4a74cfd337fadf62b8824127c011ec7c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a74cfd337fadf62b8824127c011ec7c_JaffaCakes118
Size

449KB
MD5

4a74cfd337fadf62b8824127c011ec7c
SHA1

8231a98c7d4b9ce0bbd92a09369584b08c9095b4
SHA256

d2ba4389be24d0659c4575b787b1db657eff3d56ee53f30d72f60d51f6554494
SHA512

d5ca179566ebc336bb754c5d1910ac34430b9da0796f856e932b330767728e06af0219d4d468989a560632c96f6ee280ec349e985fbfc0ebd72f6ddfc155d057
SSDEEP

3072:FjqnjgBDZDKdtk6dqSDxx2n11i19/GSGzC1N8yYKSyW1Cwu3M52oigI75ehCb2dI:ckDat5fA11i19uJuN9YXyOnC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a74cfd337fadf62b8824127c011ec7c_JaffaCakes118

Files

4a74cfd337fadf62b8824127c011ec7c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8f8d006ca76542fb01618d3e53a61529

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

3\\qwhW#jerjw\erjw#HJERjwr\\.pdb

Imports

shell32

ExtractAssociatedIconA
FindExecutableA
ExtractIconExW

comdlg32

GetOpenFileNameW

user32

DeregisterShellHookWindow
GetTitleBarInfo
GetClassLongA
LoadImageA
LoadCursorFromFileA
IsRectEmpty
GetWindowPlacement
GetSysColorBrush
GetWindowThreadProcessId
DefFrameProcW
DestroyCursor
LoadBitmapW
LoadAcceleratorsW
GetComboBoxInfo
FlashWindowEx
GetCaretPos
GetKeyboardLayoutList
GetClassInfoW
GetDoubleClickTime
GetSysColor
GetMenuStringA
GetClassInfoA
LoadMenuW
FindWindowA
GetMenuContextHelpId
GetSystemMenu
GetWindowRgnBox
DrawMenuBar
GetUpdateRect
GetShellWindow
GetMenuState
GetClientRect
LoadStringW
ExcludeUpdateRgn
DefWindowProcW
GetCaretBlinkTime
GetDlgItemInt
GetScrollInfo
UpdateWindow
DialogBoxParamA
LockSetForegroundWindow
LogicalToPhysicalPoint
GetMenuItemID
DestroyWindow
GetTabbedTextExtentA
LoadAcceleratorsA
DdeSetUserHandle
DrawTextW
GetClassInfoExA
ModifyMenuA
wsprintfA
LoadMenuA

kernel32

DeviceIoControl
GetDefaultCommConfigW
FreeConsole
GetCurrentConsoleFont
FileTimeToDosDateTime
GetSystemPowerStatus
EnumSystemLocalesA
GetConsoleTitleA
GetCompressedFileSizeW
FindResourceW
GetVolumePathNamesForVolumeNameW
GetProcessId
EnumUILanguagesW
FindActCtxSectionStringW
GetExitCodeProcess
GetShortPathNameW
GetSystemDirectoryA
IsValidLocale
GetTickCount
GetFileAttributesExW
GetLocaleInfoW
GlobalGetAtomNameW
VirtualAllocEx
LocalHandle
LoadResource
DefineDosDeviceW
GetVolumePathNameW
GetModuleHandleW
GetBinaryTypeA
FlushProcessWriteBuffers
ApplicationRecoveryInProgress
SleepEx
GetOverlappedResult
GetOEMCP
IsProcessorFeaturePresent
ResumeThread
Sleep
GetProcAddress
GetLargestConsoleWindowSize
FileTimeToSystemTime
LocalFlags
GetProfileSectionA
FindFirstFileExA
DecodePointer
GetTempPathA
GetTimeFormatW
GetWindowsDirectoryW
LockFileEx
GetStartupInfoA
LocalFree
GetConsoleCP
DeactivateActCtx
GetComputerNameA
GetPrivateProfileSectionA
GetThreadTimes
EnumResourceTypesA

gdi32

DeleteMetaFile
GetPaletteEntries
GetTextAlign
GetWorldTransform
GetTextExtentPointW
GetViewportExtEx
RestoreDC
SetStretchBltMode
GetBitmapBits
GdiSetBatchLimit
FrameRgn
GetObjectW
GetTextFaceA
GetTextExtentExPointW
GetTextExtentPoint32W
GetBkColor
GetCharWidth32W
GetPath
ExtTextOutA

ntdll

strcmp
strspn
memset

msvcrt

_time64
fputc
fgetws
_localtime64
fread
fputws

mscms

GetStandardColorSpaceProfileW

secur32

GetComputerObjectNameW
InitializeSecurityContextA
EnumerateSecurityPackagesW

winspool.drv

DeletePrinterDriverW
FindFirstPrinterChangeNotification
GetPrinterDriverDirectoryA

urlmon

GetClassFileOrMime
FaultInIEFeature
CoInternetIsFeatureEnabled

advapi32

IsTokenRestricted
InitializeSecurityDescriptor
GetUserNameW
LookupPrivilegeNameA
GetUserNameA
GetEventLogInformation
LookupPrivilegeNameW
ImpersonateSelf

ws2_32

listen

version

GetFileVersionInfoA

oleaut32

GetRecordInfoFromTypeInfo
LoadRegTypeLi
VarCyMul

powrprof

GetPwrCapabilities

wininet

FindFirstUrlCacheEntryExW
DeleteUrlCacheEntryW
InternetInitializeAutoProxyDll

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.P
Size: 363KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f8d006ca76542fb01618d3e53a61529

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

comdlg32

user32

kernel32

gdi32

ntdll

msvcrt

mscms

secur32

winspool.drv

urlmon

advapi32

ws2_32

version

oleaut32

powrprof

wininet

Sections

.text Size: 38KB - Virtual size: 38KB

.P Size: 363KB - Virtual size: 371KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 38KB - Virtual size: 38KB

.P
Size: 363KB - Virtual size: 371KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 40KB - Virtual size: 40KB