071d2c89f3e646d9699329c28912d418_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

071d2c89f3e646d9699329c28912d418_JaffaCakes118
Size

96KB
MD5

071d2c89f3e646d9699329c28912d418
SHA1

6773adc14e25b180bfed80330a8703ff28da76ae
SHA256

71fae6ceb2b829184a0d139ef3db7a508abdff49010ce3aa359520140552a21c
SHA512

f3c0a7c42d7bbc0d34a949932158ab6a3a61333d58fc0e436cf1a91874b9e88896805ccd3a499a771fa9360768a161529e4764b3f2baebd51b7f573a41061397
SSDEEP

1536:nECLKU4+dwC/p0cQ7ZCAINqPDHuXnvE0oK1RPllI:nJLrp0cQ7QAINqPDHQnco0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
071d2c89f3e646d9699329c28912d418_JaffaCakes118

Files

071d2c89f3e646d9699329c28912d418_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b51f22a4896575229889a74a6c48f13a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
ReadFile
EnterCriticalSection
GetFileSize
WriteFile
UnmapViewOfFile
MapViewOfFile
GetVersionExA
SetEvent
LeaveCriticalSection
GetSystemTime
InterlockedIncrement
InterlockedDecrement
SystemTimeToFileTime
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
CompareFileTime
CreateDirectoryA
FindResourceA
GetFileAttributesA
FindFirstFileA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
SetFileAttributesA
SetFileAttributesW
FindNextFileA
FindNextFileW
FindFirstFileW
GetFileAttributesW
ReleaseMutex
GetPrivateProfileIntA
GetPrivateProfileIntW
GetLastError
CreateThread
QueryPerformanceFrequency
MultiByteToWideChar
LoadResource
QueryPerformanceCounter
MoveFileA
MoveFileW
RemoveDirectoryA
RemoveDirectoryW
CreateMutexA
CreateMutexW
LoadLibraryA
WritePrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileStringW
CreateProcessA
CreateProcessW
lstrcpynA
GetProcAddress
FreeLibrary
SetFilePointer
IsBadReadPtr
GetCurrentThreadId
IsDBCSLeadByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetProcessTimes
GetCurrentProcess
GetLocalTime
FlushFileBuffers
GetAtomNameA
lstrcmpA
IsBadWritePtr
CreateFileMappingA
CreateFileMappingW
GetVersionExW
DeleteCriticalSection
InitializeCriticalSection
GetACP
GlobalFree
GlobalAlloc
LocalAlloc
LocalReAlloc
LocalFree
OpenProcess
CloseHandle
WaitForSingleObject
lstrlenA
ExitProcess
GetCommandLineA
GetTickCount
lstrlenW
FindClose
lstrcmpiA
WideCharToMultiByte
TerminateProcess
RtlUnwind

user32

GetWindowLongA
GetWindowLongW
GetWindowTextLengthA
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadStringW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
CharNextA
SendMessageTimeoutA
SendMessageA
SendMessageW
SetWindowLongA
SetWindowLongW
RegisterClassExA
RegisterClassExW
PostQuitMessage
FindWindowExW
FindWindowExA
FindWindowW
DispatchMessageA
DispatchMessageW
DefWindowProcA
DefWindowProcW
CreateDialogParamW
CreateWindowExW
CreateWindowExA
CreateDialogParamA
GetSystemMetrics
TranslateMessage
MsgWaitForMultipleObjects
DestroyWindow
GetWindowTextA
IsWindow
GetWindowThreadProcessId
GetDesktopWindow
DestroyIcon
GetDlgItem

shlwapi

SHSetValueW
PathAddExtensionW
StrCatBuffW
StrStrIW
StrToIntExW
StrChrW
PathRemoveBackslashW
PathCombineW
PathFindExtensionW
SHGetValueW
StrCpyNW
PathRemoveFileSpecW
PathFindFileNameW
PathAppendW
PathFileExistsW
StrCmpIW
PathFindFileNameA
PathAddBackslashW
wvnsprintfA
SHStrDupW
PathRemoveFileSpecA
PathAddBackslashA
SHRegGetUSValueW
StrCatBuffA
wnsprintfA
StrCmpNIW
StrToIntW
StrCmpNW
wnsprintfW

shfolder

SHGetFolderPathW

oleaut32

SysAllocString
SysFreeString

ole32

CreateBindCtx
StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitialize

advapi32

RegCloseKey
AllocateAndInitializeSid
FreeSid
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA

shell32

SHFileOperationA

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeW
VerQueryValueA

urlmon

CreateURLMoniker
RegisterBindStatusCallback

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b51f22a4896575229889a74a6c48f13a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

shfolder

oleaut32

ole32

advapi32

shell32

version

urlmon

Sections

.text Size: 60KB - Virtual size: 56KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 28KB - Virtual size: 28KB

.text
Size: 60KB - Virtual size: 56KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 28KB