972a38d24308d47dcf1700a0efa3b9c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

972a38d24308d47dcf1700a0efa3b9c9_JaffaCakes118
Size

379KB
MD5

972a38d24308d47dcf1700a0efa3b9c9
SHA1

e1009307f13b49346b2ee7cb7ea0065bd94069f3
SHA256

8df2efce13a873cfde5a424b0d1c9bdc21056840644d8ee53fb843bfc6a9995e
SHA512

6a26ace7f94578e02ea68e134977af211b089349bcfd944085d8a65fabfe6b12e0b11ca4f8d0f194d4166bae7e021948aa584364b30cdbb56ef4eeb94fa0ecf3
SSDEEP

6144:aq7QUDiOdP8D3drWSpe06awdkJ1vvq7Bah607uxPEQckPlpGPWWOs8d0:aq7QUDiOsdTpe06awdkvuBaIGQ3PlFx0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
972a38d24308d47dcf1700a0efa3b9c9_JaffaCakes118

Files

972a38d24308d47dcf1700a0efa3b9c9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7d58d8d2def02545eb4cb77f4a5d8bbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
HeapAlloc
CreateFileW
GetFileSize
GetProcessHeap
VirtualAlloc
WaitForSingleObject
CreateEventA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
CloseHandle
CreateNamedPipeA
FreeEnvironmentStringsA
LoadLibraryW
ExitProcess
Sleep
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
HeapSize
HeapReAlloc
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
RtlUnwind
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapFree
InterlockedCompareExchange
OpenEventA
SetConsoleCtrlHandler
GetProcessWorkingSetSize
LockResource
FreeEnvironmentStringsW
CreateDirectoryA
ConnectNamedPipe
LocalAlloc
LocalFree
GetPrivateProfileStringA
CreateFileA
WriteFile
EnumSystemCodePagesW
GetLocalTime
GetTimeZoneInformation
TzSpecificLocalTimeToSystemTime
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetTickCount
RaiseException
IsDBCSLeadByte
lstrcmpiA
GetModuleHandleA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
SetLastError
GlobalAlloc
GlobalLock
GlobalReAlloc
GlobalUnlock
GlobalAddAtomA
lstrlenA
lstrcpyA
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetEnvironmentStrings

user32

GetWindowRect
GetDesktopWindow
RegisterWindowMessageA
DispatchMessageA
TranslateMessage
GetMenu
CreateWindowExA
GetDC
ShowWindow
SetWindowLongA
GetMessageA
PeekMessageA
CharNextA
DestroyWindow
GetMenuItemInfoA
EnumWindows
LoadAcceleratorsA
DrawFocusRect
GetCursorInfo
GetWindowLongA
MoveWindow
SetWindowPos
UpdateWindow
SetTimer
KillTimer
SetCapture
IsDlgButtonChecked
GetDlgItem
AttachThreadInput
GetWindow
SendMessageA
IsDialogMessageA
MapWindowPoints
GetClientRect
GetMonitorInfoA
MonitorFromWindow
GetParent
CopyRect
PtInRect
SetForegroundWindow
TrackPopupMenuEx
InsertMenuItemW
DrawMenuBar
GetWindowTextLengthA
GetClassLongA
SetClassLongA
SetActiveWindow
BeginPaint
EndPaint
DrawIconEx
LoadCursorA
RegisterClassExA
LoadIconA
GetSysColorBrush
CreateWindowExW
GetDlgItemTextA
wsprintfA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDialogBaseUnits
SetDlgItemTextA
SendDlgItemMessageA
EnableWindow
GetActiveWindow
CreateDialogParamA
DialogBoxParamA
EndDialog
GetSystemMetrics
LoadImageA
ReleaseCapture
GetCapture
GetForegroundWindow
ReleaseDC
GetWindowDC
PostQuitMessage
DefWindowProcA
GetCursorPos
OffsetRect
SetRect
UnregisterClassA

gdi32

StartDocA
SetDCPenColor
LineTo
MoveToEx
CreateBitmap
SetBkMode
DeleteObject
PatBlt
SelectObject
SetMapMode
CreateHatchBrush
SetBkColor
CreateFontIndirectA
GetObjectA
GetTextExtentPoint32A
CreatePatternBrush
SetTextJustification
SetTextColor
CreateDCA

advapi32

GetSecurityDescriptorGroup
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclA
FreeSid
RevertToSelf
ControlService
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

shell32

ExtractIconExA
SHBrowseForFolderA
SHAppBarMessage

ole32

CoInitialize
GetHGlobalFromStream
CoGetCallContext
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreatePointerMoniker

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsA

comctl32

InitCommonControlsEx

opengl32

glOrtho
glViewport
glMatrixMode
glLoadIdentity

ws2_32

WSAEventSelect
WSAStartup

avifil32

AVIStreamStart
AVIStreamLength

avicap32

capCreateCaptureWindowA

winmm

waveOutWrite
waveOutOpen
waveOutClose
waveOutMessage
waveOutPrepareHeader

version

GetFileVersionInfoSizeA

activeds

ord9

wintrust

IsCatalogFile

gdiplus

GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdiplusStartup
GdipDisposeImage
GdipAlloc
GdipFree

glu32

gluLookAt

imm32

ImmGetCandidateWindow
ImmGetCandidateListW
ImmGetCandidateListCountA

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d58d8d2def02545eb4cb77f4a5d8bbb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

opengl32

ws2_32

avifil32

avicap32

winmm

version

activeds

wintrust

gdiplus

glu32

imm32

Sections

.text Size: 175KB - Virtual size: 174KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 147KB - Virtual size: 146KB

.text
Size: 175KB - Virtual size: 174KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 147KB - Virtual size: 146KB