79b63a7a524ec8b593c6715483a26948_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

79b63a7a524ec8b593c6715483a26948_JaffaCakes118
Size

971KB
MD5

79b63a7a524ec8b593c6715483a26948
SHA1

9c2a1856dbd2534ffc4a51f08428f215a1bd89fe
SHA256

14e4ec3be3426ff73c023c86bce81677ed648a187919b31d42dfae1e0085da11
SHA512

f9dfa0e0da467572bf4a362cd40b61d0010b000bdd324e2e4ca6937ed9961e0b303a9a59b4a03b39ab79cd28495cddb63112a007cef7a43903835a795304577a
SSDEEP

24576:Db9yCRm3MrqrMIbaTvHiGl03C6ns3M0xVDOf4yKN:fgz3qTiGqC6nUMIJOf41N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79b63a7a524ec8b593c6715483a26948_JaffaCakes118

Files

79b63a7a524ec8b593c6715483a26948_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b9464b46faf09f028f3d72a0b3fc9ff4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
IsValidCodePage
GetACP
GetConsoleOutputCP
InterlockedIncrement
GetCPInfo
GetModuleFileNameA
ExitProcess
GetProcAddress
GetModuleHandleW
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
SetStdHandle
TlsGetValue
WriteConsoleA
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
FlushFileBuffers
InterlockedDecrement
WriteConsoleW
LocalFree
CloseHandle
GetCurrentThreadId
GetShortPathNameW
GetModuleHandleA
lstrcmpiW
LoadLibraryA
GetLastError
GetStdHandle
lstrlenW
CreateFileA
MultiByteToWideChar
lstrcpynW
HeapCreate
CreateEventA
Sleep
WriteFile
GetConsoleTitleA
GetProcessHeap
GetTickCount
WaitForSingleObject
HeapFree
HeapAlloc
lstrlenA
GetOEMCP

user32

GetWindow
EnumThreadWindows
GetWindowThreadProcessId
CharToOemA
CheckMenuItem
DdeDisconnect
GetDlgItemTextA
LoadCursorA
FindWindowA
UpdateWindow
MapWindowPoints
LoadImageA
GetSystemMetrics
MessageBoxW
DdeConnect
DdeClientTransaction
DispatchMessageA
IsDlgButtonChecked
SetMenu
ShowWindow
GetCursorPos
SetWindowPos
GetSysColor
DefWindowProcA
ReleaseDC
CreateWindowExA
DdeCreateDataHandle
AppendMenuW
EndPaint
DestroyWindow
GetMessageA
GetSystemMenu
SetTimer
RegisterClassExA
DdeCreateStringHandleA
PostQuitMessage
GetWindowDC
FillRect
SetCapture
MsgWaitForMultipleObjects
SetForegroundWindow
GetParent
TrackMouseEvent
LoadIconA
DdeInitializeA
GetClientRect
CreateMenu
SetFocus
GetWindowTextLengthA
SendMessageA
BeginPaint
PtInRect
DdeFreeStringHandle
CreateIconIndirect
GetIconInfo
GetDC
TranslateMessage
GetWindowTextA
MessageBoxA
DdeUninitialize
InvalidateRect

gdi32

DeleteDC
CreateFontA
StretchBlt
CreateBitmap
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SaveDC
GetClipBox
GetStockObject
RestoreDC
CreateSolidBrush
TextOutA
BitBlt

winspool.drv

ClosePrinter
GetPrinterA
GetPrinterDriverA
SetPrinterDataExA
OpenPrinterA
DeviceCapabilitiesA
SetPrinterA

comdlg32

GetSaveFileNameA

advapi32

OpenSCManagerA
IsValidAcl
CloseServiceHandle
SetEntriesInAclA
SetServiceObjectSecurity
EnumDependentServicesA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
RegCloseKey
ControlService
IsValidSecurityDescriptor
BuildExplicitAccessWithNameA
QueryServiceStatusEx
InitializeAcl
QueryServiceObjectSecurity
OpenServiceA

shell32

SHBrowseForFolderA
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetDataFromIDListA

ole32

CoTaskMemFree

oleaut32

SysFreeString
SysAllocStringLen

netapi32

NetShareGetInfo

winmm

waveInGetDevCapsA
waveInGetNumDevs

shlwapi

PathRelativePathToA
PathRemoveBackslashA

comctl32

ImageList_DragLeave
ImageList_DragEnter
ord17
CreateStatusWindowW
ImageList_Destroy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_ReplaceIcon
ImageList_Create
ImageList_Draw

gdiplus

GdipCreateSolidFill
GdipGraphicsClear
GdipDisposeImage
GdipDeleteGraphics
GdipCreateBitmapFromGraphics
GdipDrawImagePointRectI
GdipDeletePen
GdipDeleteBrush
GdipCreateFromHDC
GdipDrawLine
GdipFillRectangleI
GdipCreatePen1
GdipGetImageGraphicsContext

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 319KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 889KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9464b46faf09f028f3d72a0b3fc9ff4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

netapi32

winmm

shlwapi

comctl32

gdiplus

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 524KB - Virtual size: 524KB

.data Size: 319KB - Virtual size: 326KB

.rsrc Size: 6KB - Virtual size: 889KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 524KB - Virtual size: 524KB

.data
Size: 319KB - Virtual size: 326KB

.rsrc
Size: 6KB - Virtual size: 889KB