8a57297844825b961282d40fdebc4879_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a57297844825b961282d40fdebc4879_JaffaCakes118
Size

305KB
MD5

8a57297844825b961282d40fdebc4879
SHA1

a077e179c69461bd702d60133ed0b7201661e82b
SHA256

3b2cc469e27aca58abc43a3eaa94dab4bee615c29f7995814e0b0a3d238f5408
SHA512

e3cf980e36d620e52876fa26f27a9f8c89c155d8975572f57a780a2e6ea950542ab67a0fb30681f547a07dac6c763386d79f1a22e8eae801a7c4f998afb238ff
SSDEEP

3072:rVn8QOXmQaDIJEGp8Wtvv6j2KD+qmk5V4gzj1BuYH5V98YC/7K/XRlCHy:r9cQIvXtvE20LggDuYH5VCX++S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a57297844825b961282d40fdebc4879_JaffaCakes118

Files

8a57297844825b961282d40fdebc4879_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4198f44ae3438d58a854d4d6e75c1891

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bin\grow\year?s\Csh\trans.pdb

Imports

kernel32

GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameW
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetStdHandle
LoadLibraryW
GetModuleHandleExW
ExitProcess
GetCurrentThreadId
HeapSize
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
LCMapStringW
SetFilePointerEx
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
WriteConsoleW
LocalAlloc
EnumSystemLanguageGroupsA
lstrcatA
lstrcpynA
lstrlenA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
HeapAlloc
WaitForSingleObject
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapFree
CloseHandle
LeaveCriticalSection
EnterCriticalSection
CreateFileW
GetEnvironmentStrings
CreateEventA
WriteFile
GetProcAddress
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetCommandLineA
RaiseException
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetProcessHeap
GetLocalTime

user32

CreateWindowExW
LoadImageA
SetScrollInfo
UpdateWindow
GetDesktopWindow
GetWindowRect
GetDC
ReleaseDC
GetDlgItem
GetDlgItemTextA
GetSubMenu
GetMenuItemID
CreateMenu
CreatePopupMenu
AppendMenuW
SetMenu
GetCursorPos
GetWindowTextA
SetFocus
LoadStringA
SetDlgItemInt
SetScrollPos
FillRect
OffsetRect
SetForegroundWindow
MapWindowPoints
CharLowerA
GetParent
IsWindowEnabled
CopyRect
CallWindowProcA
RedrawWindow
SetWindowPos
GetWindowLongA
SetWindowLongA
GetClientRect
SendMessageA
GetWindowDC
PostQuitMessage
wsprintfA
GetDCEx
GetWindowRgn
GetMenuItemInfoA
GetMenu
DrawFrameControl
DefWindowProcA
EndPaint
BeginPaint
SetCursorPos
SendInput
GetSystemMetrics
InsertMenuItemA

gdi32

BeginPath
GetDeviceCaps
CreateCompatibleBitmap
Polyline
SelectClipRgn
CreateSolidBrush
CreateDIBSection
GdiGradientFill
ExcludeClipRect
SetTextColor
ExtTextOutA
SetBkMode
SetTextJustification
CombineRgn
FillPath
EndPath
Ellipse
GetObjectA
DeleteObject
CreatePatternBrush
TextOutW
MoveToEx
SetTextAlign
GetTextAlign
GetCurrentObject
CreateFontA
GetStockObject
DeleteDC
GetPixel
BitBlt
SelectObject
CreateCompatibleDC

shell32

SHGetMalloc

ole32

StgOpenStorage
ReleaseStgMedium
CoCreateInstance

netapi32

NetShareGetInfo

mpr

WNetOpenEnumA

iphlpapi

GetTcpStatistics
GetRTTAndHopCount
GetUdpStatistics

shlwapi

PathFindExtensionA
PathRemoveFileSpecA
StrCSpnA
StrTrimA
StrCmpNIA
StrToIntA
ChrCmpIA
StrToIntExA
StrChrA

comctl32

CreateStatusWindowW
ord17

pdh

PdhBrowseCountersA
PdhCollectQueryData
PdhAddCounterW

rpcrt4

RpcStringFreeA
UuidFromStringA
UuidToStringA
RpcStringBindingComposeA
RpcBindingFromStringBindingA

uxtheme

GetThemeBackgroundContentRect
CloseThemeData
DrawThemeBackground
IsThemeActive
OpenThemeData
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground

usp10

ScriptStringFree
ScriptStringOut
ScriptStringAnalyse

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4198f44ae3438d58a854d4d6e75c1891

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

netapi32

mpr

iphlpapi

shlwapi

comctl32

pdh

rpcrt4

uxtheme

usp10

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 5KB - Virtual size: 12KB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 129KB - Virtual size: 129KB

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 5KB - Virtual size: 12KB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 129KB - Virtual size: 129KB