057439eaab3a7a19b0410e3046eb7700_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

057439eaab3a7a19b0410e3046eb7700_JaffaCakes118
Size

596KB
MD5

057439eaab3a7a19b0410e3046eb7700
SHA1

9bacd89c79375dd95652fa58e5b5e74440b3b226
SHA256

141446c738aa9c07d3f0f02b2c0bb20feb16bdaecbb6f20da4c4c41ff372e687
SHA512

e5eba6eaef8a29a2bc2e136fdbb1155cba152a91c627582560d406dec01be8755f9339e581fb25b0cf4d82ce72f511009c3b523c22f387ff6db743461fba63b4
SSDEEP

12288:MclrWTbr8Qw8NO3lOa3x93Qgv2nwywH3zEIwNNysx6Tr2Ad:2Tbrpw8I3lNvQYUBwHvqATS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
057439eaab3a7a19b0410e3046eb7700_JaffaCakes118

Files

057439eaab3a7a19b0410e3046eb7700_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a92f5b3a9a29001cd114991c304fa527

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\sehx\edf

Imports

advapi32

LookupPrivilegeValueA
CryptGetKeyParam
RegCreateKeyW
RegOpenKeyExA
InitiateSystemShutdownW
CryptImportKey
StartServiceA
CryptDestroyKey
CryptGetUserKey
RegCreateKeyExW
RegLoadKeyA
LookupPrivilegeNameW
RegNotifyChangeKeyValue
GetUserNameA
RegReplaceKeyW
CryptEnumProviderTypesW
CryptEnumProvidersW
DuplicateTokenEx
RegFlushKey
RegLoadKeyW

kernel32

EnumSystemLocalesW
GetVersionExA
SetEnvironmentVariableW
VirtualFree
Sleep
HeapAlloc
GetDateFormatA
GetEnvironmentStringsW
DeleteCriticalSection
GetFileType
FreeEnvironmentStringsW
GetDiskFreeSpaceExA
EnterCriticalSection
GetOEMCP
GetModuleHandleA
EnumDateFormatsExW
SystemTimeToTzSpecificLocalTime
GetCommandLineW
InitializeCriticalSection
lstrcmpW
GetTimeFormatA
GetTimeZoneInformation
lstrcpynW
WaitForMultipleObjects
SetFileTime
IsDebuggerPresent
GetACP
UnhandledExceptionFilter
GetLocaleInfoA
SetConsoleCP
SetComputerNameA
GetProcAddress
IsValidCodePage
OpenMutexA
WriteConsoleA
IsValidLocale
GetSystemDefaultLCID
RaiseException
GetCPInfo
LCMapStringA
WaitCommEvent
GetEnvironmentStrings
HeapFree
SetConsoleTextAttribute
GetModuleFileNameW
CreateEventA
CreateFileA
InterlockedDecrement
GetCurrentThread
GetSystemTimeAsFileTime
EnumDateFormatsA
InterlockedExchange
lstrcmpi
lstrcmpA
CompareStringW
TlsSetValue
VirtualProtectEx
GlobalAddAtomA
HeapDestroy
HeapSize
CloseHandle
SetHandleCount
GetCurrentThreadId
GetCurrentProcessId
SetLocaleInfoA
ExitThread
LocalFileTimeToFileTime
WideCharToMultiByte
ConvertDefaultLocale
FillConsoleOutputAttribute
SetLastError
TlsGetValue
GetTickCount
CreateWaitableTimerA
TlsFree
GetStartupInfoW
GetSystemTimeAdjustment
CreateThread
FreeEnvironmentStringsA
lstrcpyA
VirtualAllocEx
VirtualQuery
ReadConsoleOutputCharacterW
CreateFileW
SetEnvironmentVariableA
CreateFileMappingW
FlushFileBuffers
MultiByteToWideChar
InterlockedIncrement
FlushInstructionCache
SetStdHandle
WritePrivateProfileStructA
GetStringTypeA
SetLocaleInfoW
RemoveDirectoryA
CreateMutexA
GetStartupInfoA
GetProcessHeaps
GetFileTime
FileTimeToSystemTime
FreeLibrary
GetStringTypeExA
GetModuleFileNameA
EnumSystemLocalesA
CompareStringA
WriteFile
SetFilePointer
LCMapStringW
TerminateProcess
GetProcessHeap
WriteConsoleW
GetExitCodeProcess
ReadFile
WaitForSingleObject
GetLastError
LocalCompact
GetConsoleOutputCP
HeapReAlloc
GetCalendarInfoA
GetUserDefaultLCID
SetConsoleCtrlHandler
TransmitCommChar
GetLocaleInfoW
GetNamedPipeHandleStateA
GetConsoleCP
TlsAlloc
RtlUnwind
HeapCreate
ExitProcess
GetConsoleMode
VirtualAlloc
GetCurrentProcess
GlobalFix
GetCommandLineA
SetUnhandledExceptionFilter
GetStdHandle
CreateNamedPipeA
QueryPerformanceCounter
GetConsoleTitleA
LoadLibraryA
WriteConsoleOutputA
GetStringTypeW
GetNumberFormatW
GetLogicalDrives
LeaveCriticalSection
FindClose

user32

ShowWindow
TileChildWindows
DefMDIChildProcA
EndDialog
FlashWindowEx
GetClassInfoW
InsertMenuItemW
RegisterClipboardFormatW
GetKeyboardType
InsertMenuW
TranslateMessage
ReleaseDC
DestroyCaret
SendMessageW
AttachThreadInput
GetNextDlgGroupItem
DrawTextA
EnumDisplaySettingsExW
PeekMessageA
RegisterClassA
EnumDisplaySettingsW
RedrawWindow
GetClassLongA
DestroyWindow
SetKeyboardState
MsgWaitForMultipleObjects
RegisterClassExA
GetTabbedTextExtentW

comctl32

InitMUILanguage
ImageList_Destroy
ImageList_BeginDrag
CreateUpDownControl
DrawStatusTextW
ImageList_GetFlags
ImageList_DragShowNolock
ImageList_Merge
ImageList_Remove
ImageList_Read
ImageList_DrawEx
CreateMappedBitmap
ImageList_SetFlags
ImageList_DragLeave
_TrackMouseEvent
ImageList_Create
InitCommonControlsEx
ImageList_DrawIndirect
ImageList_Add
ImageList_Duplicate
ImageList_GetDragImage
ImageList_DragMove
ImageList_GetImageInfo

shell32

ShellExecuteExW

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a92f5b3a9a29001cd114991c304fa527

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

comctl32

shell32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 252KB - Virtual size: 249KB

.data Size: 120KB - Virtual size: 145KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 252KB - Virtual size: 249KB

.data
Size: 120KB - Virtual size: 145KB

.rsrc
Size: 20KB - Virtual size: 18KB