7a86c243fea6c22cb2fabdf0f3f43e0a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7a86c243fea6c22cb2fabdf0f3f43e0a_JaffaCakes118
Size

391KB
MD5

7a86c243fea6c22cb2fabdf0f3f43e0a
SHA1

f6823beeabba46b3009190aae0a1c4e4dca8a2e0
SHA256

114fd29454f4ff8ea56c21cbd67b9ce214bdf7ecf7ac38c733beeb896afa1ec7
SHA512

8cd5234b72131e47cc4f2acd584f2efb8379c73814c8630956e7ae911524c4426d97edd4162f395722ffbb019049623590706c855f29816e1bc4834f9ed57c0c
SSDEEP

6144:s0CSA9dNgVFNdbfi3aSI5Jm3ga2VEU6TVbeSHk:QtdNgVFDfg3E2UmVbE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
7a86c243fea6c22cb2fabdf0f3f43e0a_JaffaCakes118

Files

7a86c243fea6c22cb2fabdf0f3f43e0a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6303fb732ef1fa52636cfcfc12804462

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Nass\Roami\Release\slopes.pdb

Imports

kernel32

GetLogicalDriveStringsW
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateNamedPipeA
FindFirstChangeNotificationA
FindNextChangeNotification
FindCloseChangeNotification
GetComputerNameA
SetEnvironmentVariableA
CreateFileW
ReadConsoleW
ReadFile
SetStdHandle
GetStringTypeW
FlushFileBuffers
SetFilePointerEx
HeapReAlloc
LCMapStringW
CompareStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
lstrcpyW
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetFileType
GetProcessHeap
HeapFree
HeapAlloc
VirtualAlloc
ExitThread
GetVersionExA
IsBadStringPtrA
GetModuleFileNameA
FormatMessageA
GetSystemInfo
GetCurrentThread
VirtualQuery
GetModuleHandleA
CloseHandle
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetCurrentThreadId
CreateThread
SetUnhandledExceptionFilter
RaiseException
TerminateProcess
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
SetEndOfFile
WideCharToMultiByte
GetTimeZoneInformation
HeapSize
AreFileApisANSI
ExitProcess
WriteFile
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
LocalFree
GlobalMemoryStatus
LoadLibraryA
GetProcAddress
UnhandledExceptionFilter
FreeLibrary
GetTickCount
CreateFileA
GetCommandLineA
MultiByteToWideChar
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
RtlUnwind
SetConsoleCtrlHandler
ResumeThread
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetCurrentProcessId
IsValidCodePage
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
Sleep

user32

DefWindowProcA
PostQuitMessage
SendMessageA
EnumWindowStationsW
GetSystemMetrics
LoadIconA
LoadCursorA
GetWindow
GetWindowThreadProcessId
DrawFocusRect
MapWindowPoints
GetCursorPos
SetCursor
MessageBoxA
GetClientRect
SetWindowTextA
EndPaint
BeginPaint
GetDC
WindowFromDC
DrawIcon
TrackPopupMenuEx
KillTimer
GetFocus
GetDlgItem

gdi32

CreateCompatibleDC
SelectObject
CreateSolidBrush
GetObjectA
GetTextMetricsA
SetTextAlign
SetPixelFormat
RoundRect
GetStockObject
DeleteObject
DeleteDC
BitBlt

comdlg32

GetOpenFileNameA

advapi32

GetNamedSecurityInfoA
RegOpenKeyExA
LsaRemoveAccountRights
LsaQueryInformationPolicy
LsaOpenPolicy
LsaFreeMemory
RegCloseKey
GetUserNameW
CopySid
GetLengthSid
GetTokenInformation
RegQueryValueExA

shell32

SHParseDisplayName
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHGetFolderPathA
SHGetDesktopFolder

ole32

CoInitialize

oleaut32

VarFormatCurrency
VariantInit

netapi32

NetApiBufferFree
NetUserGetInfo
NetLocalGroupEnum
NetUserEnum

mpr

WNetAddConnection2A

avifil32

AVIFileOpenA
AVIFileInit
AVIStreamWrite

winmm

mmioAscend

iphlpapi

GetOwnerModuleFromUdpEntry
GetOwnerModuleFromTcpEntry

pdh

PdhCollectQueryData

rpcrt4

RpcMgmtInqComTimeout

secur32

ApplyControlToken

opengl32

wglGetCurrentDC
glViewport
glMatrixMode

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

authz

AuthzInitializeResourceManager
AuthzFreeResourceManager

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6303fb732ef1fa52636cfcfc12804462

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

netapi32

mpr

avifil32

winmm

iphlpapi

pdh

rpcrt4

secur32

opengl32

setupapi

authz

Sections

.text Size: 136KB - Virtual size: 136KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 169KB - Virtual size: 168KB

.reloc Size: 26KB - Virtual size: 329KB

.text
Size: 136KB - Virtual size: 136KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 169KB - Virtual size: 168KB

.reloc
Size: 26KB - Virtual size: 329KB