b1aef6477d0889d6b869be53ce2f6bd2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1aef6477d0889d6b869be53ce2f6bd2_JaffaCakes118
Size

3.2MB
MD5

b1aef6477d0889d6b869be53ce2f6bd2
SHA1

3f3e910b1a80d89c0994379170bd76c61c9d58af
SHA256

9ed88e4434b51a76071ff5ad23748ce9e2cd67769f7f270128f3129b7bbf42b9
SHA512

3a7aee6f0051a6590fe05847e7ba09bd038a54dcb442dbd68d6182b49579adeea7ee38911f9051d6c96c36d010fd1b5d6218f05886ec522b9672b0b2475d9979
SSDEEP

49152:KtTbeWyf+EwRmFhTwTquNJmG5LIEdtNYVW1YqUcf/A+RKQvRzUUOcZnMsoHE:KwYoQquNtbdtNAqTA+BvF/bJ5YE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1aef6477d0889d6b869be53ce2f6bd2_JaffaCakes118

Files

b1aef6477d0889d6b869be53ce2f6bd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d9019729c435f39dfe382c7670cfa9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\QQPCMatrix\trunk\Output\PacketTool\RunWin10.pdb

Imports

kernel32

RaiseException
DeleteCriticalSection
GetModuleHandleW
InterlockedIncrement
TerminateProcess
SetUnhandledExceptionFilter
GetSystemDirectoryW
FreeResource
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
Process32NextW
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetCPInfo
HeapCreate
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
CreateFileA
GetVersionExW
GlobalLock
FreeLibrary
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
GetCurrentProcess
OpenProcess
lstrcmpiW
ProcessIdToSessionId
LoadLibraryW
WideCharToMultiByte
LoadLibraryExW
InterlockedDecrement
GetLastError
FindResourceExW
LoadResource
LockResource
SizeofResource
lstrlenW
FindResourceW
lstrlenA
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentProcessId
GetLocalTime
GetFileType
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
InterlockedExchange
SetFilePointer
WriteFile
InterlockedCompareExchange
CreateFileW
GetCurrentThreadId
CloseHandle
EnterCriticalSection
InitializeCriticalSection
GetFileAttributesW
GlobalAlloc
ReadFile
GetFileSize
VirtualAlloc
VirtualFree
LoadLibraryA
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
GetVersion
LCMapStringA
HeapAlloc
HeapDestroy

user32

UnregisterClassA
CharNextW
InflateRect
CopyImage
GetDC
ReleaseDC

gdi32

BitBlt
CreateBitmap
StretchBlt
Rectangle
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
GetStockObject
GetObjectW
ExtTextOutW
SetBkColor
DeleteObject
SelectObject
CreatePen
SetTextColor
DeleteDC

advapi32

RegOpenKeyW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CreateProcessAsUserW
DuplicateTokenEx
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW

shell32

SHCreateDirectoryExW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

VarUI4FromStr
OleLoadPicture

shlwapi

PathFileExistsW
StrToIntA

gdiplus

GdipCreateSolidFill
GdipFillRectangleI
GdipFree
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromStream
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipDeleteGraphics
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipCloneBrush
GdipAlloc
GdipDrawImageRectRectI
GdipDeleteBrush
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes

userenv

CreateEnvironmentBlock

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d9019729c435f39dfe382c7670cfa9f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

userenv

Sections

.text Size: 232KB - Virtual size: 230KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.text
Size: 232KB - Virtual size: 230KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB