16f2bfd12ecc59c08c846c7a91179688_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16f2bfd12ecc59c08c846c7a91179688_JaffaCakes118
Size

357KB
MD5

16f2bfd12ecc59c08c846c7a91179688
SHA1

ac74f2287c0bfe874a210570322452929b765f5e
SHA256

22515694f5e8a26dabe3a2c78c91b20868877b50f2e11779e15a946ff0e9a239
SHA512

6d445e1454aeedb55a8f98176abc078c7878de8738eb5cb00b5bc388bb4921eb678bcd3e109ebe59c72732fa17dbd7f2064afd500067bbbe1520ec581f66bbd2
SSDEEP

6144:SyN8f1pUqmWqpYTHpIb93Oh68L6xywQ1blRjXS7ytx2Uvs:h6f1pUqmIHpyG6TitS0xS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16f2bfd12ecc59c08c846c7a91179688_JaffaCakes118

Files

16f2bfd12ecc59c08c846c7a91179688_JaffaCakes118
.exe windows:5 windows x86 arch:x86

96052393c90057716deccebf958d9c8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
GetProcAddress
GetCurrentThreadId
SetLastError
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
Sleep
GetStringTypeW
LoadLibraryW
ReadFile
SetStdHandle
WriteConsoleW
HeapReAlloc
HeapSize
FlushFileBuffers
GetVersionExA
GetCurrentProcess
CloseHandle
FindFirstFileA
FindNextFileA
FindClose
GetCommandLineW
GetLastError
HeapCreate
HeapAlloc
LocalAlloc
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateFileW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsProcessorFeaturePresent
TerminateProcess
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
HeapFree
GetStartupInfoW
HeapSetInformation
GetCommandLineA
RaiseException
LocalFree
GetTickCount
GetModuleHandleA

user32

CloseClipboard
SetClipboardData
CopyImage
EmptyClipboard
EndDialog
OpenClipboard
EndPaint
BeginPaint
SetFocus
EnumDisplayMonitors
LoadImageA
SetWindowPos
CreateWindowExA
GetMenuState
GetSystemMenu
GetDCEx
GetWindowRect
GetWindowTextA
AppendMenuA
GetDesktopWindow
SetRect
UnregisterClassW
LoadAcceleratorsW
ShowWindow
CreateWindowExW
RegisterClassExW
OffsetRect
SendDlgItemMessageA
GetDlgItem
SendMessageA
GetForegroundWindow
GetDoubleClickTime
GetSystemMetrics
DrawFrameControl
GetDC
ReleaseDC
FillRect
GetWindowLongA
GetClientRect
SetWindowTextA
DefWindowProcA
GetKeyboardType
LoadCursorW
LoadIconW
LoadImageW

gdi32

CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
DeleteDC
CreateSolidBrush
DeleteObject
StartPage
EndPage
EndDoc
GetDeviceCaps
CreateDIBSection
GdiFlush
BitBlt
GetObjectA
SetTextColor
SetBkColor
GdiSetBatchLimit
CreateRectRgn
GetStockObject
PatBlt
CreateFontA

advapi32

AllocateAndInitializeSid
DeregisterEventSource
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegEnumValueA
RegCloseKey
OpenProcessToken
GetTokenInformation
RegCreateKeyExA
GetUserNameW
IsValidSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
IsValidAcl
FreeSid
InitializeSecurityDescriptor

shell32

CommandLineToArgvW

ole32

OleInitialize
OleUninitialize
OleCreate
CoInitialize
CoGetObject
CoUninitialize
OleSetContainedObject

oleaut32

VariantClear
VariantChangeType

wininet

InternetGetLastResponseInfoA
InternetOpenA
FtpSetCurrentDirectoryA
FtpPutFileA

netapi32

NetSessionEnum
NetApiBufferFree
NetUserGetInfo

version

GetFileVersionInfoW

shlwapi

PathCompactPathA

comctl32

ord413
CreateToolbarEx
InitCommonControlsEx

gdiplus

GdipDrawLineI
GdipCreateFromHDC
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipDrawRectangleI
GdipAlloc
GdipDrawEllipseI
GdipFree
GdiplusStartup
GdiplusShutdown

wsnmp32

ord320

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96052393c90057716deccebf958d9c8f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

netapi32

version

shlwapi

comctl32

gdiplus

wsnmp32

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 228KB - Virtual size: 228KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 228KB - Virtual size: 228KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 6KB - Virtual size: 6KB