58308fdf876ee7508cdbb9aa0ede92e3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

58308fdf876ee7508cdbb9aa0ede92e3_JaffaCakes118
Size

2.6MB
MD5

58308fdf876ee7508cdbb9aa0ede92e3
SHA1

eba2522a61ffe2751c738a81e574de29d99bcd1b
SHA256

e9ad0d2cc39a1dd7274df0d5215f26f0c5f9638e5b1904c5f4a21ef3d771904a
SHA512

c5244b5c228ee52ed6d1f79753a03597b7b81b42226f4abe6a411cb1915e9096e6d14b30a37d22308d88f8070ce03b37d76bd34b965968705e105a95289314e4
SSDEEP

49152:vfUFLY1XynWjZtnENylA4tKz7Dy+hiEoUU2aWW0CO:HO2ynWNtENylA4tCDZiiU2aH0CO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
58308fdf876ee7508cdbb9aa0ede92e3_JaffaCakes118

Files

58308fdf876ee7508cdbb9aa0ede92e3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0e1b2afa0f91f3d092ff1e74bb5e3905

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
lstrcpyA
lstrcpy
lstrcmpiA
WritePrivateProfileStructA
GetModuleHandleW
VerLanguageNameA
UnhandledExceptionFilter
TerminateProcess
SetUnhandledExceptionFilter
SetThreadAffinityMask
SetCommConfig
QueueUserAPC
QueryPerformanceCounter
MultiByteToWideChar
LocalFree
LocalAlloc
LoadLibraryExW
GlobalCompact
GetWindowsDirectoryA
GetTickCount
GetSystemTimeAsFileTime
GetStartupInfoA
GetProcessVersion
GetModuleHandleA
GetModuleFileNameW
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FormatMessageW
FindNextVolumeMountPointA
EnumSystemLanguageGroupsW
EndUpdateResourceW
CreateRemoteThread
VirtualAlloc

user32

GetDC
IsIconic
GetLastActivePopup
LoadIconA
LoadCursorW
CharLowerW
CharUpperW
IsMenu
GetProcessWindowStation
GetWindowTextLengthW
GetMenu
GetMenuContextHelpId
GetMessageExtraInfo
GetShellWindow
GetClipboardSequenceNumber
GetDlgCtrlID
GetDialogBaseUnits
IsCharLowerW
AppendMenuW
CharLowerBuffA
DdeQueryStringA
DrawIcon
EnumDisplayDevicesW
EnumPropsExW
GetClientRect
GetClipboardFormatNameA
GetComboBoxInfo
GetTabbedTextExtentA
RegisterClassW
SetCapture
SetCursorPos
SetDlgItemTextW
SetFocus
SetMenuContextHelpId
SetSysColors
SetWindowLongA
ToUnicode
GetMessagePos

gdi32

CreateScalableFontResourceA
CreateFontW
CreateEllipticRgn
CreateDIBSection
CreateCompatibleBitmap
ColorMatchToTarget
AddFontResourceW
CreateMetaFileW
GetTextCharset
CreatePatternBrush
CloseEnhMetaFile
DeleteDC
FillPath
CreateScalableFontResourceW
GetStockObject
WidenPath
GetMapMode
FONTOBJ_cGetAllGlyphHandles
FontIsLinked
GdiConvertAndCheckDC
GdiConvertFont
GdiInitSpool
GdiSetBatchLimit
GetCharABCWidthsFloatA
GetDCBrushColor
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFilePaletteEntries
EndPath
EngPlgBlt
EngReleaseSemaphore
EngStretchBltROP
EngWideCharToMultiByte
EnumFontFamiliesExA
ExtCreatePen
CreateSolidBrush
GdiIsPlayMetafileDC
StrokeAndFillPath
StartFormPage
SetRelAbs
SetMetaRgn
SetLayoutWidth
SetBitmapBits
RoundRect
RemoveFontMemResourceEx
PlgBlt
OffsetViewportOrgEx
GetWinMetaFileBits
GetTextFaceA
GetTextExtentExPointI
GetPaletteEntries
GetMetaRgn
GetMetaFileW
GetLayout
ExtCreateRegion

advapi32

RegQueryValueExA
ConvertStringSidToSidW
LookupAccountNameW
LookupAccountSidW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegOpenKeyA

shell32

SHEmptyRecycleBinA
ShellExecuteW
ShellExecuteEx
ShellExecuteA
SHPathPrepareForWriteW
SHLoadInProc
DragQueryPoint
DuplicateIcon
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconExA
ExtractIconW
FindExecutableA
FindExecutableW
SHCreateDirectoryExA
SHEmptyRecycleBinW
SHFileOperationA
SHFileOperationW
SHGetDataFromIDListA
SHGetDesktopFolder
SHGetFolderPathA
SHGetFolderPathW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHIsFileAvailableOffline
Shell_NotifyIcon

ole32

CoInitializeEx
CoRegisterSurrogateEx
CoUninitialize
CLSIDFromString

shlwapi

StrRStrIA
StrCmpNIA
StrCmpNA
StrStrA
StrChrIW

msvcrt

_exit
wprintf
wcsncpy
wcslen
wcschr
_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_initterm
_iob
_wcsicmp
_wcsnicmp
_wfopen
exit
fgetwc
fgetws
fwprintf
memcpy
memset
rewind
setlocale

Sections

.text
Size: 1.9MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e1b2afa0f91f3d092ff1e74bb5e3905

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

msvcrt

Sections

.text Size: 1.9MB - Virtual size: 1.8MB

.rdata Size: 596KB - Virtual size: 595KB

.data Size: 88KB - Virtual size: 88KB

.rsrc Size: 41KB - Virtual size: 41KB

.text
Size: 1.9MB - Virtual size: 1.8MB

.rdata
Size: 596KB - Virtual size: 595KB

.data
Size: 88KB - Virtual size: 88KB

.rsrc
Size: 41KB - Virtual size: 41KB