88509b362930d957019c8babb0c72cb7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88509b362930d957019c8babb0c72cb7_JaffaCakes118
Size

4.5MB
MD5

88509b362930d957019c8babb0c72cb7
SHA1

36d46e7382aec4082ef17b46935106f36b3ab26c
SHA256

02cc3f981a152926b644f4a1d50a2a89a5b9e427fd14c54a407bbbd7cb9ee928
SHA512

f90ec85841497e03dc541c46d927744bfa71d5b0fa63b104c76b9f37a20f572cbe0157d0d091d2331ef986e2757731adaa46450cf63c8a442fb1446f2710ac26
SSDEEP

49152:TpHZ3L6tJcVpCQdvG5q6hmkykVq103hl/HOg3l+RInrf41BCDp2y3ScRzDL:TpHhlFVWoSh1HZARIn81YDUy3ScB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88509b362930d957019c8babb0c72cb7_JaffaCakes118

Files

88509b362930d957019c8babb0c72cb7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7c9b0ea5c2de107b51434d254f462acb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

RegisterGPNotification
EnterCriticalPolicySection

comctl32

ImageList_SetIconSize
InitializeFlatSB
FlatSB_SetScrollInfo
FlatSB_GetScrollInfo

mpr

WNetEnumResourceW

kernel32

ReadFile
SetFilePointer
CloseHandle
GetSystemInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FindResourceExW
GetFullPathNameW
DeleteFileW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetStringTypeW
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetSystemTimeAsFileTime
SetFilePointerEx
GetConsoleMode
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetConsoleCP
FlushFileBuffers
GetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
GetVersionExW
GetModuleHandleA
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
OutputDebugStringW
IsDebuggerPresent
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetFileType
GetStdHandle
GetProcessHeap
GetModuleHandleExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
ExitProcess
HeapSize
VirtualAlloc
LocalFree
CreateFileW
GlobalFree
GlobalUnlock
RtlUnwind
LoadLibraryW
HeapAlloc
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
SetStdHandle
WriteConsoleW
EncodePointer
DecodePointer
RaiseException
GetCommandLineW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
CreateEventW
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
GetProcAddress
CreateSemaphoreW
CreateThread
ExitThread
HeapFree
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask

secur32

GetUserNameExW

advapi32

RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW

user32

DestroyCursor
SetRect
InvertRect
FillRect
DrawFocusRect
GetWindowRect
SetScrollRange
InvalidateRect
LoadIconW
GetDCEx
GetMenuItemInfoW
TrackPopupMenuEx
GetMenuItemCount
GetMenuItemID
DestroyMenu
GetMenuState
DispatchMessageW
GetKeyboardLayout
GetUpdateRect
IsDialogMessageW
EnableScrollBar
LoadStringW

shell32

SHCreateDirectoryExW
SHGetPathFromIDListW
SHFileOperationW
ExtractIconExW
ShellAboutW
CommandLineToArgvW
SHGetDesktopFolder

oleaut32

VarDateFromStr
SysFreeString
VarNot
VarBstrFromBool
SafeArrayGetUBound
VarCyFromStr
VariantChangeTypeEx
SafeArrayPtrOfIndex
SafeArrayPutElement

crypt32

CertNameToStrW
CertAddStoreToCollection
CertSetCertificateContextProperty
CertCreateCertificateContext
CryptMsgUpdate
CryptFindOIDInfo
CryptEncodeObjectEx
CertControlStore
CertVerifyCertificateChainPolicy
CryptStringToBinaryW
CertVerifyTimeValidity

psapi

GetModuleBaseNameW
GetModuleFileNameExW
GetProcessImageFileNameW

comdlg32

PrintDlgExW
ChooseFontW

Sections

.text
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 32.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.447e
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.f4rca3
Size: 853KB - Virtual size: 852KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.olueh4
Size: 896KB - Virtual size: 896KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.8aw3a
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c9b0ea5c2de107b51434d254f462acb

Headers

File Characteristics

Imports

userenv

comctl32

mpr

kernel32

secur32

advapi32

user32

shell32

oleaut32

crypt32

psapi

comdlg32

Sections

.text Size: 311KB - Virtual size: 311KB

.data Size: 48KB - Virtual size: 32.2MB

.idata Size: 5KB - Virtual size: 5KB

.xdata Size: 8KB - Virtual size: 7KB

.447e Size: 814KB - Virtual size: 813KB

.f4rca3 Size: 853KB - Virtual size: 852KB

.olueh4 Size: 896KB - Virtual size: 896KB

.8aw3a Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 152KB - Virtual size: 152KB

.text
Size: 311KB - Virtual size: 311KB

.data
Size: 48KB - Virtual size: 32.2MB

.idata
Size: 5KB - Virtual size: 5KB

.xdata
Size: 8KB - Virtual size: 7KB

.447e
Size: 814KB - Virtual size: 813KB

.f4rca3
Size: 853KB - Virtual size: 852KB

.olueh4
Size: 896KB - Virtual size: 896KB

.8aw3a
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 152KB - Virtual size: 152KB