585d79406597e07cee521ab716d3737c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

585d79406597e07cee521ab716d3737c_JaffaCakes118
Size

350KB
MD5

585d79406597e07cee521ab716d3737c
SHA1

1358bd35ca56bd413233d4f207a1d6b0384f233a
SHA256

44b0136cc9ccf91d8054ac0e835a361308a7e6e582ace7cff0406c1604bc48ef
SHA512

91192cf18bc490d40716d4b831318d440947caa5e350bb4d77d3daa953217a4c8ec0f3cf15e329a4830ffaf5d69cdb9f8c9339fd1b8001af4eae22435b9f5a27
SSDEEP

6144:RukiCIXQRFUPRLLHpsn4k24JMWmaF0oc:R0vXqFMFHps4k3euz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
585d79406597e07cee521ab716d3737c_JaffaCakes118

Files

585d79406597e07cee521ab716d3737c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cbe4e98d1a8a97f8b718d29a2fd9a8aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Such\Fun\best\Both\Thousand\even\wintermatch.pdb

Imports

kernel32

HeapReAlloc
LoadLibraryW
WriteConsoleW
SetStdHandle
CreateFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CloseHandle
SetFilePointer
CompareStringW
GetTempPathA
GetCurrentProcessId
TlsAlloc
GetCurrentDirectoryA
GetModuleHandleA
FindNextFileA
GetModuleFileNameA
WaitForMultipleObjects
LoadLibraryA
GetTempFileNameA
GetProcAddress
FindFirstFileA
GetShortPathNameA
MultiByteToWideChar
GetEnvironmentVariableA
GetFileAttributesA
Sleep
TlsSetValue
GetWindowsDirectoryA
WaitForSingleObject
ExitProcess
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
TlsGetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetStringTypeW
GetLocaleInfoW
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetEnvironmentVariableA

user32

CallNextHookEx
EnumWindows
GetWindowLongA
CreateWindowExA
ReleaseDC
DefWindowProcA
GetClassInfoExA

gdi32

RestoreDC
ExtTextOutA
StartDocA
Rectangle
CreateFontIndirectA
StartPage

comctl32

ImageList_Remove
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_Destroy

shlwapi

StrRetToBufA
StrCmpNA
StrStrA
UrlIsA
PathCreateFromUrlA

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyA
FreeSid
OpenSCManagerA
AllocateAndInitializeSid
QueryServiceStatus
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
InitializeSecurityDescriptor
RegDeleteKeyA
RegQueryValueExA
RegisterServiceCtrlHandlerA
RegSetValueExA
GetTokenInformation
SetEntriesInAclA
OpenThreadToken
DeleteService
StartServiceCtrlDispatcherA
OpenProcessToken
OpenServiceA

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbe4e98d1a8a97f8b718d29a2fd9a8aa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comctl32

shlwapi

advapi32

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 6KB - Virtual size: 76KB

.rsrc Size: 134KB - Virtual size: 133KB

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 6KB - Virtual size: 76KB

.rsrc
Size: 134KB - Virtual size: 133KB