByteToWideChar
LoadResource
QueryPerformanceCounter
MoveFileA
MoveFileW
RemoveDirectoryA
RemoveDirectoryW
CreateMutexA
CreateMutexW
LoadLibraryA
WritePrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileStringW
CreateProcessA
CreateProcessW
lstrcpynA
GetProcAddress
FreeLibrary
SetFilePointer
IsBadReadPtr
GetCurrentThreadId
IsDBCSLeadByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetProcessTimes
GetCurrentProcess
GetLocalTime
FlushFileBuffers
GetAtomNameA
lstrcmpA
IsBadWritePtr
CreateFileMappingA
CreateFileMappingW
GetVersionExW
DeleteCriticalSection
InitializeCriticalSection
GetACP
GlobalFree
GlobalAlloc
LocalAlloc
LocalReAlloc
LocalFree
OpenProcess
CloseHandle
WaitForSingleObject
lstrlenA
ExitProcess
GetCommandLineA
GetTickCount
lstrlenW
FindClose
lstrcmpiA
WideCharToMultiByte
TerminateProcess
RtlUnwind

user32

GetWindowLongA
GetWindowLongW
GetWindowTextLengthA
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadStringW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
CharNextA
SendMessageTimeoutA
SendMessageA
SendMessageW
SetWindowLongA
SetWindowLongW
RegisterClassExA
RegisterClassExW
PostQuitMessage
FindWindowExW
FindWindowExA
FindWindowW
DispatchMessageA
DispatchMessageW
DefWindowProcA
DefWindowProcW
CreateDialogParamW
CreateWindowExW
CreateWindowExA
CreateDialogParamA
GetSystemMetrics
TranslateMessage
MsgWaitForMultipleObjects
DestroyWindow
GetWindowTextA
IsWindow
GetWindowThreadProcessId
GetDesktopWindow
DestroyIcon
GetDlgItem

shlwapi

SHSetValueW
PathAddExtensionW
StrCatBuffW
StrStrIW
StrToIntExW
StrChrW
PathRemoveBackslashW
PathCombineW
PathFindExtensionW
SHGetValueW
StrCpyNW
PathRemoveFileSpecW
PathFindFileNameW
PathAppendW
PathFileExistsW
StrCmpIW
PathFindFileNameA
PathAddBackslashW
wvnsprintfA
SHStrDupW
PathRemoveFileSpecA
PathAddBackslashA
SHRegGetUSValueW
StrCatBuffA
wnsprintfA
StrCmpNIW
StrToIntW
StrCmpNW
wnsprintfW

shfolder

SHGetFolderPathW

oleaut32

SysAllocString
SysFreeString

ole32

CreateBindCtx
StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitialize

advapi32

RegCloseKey
AllocateAndInitializeSid
FreeSid
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA

shell32

SHFileOperationA

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeW
VerQueryValueA

urlmon

CreateURLMoniker
RegisterBindStatusCallback

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b51f22a4896575229889a74a6c48f13a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

shfolder

oleaut32

ole32

advapi32

shell32

version

urlmon

Sections

.text Size: 60KB - Virtual size: 56KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 28KB - Virtual size: 28KB

.text
Size: 60KB - Virtual size: 56KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 28KB