a4fc9640800a56b712e1491ef093e3c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a4fc9640800a56b712e1491ef093e3c6_JaffaCakes118
Size

337KB
MD5

a4fc9640800a56b712e1491ef093e3c6
SHA1

5e42c36b1e6241701b85e9176270402de14ee91b
SHA256

400a76dfacd8483e89743c8e413939c27a14c275527a6b3f99e7c49f224e5667
SHA512

c6a67e88778082639d8bb654052e41d5036fa310015fd48261f1c2ad2377480b2140956a6577b5941a10ef53e76ce0f41779597b1394536ec2ddcda96d6016ca
SSDEEP

6144:B3bLhozt8zVd1AjuMWNWXyHlTgd0xJsbFV4n9QS:B3bLhst8xd15MWcX2xMXS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4fc9640800a56b712e1491ef093e3c6_JaffaCakes118

Files

a4fc9640800a56b712e1491ef093e3c6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

76a7018f9da154f1eab9fa5d9b695166

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_SYSTEM

Imports

kernel32

GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
CloseHandle
DecodePointer
GetFileType
LCMapStringW
HeapFree
GetACP
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
GetConsoleWindow
GetDateFormatA
GetTimeFormatA
MultiByteToWideChar
GetVersionExA
CreateFileA
FindResourceExA
GetModuleHandleA
LoadLibraryA
lstrlenW
lstrcpyA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MulDiv
WriteFile
GetStdHandle
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
GetFileTime
EncodePointer
RtlUnwind
GetFileInformationByHandle
SetLastError
GetLastError
RaiseException
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
GetModuleFileNameA
CreateFileW

user32

UnregisterClassA
SendMessageTimeoutA
SendMessageA
RegisterClassA
RegisterWindowMessageA
GetClassInfoA
CreateWindowExA
IsWindow
DestroyWindow
BeginDeferWindowPos
GetDlgItem
SetDlgItemTextA
IsDlgButtonChecked
IsClipboardFormatAvailable
GetFocus
EnableWindow
GetMessagePos
GetSysColor
LoadImageA
DestroyIcon
LoadIconA
LoadCursorA
IsWindowEnabled
GetClassNameA
GetParent
SetWindowLongA
GetWindowLongA
InflateRect
SetRect
LoadBitmapA
GetCursorPos
AdjustWindowRect
GetWindowRect
GetClientRect
GetWindowTextA
SetPropA
SetScrollPos
ScrollWindowEx
GetDC
GetMenuItemInfoA
RemoveMenu
InsertMenuA
GetSubMenu
EnableMenuItem
CheckMenuItem
DestroyMenu

gdi32

CreateFontIndirectA
SetWindowExtEx
Polyline
MoveToEx
EndPage
StartPage
EndDoc
StartDocA
CreateDIBSection
SetTextJustification
SelectObject
SelectClipRgn
LineTo
GetTextCharsetInfo
GetTextExtentExPointA
GetDeviceCaps
GetClipRgn
GetClipBox
DeleteDC
CreateRectRgn
CreatePen
CreateCompatibleDC

advapi32

GetTokenInformation
EqualSid
AllocateAndInitializeSid
GetUserNameW
LsaQueryInformationPolicy
OpenProcessToken

shell32

SHGetFileInfoA

ole32

CoInitialize
CoCreateInstance

wininet

InternetQueryOptionA
InternetOpenUrlW

netapi32

NetApiBufferFree
NetWkstaGetInfo
NetUserModalsGet
NetUserGetInfo

avifil32

AVIStreamSetFormat

shlwapi

UrlUnescapeA
ord597
SHCreateStreamOnFileEx

comctl32

ImageList_ReplaceIcon
ImageList_Add

gdiplus

GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipGetCellDescent
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipDeleteGraphics

opengl32

glMatrixMode
glOrtho
glViewport
glLoadIdentity

glu32

gluLookAt

oleacc

ObjectFromLresult

uxtheme

GetWindowTheme

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76a7018f9da154f1eab9fa5d9b695166

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

wininet

netapi32

avifil32

shlwapi

comctl32

gdiplus

opengl32

glu32

oleacc

uxtheme

Sections

.text Size: 129KB - Virtual size: 128KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 141KB - Virtual size: 140KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 129KB - Virtual size: 128KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 141KB - Virtual size: 140KB

.reloc
Size: 7KB - Virtual size: 6KB