0243af48ee2048b33399f9c28ef60573_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0243af48ee2048b33399f9c28ef60573_JaffaCakes118
Size

743KB
MD5

0243af48ee2048b33399f9c28ef60573
SHA1

b821e1d5c27d4d9544ce7104f4beda5544c54b5c
SHA256

8bf55016ba6177159c0747d3638934ba6063a5ebc62cc11807e6b066f50ad4f5
SHA512

f5615e73cf1f82bca2e186853adcc92e7c6cf2c3e5f71046a58986d3279d695b07eef0ffc904db54bb9decc9ea24450cf877062481366628ceb35d1dd408b73e
SSDEEP

12288:+egKZUkFIEgHDQ9toe39h6XvK5JIallT4bM9+x4B60O2SprvvZhkVRJg9Q:+egKZUkFIEgHDKtoeD/JJrT4bEI0O2Y8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0243af48ee2048b33399f9c28ef60573_JaffaCakes118

Files

0243af48ee2048b33399f9c28ef60573_JaffaCakes118
.exe windows:5 windows x86 arch:x86

98bb40c1af69831b355fa61e2669e785

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\beading\\Release\autmatic.pdb

Imports

kernel32

FindNextFileA
FindFirstFileExA
FindClose
GetProcessHeap
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WriteConsoleW
GetFileType
GetACP
WriteFile
GetStdHandle
GetModuleFileNameA
HeapReAlloc
HeapFree
HeapAlloc
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
RtlUnwind
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
lstrcpyA
GetCurrentThreadId
GetCurrentProcessId
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
DeleteFileW
ReadConsoleW
CreateFileW
HeapSize
ExitThread
VerLanguageNameA
CancelIo
GetVolumeInformationA
MapViewOfFile
WaitForSingleObject
SetErrorMode
GetLastError
GetProcessWorkingSetSize
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetProcAddress
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetEndOfFile
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
OpenFileMappingA
CreateEventA
WideCharToMultiByte
QueryPerformanceCounter
VirtualAlloc
InitializeSListHead
GetModuleHandleA

user32

GetScrollPos
wsprintfA
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
AttachThreadInput
DefWindowProcA
CallWindowProcA
RegisterClassA
RegisterClassExA
SetTimer
DestroyWindow
IsWindow
CreateWindowExA
PostMessageA
LoadImageA
DestroyIcon
LoadIconA
LoadCursorA
LoadBitmapA
SetWindowLongA
GetWindowLongA
InflateRect
GetSysColorBrush
GetCursorPos
GetWindowRect
GetClientRect
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetScrollRange
PostQuitMessage
LockWindowUpdate
EndPaint
BeginPaint
ReleaseDC
GetDCEx
GetDC
GetForegroundWindow
SetActiveWindow
DrawTextA
GetMenuItemInfoA
TrackPopupMenu
AppendMenuA
InsertMenuA
CreateMenu
SetMenu
GetMenu
LoadMenuA
GetSystemMetrics
GetDialogBaseUnits
SetWindowPos
MoveWindow
ShowWindow

gdi32

DeleteObject
GetStockObject
CreateSolidBrush
CreateRectRgn
CombineRgn
SwapBuffers
UnrealizeObject
SetPixelFormat
SelectPalette
RealizePalette
GetSystemPaletteEntries
DescribePixelFormat
CreatePalette
ChoosePixelFormat
SetBrushOrgEx
SelectObject
PatBlt
CreatePen

comdlg32

GetOpenFileNameA

advapi32

LookupPrivilegeValueW
LsaAddAccountRights
MakeAbsoluteSD2

shell32

SHGetFileInfoA

opengl32

glEnableClientState
glEnd
glOrtho
glPopMatrix
glPushMatrix
glDrawArrays
glColorMaterial
glEnable
glLoadIdentity
glMatrixMode
glShadeModel
glRotatef
glVertex3f
wglGetProcAddress
glBegin
glColor3f
wglDeleteContext
glViewport
glFlush
glClear
wglMakeCurrent
wglCreateContext
glVertexPointer
glTranslatef
glScalef
glColor4f

glu32

gluPerspective

winmm

SendDriverMessage

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

wnsprintfA

comctl32

ord17
ImageList_ReplaceIcon

pdh

PdhCollectQueryData

imm32

ImmGetDefaultIMEWnd

winhttp

WinHttpOpen

uxtheme

DrawThemeBackground

ntdsapi

DsWriteAccountSpnA

tapi32

phoneGetIconA

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98bb40c1af69831b355fa61e2669e785

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

opengl32

glu32

winmm

version

shlwapi

comctl32

pdh

imm32

winhttp

uxtheme

ntdsapi

tapi32

Sections

.text Size: 376KB - Virtual size: 375KB

.rdata Size: 129KB - Virtual size: 128KB

.data Size: 4KB - Virtual size: 37KB

.gfids Size: 512B - Virtual size: 420B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 216KB - Virtual size: 215KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 376KB - Virtual size: 375KB

.rdata
Size: 129KB - Virtual size: 128KB

.data
Size: 4KB - Virtual size: 37KB

.gfids
Size: 512B - Virtual size: 420B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 216KB - Virtual size: 215KB

.reloc
Size: 16KB - Virtual size: 15KB