b1890a5b75b42402d2f1c340460e62d7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b1890a5b75b42402d2f1c340460e62d7_JaffaCakes118
Size

317KB
MD5

b1890a5b75b42402d2f1c340460e62d7
SHA1

bc6a1a2b547117c2cd4cba545eb456c102952a31
SHA256

6cff63d3a2d066c2f487098310a5f1149e343e90e26f55887ee26b2a73b3ad22
SHA512

b94fee716b9559cdaa44047f1e13d3c330aed4c60099e00e93e2ac4c0f201d7f8093f03b4a5d71c5041a406455717ece825892dbbbf2a79f855c1cfa29d90c0c
SSDEEP

6144:Usyq4yjEuqdfBeobMkHCn3GbRSSMHkRfA93S8CtCeDzU2EuHM7UQA:UsP4yjLqduVn2bRSJk693HCtC8UnuH+y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
b1890a5b75b42402d2f1c340460e62d7_JaffaCakes118

Files

b1890a5b75b42402d2f1c340460e62d7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

76b8bed4f0469f01bd26d5ffef7e1791

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
GetStringTypeW
FlushFileBuffers
HeapReAlloc
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
MultiByteToWideChar
LCMapStringW
GetConsoleMode
GetConsoleCP
RtlUnwind
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetConsoleWindow
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapSize
SetStdHandle
lstrcatA
GetFileType
InitializeCriticalSectionAndSpinCount
ReadFile
CreateFileW
lstrcpyA
lstrcpyW
CloseHandle
OutputDebugStringA
GetModuleHandleA
GetSystemInfo
SetConsoleWindowInfo
LoadLibraryA
GlobalFree
GetProcAddress
lstrcmpiA
GetLastError
GetStdHandle
DeactivateActCtx
CreateEventA
Sleep
LoadLibraryW
GlobalAlloc
FormatMessageA
GetProcessHeap
GetTickCount
FreeEnvironmentStringsA
SetConsoleScreenBufferSize
GlobalLock
GetCurrentProcess
SetHandleCount
WriteFile
GetModuleHandleW
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
WideCharToMultiByte
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
HeapFree
LocalFree
GlobalUnlock
VirtualQuery
GetModuleFileNameW
MulDiv
DeleteCriticalSection
HeapCreate
HeapAlloc
FreeLibrary
lstrlenA
GetACP
ExitProcess

user32

GetDlgItem
GetDesktopWindow
RegisterClassA
SetWindowPos
DestroyIcon
GetMessagePos
GetWindowThreadProcessId
DefWindowProcA
SetWindowLongA
ReleaseDC
GetWindowLongA
EnumPropsA
GetDlgCtrlID
LoadCursorA
FindWindowA
GetCursorPos
MapWindowPoints
IsDlgButtonChecked
DestroyWindow
SetWindowRgn
GetWindowRect
GetPriorityClipboardFormat
PostQuitMessage
IsIconic
FillRect
SetForegroundWindow
LoadIconA
WaitForInputIdle
wsprintfA
FindWindowExA
GetClientRect
SetFocus
SendMessageA
BeginPaint
GetDC
GetQueueStatus
GetForegroundWindow
MessageBoxA

gdi32

SetBkMode
GetGlyphOutlineA
SetTextColor
CreateDIBSection
CreateFontA
GetDeviceCaps
CreateFontIndirectA
TextOutA
DeleteObject
SelectObject
CreateCompatibleDC
CreateRectRgnIndirect
SetPolyFillMode
GetTextMetricsA
GetObjectA
CreateSolidBrush

advapi32

GetLengthSid
GetTokenInformation
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
OpenProcessToken
FreeSid
AllocateAndInitializeSid
LookupAccountNameW

shell32

SHGetFileInfoA
SHBrowseForFolderA
ExtractIconExA
SHQueryRecycleBinA
SHEmptyRecycleBinA
DragQueryFileA

ole32

CoInitialize
CreateBindCtx
GetRunningObjectTable
CoTaskMemFree

oleaut32

SafeArrayGetLBound
VariantClear
VariantCopyInd
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayDestroy
OleLoadPicture
SafeArrayCreate
VariantInit

ws2_32

inet_addr

netapi32

NetServerEnum

userenv

RsopSetPolicySettingStatus

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA
AVIStreamGetFrame
AVIStreamOpenFromFileA
AVIFileInit

shlwapi

PathFindFileNameA
StrFormatByteSizeA
PathFindExtensionW

comctl32

ord17
ImageList_Create
ImageList_ReplaceIcon

gdiplus

GdipAddPathString
GdipGetImageEncodersSize
GdipDeleteFontFamily
GdipDeleteGraphics
GdipCreatePath
GdipCreateFromHWND
GdipDeleteStringFormat
GdipCreatePen1
GdipDeletePath
GdipCreateStringFormat
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipDeletePen

opengl32

glShadeModel
glMatrixMode
glCullFace
glVertex3f
glLoadIdentity
glEnable
glViewport
glClearDepth
glDepthFunc
glClear
glClearColor
glTexCoord2f
glDisable
glBegin

glu32

gluPerspective

setupapi

SetupDiGetDriverInfoDetailA
SetupDiGetSelectedDriverA
SetupDiGetClassDevsA

wtsapi32

WTSEnumerateProcessesA

urlmon

IsValidURL

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76b8bed4f0469f01bd26d5ffef7e1791

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

netapi32

userenv

msvfw32

avifil32

shlwapi

comctl32

gdiplus

opengl32

glu32

setupapi

wtsapi32

urlmon

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 10KB - Virtual size: 18KB

.rsrc Size: 185KB - Virtual size: 184KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 10KB - Virtual size: 18KB

.rsrc
Size: 185KB - Virtual size: 184KB

.reloc
Size: 10KB - Virtual size: 9KB