0eef75deaea6806d3dde5b83c3b625f6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0eef75deaea6806d3dde5b83c3b625f6_JaffaCakes118
Size

1.4MB
MD5

0eef75deaea6806d3dde5b83c3b625f6
SHA1

dcaedcc047db68c979263293a0a767e52bc88d15
SHA256

7ce52df2e1186532c119b3ad42fad1012bb78e6393bff209086dec386bbd49af
SHA512

2e5a2bbc751c3349a393484215f5792d284727e8338414e55c4a13fa7f52dc93b0eb4c75efce79cbd138bcf44d4c2a279a68c7bf51bf9afc0b5d0b5f5a03ec6b
SSDEEP

24576:hGf04SoHT5/a30mSfflaDtBQMcFXxqL1wDYXT8Qh0L4HREppTmSm9TbL2:h5m/wafflkPQtRQ/T8A0sxITmFbK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0eef75deaea6806d3dde5b83c3b625f6_JaffaCakes118

Files

0eef75deaea6806d3dde5b83c3b625f6_JaffaCakes118
.exe windows:6 windows x86 arch:x86

7308c76939ed712aae20bd3cc6bd67db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalLock
GlobalFree
GetLocalTime
GetConsoleScreenBufferInfo
IsWow64Process
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameW
ContinueDebugEvent
LocalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
SetEnvironmentVariableA
CreateFileW
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
CompareStringW
SetLastError
GetLastError
RtlUnwind
HeapReAlloc
GetStringTypeW
LoadLibraryW
OutputDebugStringW
CloseHandle
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetFileType
DeleteCriticalSection
GetTimeZoneInformation
RaiseException
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
FindFirstFileA
GetModuleFileNameW
MulDiv
GetConsoleWindow
CreateEventA
GlobalAlloc
QueryPerformanceCounter
GetCPInfo
GetNativeSystemInfo
ExitProcess
lstrcpyA
CreateThread
DeleteFileA
LocalFree
ResumeThread
GetTempPathA
GetStdHandle
GetFileSizeEx
MultiByteToWideChar
GetEnvironmentVariableA
ReadFile
Sleep
WideCharToMultiByte
GetUserDefaultLangID
WriteFile
ExpandEnvironmentStringsA
WaitForSingleObject
SetFilePointerEx
InterlockedDecrement
FreeLibrary
GetFileSize
TlsGetValue
TlsAlloc
TerminateProcess
LoadLibraryExW
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForDebugEvent
CreateFileA
DebugActiveProcess
HeapFree
HeapAlloc
EncodePointer
DecodePointer
HeapSize
GetCurrentThreadId
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
GetFileAttributesExW
AreFileApisANSI
GetModuleHandleExW
GetProcessHeap
GetCommandLineA
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
IsDebuggerPresent

user32

GetCursorPos
GetSysColorBrush
GetWindowLongA
EnumChildWindows
GetSystemMetrics
DefWindowProcA
SetWindowLongW
GetWindowTextA
EnumWindows
GetClientRect
GetClassNameA
SetClassLongA
ReleaseDC
SetScrollPos
GetWindowLongW
mouse_event
MessageBoxW
SetWindowRgn
ClientToScreen
GetClassLongA
CheckMenuItem
DrawFrameControl
MapWindowPoints
SetWindowTextA
InsertMenuA
EndPaint
MessageBoxA
ScreenToClient
GetWindowRect
WaitForInputIdle
SetFocus
GetWindowTextLengthA
SendMessageA
BeginPaint
SetWindowWord
GetDC
DrawFocusRect
GetWindowWord
GetWindowPlacement
OffsetRect
TrackPopupMenuEx
SystemParametersInfoA

gdi32

DeleteDC
CreateFontA
GetDeviceCaps
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
DPtoLP
SetMapMode
GetMapMode
SetDCPenColor
CreatePen
GetObjectA
BitBlt

comdlg32

GetSaveFileNameA

advapi32

CreateWellKnownSid
CloseEventLog
ReadEventLogA
OpenEventLogA
ClearEventLogA
ReportEventA
GetNumberOfEventLogRecords
GetOldestEventLogRecord
DeregisterEventSource
ConvertSidToStringSidA
RegisterEventSourceA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

ole32

CoInitialize
StringFromCLSID
CoCreateInstance
CoUninitialize
ProgIDFromCLSID
CoTaskMemFree
CLSIDFromString

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringLen
VariantInit
SysAllocStringByteLen
SystemTimeToVariantTime
SysAllocString
VariantClear

opengl32

wglSwapMultipleBuffers
wglSwapLayerBuffers

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

gdiplus

GdipGetImageEncoders
GdiplusStartup
GdipGetImageEncodersSize

winmm

mmioAscend

shlwapi

SHCreateShellPalette
StrTrimA
SHAutoComplete

uxtheme

GetThemeBackgroundRegion

urlmon

RegisterMediaTypes

pdh

PdhCollectQueryData

avifil32

AVIFileRelease

activeds

ord9

rpcrt4

RpcRevertToSelf

oleacc

LresultFromObject

d3d9

Direct3DCreate9

authz

AuthzFreeContext
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzInitializeResourceManager

traffic

TcSetFlowA

tapi32

lineGetLineDevStatus

quartz

AMGetErrorTextW

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7308c76939ed712aae20bd3cc6bd67db

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

opengl32

version

gdiplus

winmm

shlwapi

uxtheme

urlmon

pdh

avifil32

activeds

rpcrt4

oleacc

d3d9

authz

traffic

tapi32

quartz

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 6KB - Virtual size: 20KB

.rsrc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 6KB - Virtual size: 20KB

.rsrc
Size: 1.2MB - Virtual size: 1.8MB