ad1b5a7e20fe6f100d74ccfaf1201aa0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ad1b5a7e20fe6f100d74ccfaf1201aa0_JaffaCakes118
Size

492KB
MD5

ad1b5a7e20fe6f100d74ccfaf1201aa0
SHA1

9442a8c6f6692a2e08fb99072f13eeaa1ba85525
SHA256

87699d5e90addbea8c647b5b735499b289f6d0570aad9ef1f71804aeb7f9499f
SHA512

037e5be27090afbee4f8ed4185d0c0f56f78d0ca912d8fea3d98466575836e1e0d0aebe333a7a5f15390763542e0cf9177e11c75ad2c94c7969a344b5334bd37
SSDEEP

6144:29YLEZjB5DHX0hE96SKEDQBikAmNYQ8yfrnGsZtKMfp5Nm0G2bHRMvFEK2Xh3FjX:29YLDhmfQFNY9ipLzboG/r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad1b5a7e20fe6f100d74ccfaf1201aa0_JaffaCakes118

Files

ad1b5a7e20fe6f100d74ccfaf1201aa0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c61995520458080e7124d569f0e68d57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\availa\Release\Aero.pdb

Imports

kernel32

VirtualProtect
GetSystemInfo
VirtualQuery
HeapFree
HeapReAlloc
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
HeapSize
Sleep
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
FreeEnvironmentStringsA
GetFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFileAttributesA
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
InterlockedIncrement
WritePrivateProfileStringA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FormatMessageA
LocalFree
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
MulDiv
GlobalAddAtomA
GetCurrentProcessId
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
LoadLibraryA
lstrcmpA
FreeLibrary
GetProcAddress
SetLastError
GlobalLock
GlobalUnlock
FreeResource
DeleteFileA
GlobalAlloc
CreateFileA
CloseHandle
DeviceIoControl
lstrcpyA
TerminateProcess
GetModuleHandleA
WaitForSingleObject
VirtualAlloc
GetSystemDefaultLCID
EnumSystemGeoID
GetWindowsDirectoryA
CreateProcessW
CreateEventA
GlobalFree
GetLocaleInfoA
ExitThread
FindResourceA
SizeofResource
LockResource
CreateThread
LoadResource
CompareStringA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
RaiseException
CompareStringW
InterlockedExchange
GetVersion
GetEnvironmentStrings
lstrlenA

user32

GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
LoadCursorA
GetSysColorBrush
ShowWindow
MoveWindow
IsDialogMessageA
SetDlgItemTextA
DestroyMenu
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenuItemID
GetMenuItemCount
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetSysColor
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
PostThreadMessageA
GetMenuState
EnableMenuItem
CheckMenuItem
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
PostMessageA
PostQuitMessage
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
RegisterClipboardFormatA
UnregisterClassA
GetSubMenu
MessageBeep
DestroyWindow
IsWindow
GetWindowLongA
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
CreateWindowExA
GetCursorPos
SetWindowPos
SetMenuItemInfoA
GetWindowRect
GetDlgItem
SetMenu
GetDC
LoadMenuA
ClientToScreen
GetDesktopWindow
ReleaseDC
GetMenu
InvalidateRect
SetWindowTextA
CheckMenuRadioItem
GetMenuItemInfoA
SetPropA
LookupIconIdFromDirectory
GetClientRect
DrawIcon
GetSystemMenu
GetSystemMetrics
AppendMenuA
EnableWindow
SendMessageA
IsIconic
LoadIconA
CharUpperA
GetClassInfoExA

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
ScaleViewportExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
PlayMetaFile
GetClipBox
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
TranslateCharsetInfo
DeleteDC
GetStockObject
DeleteMetaFile
DeleteEnhMetaFile
BitBlt
GetCurrentObject
GetWinMetaFileBits
SetMapMode
Escape
CreateCompatibleDC
GetEnhMetaFileA
GetTextExtentPoint32A
ExcludeClipRect
UnrealizeObject
GetObjectA
CopyMetaFileA
SetMetaFileBitsEx
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetFileTitleA

winspool.drv

ConnectToPrinterDlg
ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyA
QueryServiceConfigA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
QueryServiceConfig2A
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
QueryServiceStatus

shell32

DragAcceptFiles
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

ord6
ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
StrCmpNIA
PathIsUNCA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
PropVariantCopy
StgCreateDocfile
StringFromGUID2
PropVariantClear
OleUninitialize
CoTaskMemFree
OleInitialize
CoFreeUnusedLibraries
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SafeArrayCreate
SafeArrayAccessData
SysAllocString

opengl32

wglMakeCurrent
wglCreateContext

psapi

GetModuleInformation

pdh

PdhGetFormattedCounterValue
PdhOpenQueryA
PdhAddCounterW
PdhCloseQuery
PdhCollectQueryData

setupapi

SetupDiGetClassDevsA

wtsapi32

WTSQuerySessionInformationA

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c61995520458080e7124d569f0e68d57

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

opengl32

psapi

pdh

setupapi

wtsapi32

Sections

.text Size: 260KB - Virtual size: 257KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 148KB - Virtual size: 304KB

.text
Size: 260KB - Virtual size: 257KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 148KB - Virtual size: 304KB