4b883d14fbcd30cf896006a67a760ac9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4b883d14fbcd30cf896006a67a760ac9_JaffaCakes118
Size

648KB
MD5

4b883d14fbcd30cf896006a67a760ac9
SHA1

a42f848f2b2de4257fbf774da17aeabe4761d284
SHA256

9d723b807f5c210994cb957a0d80b86093f5826f4b8091a20337e94a61c63c29
SHA512

4c185ef1442de628e816b115f99008bdf6ba7bea253fa7c68fa545ff58acc5acc17055d8f0e5d9db0e4348a62159648ea60b99b97b2fcbd62ac6011618f9e06c
SSDEEP

6144:Q5mTEzUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wEz3kEDnQdM9rEju0TH4l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4b883d14fbcd30cf896006a67a760ac9_JaffaCakes118

Files

4b883d14fbcd30cf896006a67a760ac9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

77cea1911784493eb43fbcf693c560e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\tool\Build\Motion\winshall.pdb

Imports

kernel32

InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetCurrentThreadId
lstrcmpA
GlobalFlags
GlobalGetAtomNameA
GetThreadLocale
lstrcmpW
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GetLocaleInfoA
GetCPInfo
GetProcAddress
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
HeapFree
RtlUnwind
GetTimeFormatA
HeapReAlloc
VirtualAlloc
GetCommandLineA
RaiseException
HeapSize
ExitProcess
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
LockResource
SizeofResource
SetLastError
lstrlenA
CompareStringW
CompareStringA
GetProcessHeap
HeapAlloc
GetSystemDirectoryA
GetTempPathA
GetModuleFileNameA
VirtualProtect
LoadResource
FindResourceA
GetDateFormatA
GetModuleHandleA
GetVersionExA
OpenProcess
GetSystemTime
GetVolumeInformationA
CreateFileA
QueryPerformanceCounter
GetTickCount
DeleteFileA
GetStartupInfoA
CloseHandle
CreateProcessA
Sleep
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetOEMCP
InterlockedExchange

user32

GrayStringA
PostQuitMessage
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
SetWindowTextA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DrawTextExA
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
LoadCursorA
GetSystemMetrics
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWinEvent
GetDlgItemInt
ShowScrollBar
SetCursor
InsertMenuItemA
SetDlgItemInt
FindWindowA
GetWindowTextA
ShowWindow
EnumChildWindows
GetAsyncKeyState
GetDC
GetClassNameA
DrawTextA
TabbedTextOutA
UpdateWindow
GetMessagePos
DestroyMenu
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
GetFocus

comctl32

InitCommonControlsEx
ImageList_AddMasked
ImageList_SetIconSize
ImageList_SetBkColor
ImageList_Destroy
ImageList_Remove

comdlg32

ReplaceTextA
GetSaveFileNameA
GetOpenFileNameA

ole32

OleUninitialize
OleCreate
OleInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit

uxtheme

OpenThemeData
DrawThemeText
GetThemeBackgroundRegion
CloseThemeData

oleacc

GetOleaccVersionInfo
AccessibleObjectFromPoint
CreateStdAccessibleObject
LresultFromObject

gdi32

GetClipBox
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
SetBkColor
GetDeviceCaps
DeleteObject
CreateBitmap
PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetTextColor

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 348KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77cea1911784493eb43fbcf693c560e1

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

comdlg32

ole32

oleaut32

uxtheme

oleacc

gdi32

winspool.drv

Sections

.text Size: 172KB - Virtual size: 168KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 52KB - Virtual size: 114KB

.rsrc Size: 348KB - Virtual size: 346KB

.text
Size: 172KB - Virtual size: 168KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 52KB - Virtual size: 114KB

.rsrc
Size: 348KB - Virtual size: 346KB