26669b358d07d32d569a17b424b3565f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

26669b358d07d32d569a17b424b3565f_JaffaCakes118
Size

2.7MB
MD5

26669b358d07d32d569a17b424b3565f
SHA1

dd83c2665e5e7414a662517a1af2526da59145b1
SHA256

922a499c07209e5be8fe3e6abe9ea730180061edd510399a033db719a4e0e019
SHA512

9845a2dbac54caceccd2f9e8574160d083c4c50e52cb5db4f604bdcbb8022f62ab03bb4e7063ba7e0b8994472f3eec627d8ad1388b5c6c4f8fe0ef44632d088e
SSDEEP

49152:0tzQ/8vPnRTdtVjs0o4CMantkS7Jcz6bBzzEvx:0VI4LtVa4HatkKlzC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
26669b358d07d32d569a17b424b3565f_JaffaCakes118

Files

26669b358d07d32d569a17b424b3565f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

61570c1561a225969acb3f1a6bf3e604

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FindResourceExA
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeResource
GenerateConsoleCtrlEvent
GetACP
GetAtomNameW
GetBinaryType
GetCPInfo
GetCommandLineA
GetConsoleDisplayMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileType
GetLastError
GetLocaleInfoA
GetLogicalDriveStringsA
GetLongPathNameA
GetMailslotInfo
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetProcessIoCounters
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
ExitProcess
GlobalHandle
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByte
LCMapStringA
LCMapStringW
LoadLibraryA
LoadLibraryExA
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
QueueUserAPC
ReadConsoleInputW
ReadConsoleOutputCharacterW
ReadFile
RemoveDirectoryA
ResetEvent
RtlUnwind
SetConsoleScreenBufferSize
SetCurrentDirectoryA
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetSystemTimeAdjustment
SetUnhandledExceptionFilter
SizeofResource
TerminateJobObject
TerminateProcess
TerminateThread
UnhandledExceptionFilter
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
_lclose
_llseek
_lopen
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpyW
lstrcpynA
lstrlenA
EnumResourceTypesA
EnumResourceLanguagesA
DosDateTimeToFileTime
DeleteTimerQueue
DeleteFileA
CreateThread
CreateProcessA
CreateMutexW
CreateMutexA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileExW
CopyFileA
CloseHandle
BeginUpdateResourceW
VirtualAlloc
GlobalFree
GetModuleHandleW

user32

EnumThreadWindows
EnumWindowStationsW
ExitWindowsEx
FindWindowA
FindWindowW
GetClassWord
GetClientRect
GetDC
GetDesktopWindow
GetDlgItem
GetDlgItemTextA
GetMenuStringW
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
InSendMessageEx
LoadCursorA
LoadStringA
LoadStringW
MessageBeep
MessageBoxA
MessageBoxW
MoveWindow
MsgWaitForMultipleObjects
PeekMessageA
PostQuitMessage
RegisterClassExA
RegisterClassExW
RegisterClipboardFormatA
RegisterDeviceNotificationW
ReleaseDC
RemovePropA
SendDlgItemMessageA
SendMessageA
SetCursor
SetDlgItemTextA
SetDlgItemTextW
SetForegroundWindow
SetParent
SetRect
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowCursor
ShowWindow
SystemParametersInfoA
TileWindows
TranslateMessage
UnregisterClassA
UnregisterClassW
wsprintfA
EnableWindow
DrawEdge
DispatchMessageA
DialogBoxIndirectParamA
DestroyWindow
DefWindowProcA
CreateWindowExW
CreateWindowExA
CreateDialogParamW
CreateDialogParamA
ClientToScreen
CharUpperA
CharPrevExA
CharPrevA
CharNextA
CallWindowProcA
LoadCursorFromFileW
LoadIconA
EndDialog

gdi32

GetDeviceCaps
GetTextCharset

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
AdjustTokenPrivileges
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 615KB - Virtual size: 615KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61570c1561a225969acb3f1a6bf3e604

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 615KB - Virtual size: 615KB

.data Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 75KB - Virtual size: 74KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 615KB - Virtual size: 615KB

.data
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 75KB - Virtual size: 74KB