7159ecbb93e5121e33f94f13c6dc81af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7159ecbb93e5121e33f94f13c6dc81af_JaffaCakes118
Size

412KB
MD5

7159ecbb93e5121e33f94f13c6dc81af
SHA1

3055c5aabeb0958405c35e81c048be42e5fef96d
SHA256

a1c1a834a18a6bed119961b30e324895c8f93ba46b59f79f97ddaf1d3c1a87aa
SHA512

56f8bf2106bff85daacf4f832709ecc5e6a455ef6fb7ef548c5cc8f590c7af0e8235c566e04073759654edd4195560cb2e10b14fb29053a16e9791a58386abf1
SSDEEP

6144:aDnmjdC6euaPYk3w9i5BTXvzcPPHVdcj7eyrZUL+GcwQCkZXj:8nsY7gk3wuT/iP0zr0QCkNj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7159ecbb93e5121e33f94f13c6dc81af_JaffaCakes118

Files

7159ecbb93e5121e33f94f13c6dc81af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17b7c4a729fc33264889fcaa8cfbb0ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Winchester\elementAuto.pdb

Imports

kernel32

GetCPInfo
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetACP
WriteFile
ExitProcess
VirtualQuery
LockResource
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleA
GetOEMCP
IsValidCodePage
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle
GetStdHandle
CreateFileA
FreeResource
SizeofResource
Sleep
CreateEventA
WaitForSingleObject
HeapReAlloc
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
OpenWaitableTimerW
VirtualAlloc
EnterCriticalSection
GetStartupInfoA
MultiByteToWideChar
GetLastError
FindResourceA
TlsFree
LoadResource
lstrcpyA
SetConsoleTitleA
GetEnvironmentStrings
GetDateFormatA
GetNumberFormatA
InterlockedDecrement
GetTimeFormatA
GetProcessHeap
GetVersionExA
HeapFree
FormatMessageA
LoadLibraryA
GetThreadLocale
RtlUnwind
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA

user32

GetUpdateRect
GetDlgItemTextA
IsDlgButtonChecked
DrawFocusRect
EnumWindowStationsW
GetDC
ReleaseDC
PostQuitMessage
GetDialogBaseUnits
DestroyWindow
SetScrollRange
SetScrollPos
SetScrollInfo
SetWindowTextA
CreateWindowExA
LoadMenuA
GetSubMenu
EnableMenuItem
SetForegroundWindow
TrackPopupMenu
GetForegroundWindow
LoadIconA
GetDlgItem
GetSysColorBrush
CopyRect
CreateIcon
GetWindowDC
IsWindowEnabled
GetFocus
RegisterClassExA
GetWindowLongA
CreatePopupMenu
InsertMenuItemA
GetIconInfo
GetClientRect
GetWindowRect
ScreenToClient
SendMessageA
InvalidateRgn
BeginPaint
LookupIconIdFromDirectory
CreateIconFromResource
FindWindowA
FindWindowExA
GetWindowTextA
SetActiveWindow
GetCursorPos
EndPaint
SystemParametersInfoA
SendInput
WaitForInputIdle
LoadCursorA
SetRect
UnionRect
LoadStringA
wsprintfA

gdi32

CreateBitmap
SetBkColor
ExtTextOutA
CreateSolidBrush
MoveToEx
CombineTransform
GetNearestPaletteIndex
GetDeviceCaps
CreateFontA
SetTextAlign
ExcludeClipRect
SetBkMode
DescribePixelFormat
SetTextColor
PatBlt
GetTextExtentPoint32A
CreateRectRgnIndirect
GetCurrentObject
CreateFontIndirectA
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
DeleteObject
DeleteDC
GetPixel

advapi32

OpenProcessToken
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetFileInfoA
SHBrowseForFolderA

ole32

CoTaskMemAlloc
StgCreateDocfile

wininet

InternetOpenA

avicap32

capGetDriverDescriptionW

msimg32

GradientFill

crypt32

CertSetStoreProperty
CertVerifyCRLRevocation
CertUnregisterPhysicalStore
CertVerifyCRLTimeValidity
CertGetNameStringA
CertStrToNameA

comctl32

ImageList_Create
ord17
ImageList_Remove
ImageList_Draw

activeds

ord9

uxtheme

IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17b7c4a729fc33264889fcaa8cfbb0ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

wininet

avicap32

msimg32

crypt32

comctl32

activeds

uxtheme

Sections

.text Size: 200KB - Virtual size: 196KB

.text1 Size: 4KB - Virtual size: 1KB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 16KB - Virtual size: 22KB

.data1 Size: 28KB - Virtual size: 26KB

.rsrc Size: 80KB - Virtual size: 77KB

.text
Size: 200KB - Virtual size: 196KB

.text1
Size: 4KB - Virtual size: 1KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 16KB - Virtual size: 22KB

.data1
Size: 28KB - Virtual size: 26KB

.rsrc
Size: 80KB - Virtual size: 77KB