077e52bf6e10f23881d91d9246dcbf3e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

077e52bf6e10f23881d91d9246dcbf3e_JaffaCakes118
Size

241KB
MD5

077e52bf6e10f23881d91d9246dcbf3e
SHA1

c549c3e84f3c1ba4dcac79bf165340b184fe10f0
SHA256

b6c6fba45965aef5634ab357c3e73dfce7a23f31a5ff9c5458d0c2ab658816f5
SHA512

ef3deeb44b11d1e383c3d48fa2d061dbec0e8885641219a663ca3f73393be327f9fd15615a38a89dfbf9446cd09bb626c11f75ab0f17aab9a949808f8b6619a7
SSDEEP

3072:NfEaiYpqZSrR6vs+xuxep3AAWhxB4ja0LN6msYFbFveIkcUKOYyd6V1UX/Zf:3cZIMPTp33W+jrwYFbFvv86VyvZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
077e52bf6e10f23881d91d9246dcbf3e_JaffaCakes118

Files

077e52bf6e10f23881d91d9246dcbf3e_JaffaCakes118
.exe windows:6 windows x86 arch:x86

bbc53e333f88b0994c37cccf2bd006a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fsquirt.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW

kernel32

InterlockedDecrement
CreateThread
GetCurrentThreadId
CloseHandle
WriteFile
CreateFileW
MulDiv
SetEvent
FormatMessageW
LocalFree
GetFileSizeEx
GetFileAttributesW
CreateDirectoryW
GetTempPathW
FindNextFileW
ResetEvent
WaitForSingleObject
GetProcessHeap
GetLastError
HeapAlloc
HeapFree
lstrlenW
FindFirstFileW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
lstrlenA
GetOverlappedResult
WaitForMultipleObjects
ReadFile
HeapReAlloc
GetModuleFileNameW
DeleteFileW
CreateEventW
FindClose
InterlockedIncrement
RemoveDirectoryW
GetSystemTimeAsFileTime

gdi32

DeleteObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW

user32

GetWindowRect
EnableWindow
GetWindowLongW
GetParent
SendMessageW
SetWindowLongW
PostMessageW
GetDlgItem
SetWindowTextW
SetDlgItemTextW
SendDlgItemMessageW
MapWindowPoints
MessageBoxW
ShowWindow
GetDC
ReleaseDC
KillTimer
LoadStringW
PostThreadMessageW
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
LoadImageW
GetWindowTextLengthW
SetForegroundWindow

msvcrt

__set_app_type
_except_handler4_common
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
__p__fmode
_XcptFilter
memcpy
_exit
_cexit
__getmainargs
malloc
_callnewh
_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
__p__commode
__setusermatherr
_amsg_exit
_acmdln
_ismbblead
exit
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
rand_s
wcschr
wcstoul
_wcsicmp
memset
_vsnwprintf
_initterm
memmove

comctl32

PropertySheetW
InitCommonControlsEx

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHCreateItemFromParsingName
ord190
SHCreateShellItemArrayFromIDLists
ord155
SHBrowseForFolderW
SHCreateItemInKnownFolder
SHGetDesktopFolder
SHBindToParent
SHSetLocalizedName
SHGetFolderPathW
ShellExecuteW
ord258

comdlg32

GetOpenFileNameW
CommDlgExtendedError

shlwapi

PathRemoveFileSpecW
StrStrIA
ord174
StrRetToBufW
PathAppendW
PathAddExtensionW
PathIsDirectoryW
PathFindFileNameW
PathFindExtensionW
PathCombineW
StrFormatByteSizeW

ws2_32

getpeername
ioctlsocket
WSARecv
WSASend
WSAGetOverlappedResult
bind
getsockname
listen
WSASetServiceW
socket
setsockopt
WSAGetLastError
connect
closesocket
WSACleanup
WSAStartup

mswsock

AcceptEx

ole32

PropVariantClear
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoUninitialize
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject

bthprops.cpl

BluetoothAuthenticateDeviceEx
BluetoothEnableDiscovery
BluetoothFindFirstRadio
BluetoothFindRadioClose
BluetoothGetDeviceInfo

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kuevaqc
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bbc53e333f88b0994c37cccf2bd006a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

shell32

comdlg32

shlwapi

ws2_32

mswsock

ole32

bthprops.cpl

Sections

.text Size: 39KB - Virtual size: 38KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 29KB - Virtual size: 30KB

kuevaqc Size: - Virtual size: 4KB

.text
Size: 39KB - Virtual size: 38KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 29KB - Virtual size: 30KB

kuevaqc
Size: - Virtual size: 4KB