584d7ff53dabf0a40cd81dc95baf3d49_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

584d7ff53dabf0a40cd81dc95baf3d49_JaffaCakes118
Size

596KB
MD5

584d7ff53dabf0a40cd81dc95baf3d49
SHA1

196451adf69ce95d3e0b3142826a7e77b1b1c0de
SHA256

ed95b21258eb152a49e9f7479cc1294741c6b30b8f56db4a3189ce8eeb5e541b
SHA512

3ab5202bbec636fb1cc0121af23b5fa31ed5522becca0310e61234c9abf66bd77244dbe1145fd275968c952927272bf264a04f54c41c1428b9aefa042f1b73fb
SSDEEP

6144:134/Ny9xKHR/7ZLlBb8mIfZ+BwfwutuCOjyw6gFxSANoLRHJ/u8/hHTN+hiSu+AS:1o/40/zBbE46jtWFkANoZVFHj6PWQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
584d7ff53dabf0a40cd81dc95baf3d49_JaffaCakes118

Files

584d7ff53dabf0a40cd81dc95baf3d49_JaffaCakes118
.exe windows:5 windows x86 arch:x86

61290a673db40824725077e0d76a635a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\require\enemy\Face\Slave\circle\RadioProtect.pdb

Imports

kernel32

lstrcmpW
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
GlobalFlags
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetStartupInfoW
HeapAlloc
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
lstrcmpA
GlobalGetAtomNameA
InterlockedIncrement
GetModuleHandleW
CompareStringA
GetCurrentThreadId
CloseHandle
FormatMessageA
MultiByteToWideChar
lstrlenA
FreeLibrary
WideCharToMultiByte
LockResource
SizeofResource
InterlockedDecrement
GetModuleFileNameW
GetProcAddress
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GetLastError
SetLastError
DeleteFileA
GetSystemTime
GetCurrentProcessId
GetVersionExA
GetFileTime
GetCurrentDirectoryA
VirtualProtect
GetModuleHandleA
WriteProfileStringA
GetModuleFileNameA
OpenMutexA
GetLocalTime
ResetEvent
VirtualAlloc
CreateDirectoryA
SetSystemPowerState
Sleep
OpenProcess
GetCommandLineA
GetDateFormatA
GetWindowsDirectoryA
VirtualFree
GetTimeFormatA
QueryPerformanceCounter
LoadResource
MoveFileExA
FindResourceA
CreateFileA

user32

CallWindowProcA
AppendMenuA
GetCursorPos
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ClientToScreen
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
PostMessageA
CreateWindowExA
RegisterClassA
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
SendMessageA
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
UnhookWindowsHookEx
SetWindowTextA
PostQuitMessage
CopyRect
RegisterWindowMessageA
LoadIconA
WinHelpA
RegisterClassExA
GetKeyNameTextA
GetClassInfoExA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowLongA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetClassInfoA
GetDlgItem
GetClientRect

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoCreateInstance

winspool.drv

AddPrinterConnectionA
OpenPrinterA
ClosePrinter
DeletePrinterConnectionA
DocumentPropertiesA

comctl32

ImageList_EndDrag
ImageList_Create
ImageList_GetIcon
ImageList_GetImageCount
ImageList_GetDragImage
ImageList_GetBkColor

oleaut32

VariantClear
VariantChangeType
VariantInit

gdi32

SetMapMode
CreateBitmap
RestoreDC
SaveDC
ExtTextOutA
DeleteObject
SetBkColor
SetTextColor
GetDeviceCaps
PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetClipBox

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61290a673db40824725077e0d76a635a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

winspool.drv

comctl32

oleaut32

gdi32

oleacc

Sections

.text Size: 320KB - Virtual size: 319KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 131KB - Virtual size: 209KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 320KB - Virtual size: 319KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 131KB - Virtual size: 209KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 28KB