75f989e85830d0d720e09ab5a3f9c5c1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

75f989e85830d0d720e09ab5a3f9c5c1_JaffaCakes118
Size

529KB
MD5

75f989e85830d0d720e09ab5a3f9c5c1
SHA1

20aa28944ef9d2cfa6e880422aa948eb3d261c1f
SHA256

957d7e091ea2b78e9a7e99f2975a02154ae3c6238de076c52833c3f59b3903a2
SHA512

069f785d9421b550fbd30362c78e2aeb92b386ce7bcceb2c0cd5eecb5cf0b1bee1e340bed5058585afb2b73197f9c11fa1911c99e32a4aec828fe76f25402d37
SSDEEP

12288:ezIVReQ7C9GWTgxhUs0fBBg9Mext3LzggOZYl/4CLylJ:4IVQ99YToBeMex2YyJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
75f989e85830d0d720e09ab5a3f9c5c1_JaffaCakes118

Files

75f989e85830d0d720e09ab5a3f9c5c1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

eeafe7e4b42706814879392eeb8a50a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteConsoleW
OutputDebugStringA
HeapQueryInformation
HeapSize
HeapReAlloc
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
HeapFree
OutputDebugStringW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
GetEnvironmentVariableW
IsProcessorFeaturePresent
IsDebuggerPresent
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointer
SetStdHandle
RaiseException
LocalAlloc
GlobalAlloc
GetLastError
CreateThread
CloseHandle
WaitForSingleObject
HeapCreate
GetProcAddress
lstrlenA
HeapAlloc
CompareStringA
GetWindowsDirectoryA
GetEnvironmentStringsW
FormatMessageA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsBadReadPtr
HeapValidate
SetLastError
TlsFree
CreateFileW
GetCurrentThreadId
lstrcpyA
GetModuleHandleA
SetHandleCount
LoadLibraryA
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetStdHandle
WriteFile
GetModuleFileNameW
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineA
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
DecodePointer
GetModuleHandleW
ExitProcess
EnterCriticalSection

user32

DrawFrameControl
DestroyIcon
CreateWindowExA
RegisterClassExA
LoadCursorA
ShowWindow
UpdateWindow
LoadAcceleratorsA
MessageBoxA
GetWindowTextA
GetDC
CheckRadioButton
SetRectEmpty
LoadStringA
LoadIconA
SetCursor
GetSysColor
GetMenuCheckMarkDimensions
GetSystemMetrics
DefWindowProcA
BeginPaint
GetClientRect
DrawTextW
EndPaint
InvalidateRect
SendMessageA
GetIconInfo
DdeNameService
DestroyWindow
PostQuitMessage
EnableMenuItem
PostMessageA
GetWindowTextLengthA

gdi32

ExtTextOutA
CreateCompatibleDC
GetObjectA
CreateBitmap
StretchBlt
DeleteDC
CreateFontW
CreateFontIndirectA
GetTextMetricsA
SetTextAlign
CreateSolidBrush
MoveToEx
GetStockObject
SetDCPenColor
LineTo
CreateCompatibleBitmap
CreateDIBSection
SetBkMode
SetTextColor
SetBkColor
Rectangle
PatBlt
DeleteObject
SelectObject

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListA
SHGetFileInfoA

ole32

CoInitialize

msimg32

GradientFill

winmm

waveOutGetNumDevs
mmioClose
mmioWrite
mmioCreateChunk
mmioOpenA

shlwapi

PathStripToRootA
PathIsDirectoryEmptyW

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

gdiplus

GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP

sensapi

IsNetworkAlive

dxva2

GetMonitorDisplayAreaSize

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ydata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eeafe7e4b42706814879392eeb8a50a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

msimg32

winmm

shlwapi

comctl32

rpcrt4

gdiplus

sensapi

dxva2

Sections

.text Size: 134KB - Virtual size: 133KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 5KB - Virtual size: 12KB

.qdata Size: 222KB - Virtual size: 221KB

.ydata Size: 7KB - Virtual size: 7KB

.rsrc Size: 116KB - Virtual size: 115KB

.text
Size: 134KB - Virtual size: 133KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 5KB - Virtual size: 12KB

.qdata
Size: 222KB - Virtual size: 221KB

.ydata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 116KB - Virtual size: 115KB