0db82aca46b303b0b17da94bef8d1180_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0db82aca46b303b0b17da94bef8d1180_JaffaCakes118
Size

1.0MB
MD5

0db82aca46b303b0b17da94bef8d1180
SHA1

edd1cbcaa2f7532472e46c4282507ecc7d540f05
SHA256

87aedb68f81f6d13ed62048c6c5d699ace2bc59d1fdd9ef46512f8eb8a146e53
SHA512

a37dab63fe4c118788973344b959c1360c2661860b0a95eb0cee980ac2092b9f495b7ea768c2d78c1c5ba17e04da6d514d4a4da69d4acf75b9991362c9981e45
SSDEEP

6144:ixQgOY936cEPSu0lrbZZ52x40hzC4762RJFCzbIIJLyKZz3RRFjavqkhr6:ieMqco0L2x4M/6AUzs0av7h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0db82aca46b303b0b17da94bef8d1180_JaffaCakes118

Files

0db82aca46b303b0b17da94bef8d1180_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ba95926c08990f26314caee447083cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
FindFirstFileW
FindNextFileW
FormatMessageW
GetCommState
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceW
GetEnvironmentVariableW
GetFileAttributesA
GetFileAttributesW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapFree
InitializeCriticalSection
FindClose
LeaveCriticalSection
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
OpenProcess
QueryPerformanceCounter
ReadFile
ResetEvent
SetCommState
SetCommTimeouts
SetCurrentDirectoryW
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcatW
lstrcpyW
lstrlenW
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnterCriticalSection
DeleteFileW
DeleteFileA
DeleteCriticalSection
DebugBreak
CreateThread
CreateProcessW
CreateMutexW
CreateFileW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CloseHandle
GetDriveTypeW
GetModuleHandleW
IsDBCSLeadByte
VirtualAlloc

user32

SystemParametersInfoW
TranslateMessage
wsprintfW
ShowWindow
SetWindowPos
SetWindowLongW
SetWindowLongA
SetTimer
SetForegroundWindow
SetFocus
SendMessageW
SendMessageA
SendDlgItemMessageW
ScreenToClient
ReleaseDC
RegisterClassExW
RedrawWindow
PostQuitMessage
PostMessageW
MessageBoxW
MessageBoxA
LoadStringW
LoadStringA
LoadImageW
LoadIconW
IsWindow
InvalidateRect
GetWindowRect
GetWindowLongW
GetWindowLongA
GetParent
GetMessageW
GetDlgItem
GetDC
GetClientRect
FindWindowW
ExitWindowsEx
EnumThreadWindows
EnumChildWindows
EndDialog
EnableWindow
DispatchMessageW
DialogBoxParamW
DefWindowProcW
CopyRect
CharLowerW
GetSysColor
LoadCursorA
CreateWindowExW

gdi32

GetDeviceCaps
CreateFontIndirectW
AddFontResourceW

comdlg32

GetOpenFileNameW

advapi32

RegQueryValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegEnumKeyW
RegEnumKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
OleInitialize
OleUninitialize

shlwapi

StrDupW
StrCpyW
StrCpyNW
StrCmpNIW
StrCmpIW
StrChrIW
StrCatW
SHGetValueW
PathAppendW
PathCombineW
PathIsDirectoryW
PathIsRootW
StrCmpW

msvcrt

_ftol
wcsrchr
wcsncpy
wcslen
wcscpy
wcschr
wcscat
towlower
strtoul
_XcptFilter
__getmainargs
__lconv_init
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_exit
_initterm
_mbschr
_mbsinc
_mbsrchr
_wcsicmp
_wcsnicmp
_wtoi
exit
free
iswspace
memmove
setlocale

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ba95926c08990f26314caee447083cd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

msvcrt

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 23KB - Virtual size: 23KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 2KB - Virtual size: 2KB