08099b85d44f8c099342f4d1fa480fb6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08099b85d44f8c099342f4d1fa480fb6_JaffaCakes118
Size

214KB
MD5

08099b85d44f8c099342f4d1fa480fb6
SHA1

5a5c216c75fa47221c30dd2cd6d54455a45557b5
SHA256

9a1dc89eb4ea68804a4bbeecd43d1732f0c82e11b8de532ced5eb7ea6b75bb4b
SHA512

ea75a6c687b19a07f564115166763fd567d1eb2df1b5b38ef8feb8a929ee83c384d341fd6c4e343c8dea5bb7e435f3c8d5aca1aa552c5e054c8a0ecb7358b689
SSDEEP

3072:sPkaGqJ2h3IJRos6tvt3FF/mNUlmI8rCGe56WNVaA3gm5crz:sPxGqJ2ljxFsNUlb8GG5scAwpz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08099b85d44f8c099342f4d1fa480fb6_JaffaCakes118

Files

08099b85d44f8c099342f4d1fa480fb6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

49c06f71b8399dd0a255c402ef1e1b2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrA
StrToIntA
StrStrIA
wnsprintfA
StrNCatA

rpcrt4

UuidToStringA
UuidCreate

kernel32

CreateThread
GetLocalTime
GetVersionExA
lstrcpyA
GetTickCount
GetCurrentProcessId
MoveFileExA
GetExitCodeProcess
lstrcatA
GetModuleFileNameA
WinExec
GetTempPathA
GetFileAttributesA
FindFirstFileA
FindClose
FindNextFileA
GetModuleHandleA
ExitProcess
GetLastError
CreateMutexA
MultiByteToWideChar
LocalAlloc
LocalFree
OpenProcess
TerminateProcess
GetFullPathNameA
DosDateTimeToFileTime
SetFileTime
GetFileTime
LocalFileTimeToFileTime
RtlUnwind
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
Sleep
FreeEnvironmentStringsA
GetStdHandle
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
LeaveCriticalSection
EnterCriticalSection
RaiseException
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
HeapSize
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
ReadFile
GetConsoleCP
GetConsoleMode
SetFilePointer
GetStringTypeA
GetStringTypeW
CreateDirectoryA
lstrlenA
DeleteFileA
LoadLibraryA
GetProcAddress
GetCurrentProcess
FreeLibrary
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
CreateFileA
CloseHandle
CreateToolhelp32Snapshot
Process32Next
Process32First
lstrcpynA
GetLocaleInfoA
SetEndOfFile
GetEnvironmentStrings

user32

GetDlgItem
FillRect
EnableWindow
DrawTextA
SetWindowTextA
GetWindowDC
DrawFocusRect
GetDlgCtrlID
SetCursor
SetFocus
EndPaint
GetKeyState
GetFocus
LoadBitmapA
PeekMessageA
IsWindowEnabled
BeginPaint
GetDC
GetWindowTextA
SetWindowLongA
InvalidateRect
ReleaseDC
PostMessageA
UpdateWindow
DestroyWindow
keybd_event
GetMessageA
GetWindowRect
RegisterClassExA
PostQuitMessage
LoadIconA
GetClientRect
SendMessageA
IsDialogMessageA
TranslateMessage
MapVirtualKeyA
MessageBoxA
GetWindowLongA
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
DispatchMessageA
SystemParametersInfoA
LoadCursorA
MoveWindow
ExitWindowsEx
GetWindowThreadProcessId
EnumWindows
GetClassNameA
GetParent
RedrawWindow

gdi32

CreateSolidBrush
BitBlt
SetTextColor
DeleteDC
CreateFontA
SetBkMode
DeleteObject
SetBkColor
CreateCompatibleDC
GetTextExtentPointA
GetObjectA
GetStockObject
TextOutA
SelectObject
CreateDIBitmap

advapi32

RegEnumKeyA
FreeSid
AllocateAndInitializeSid
RegOpenKeyExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegQueryValueExA
OpenProcessToken
RegSetValueExA
RegDeleteKeyA
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueA
SetFileSecurityA
AdjustTokenPrivileges
CheckTokenMembership

shell32

ShellExecuteExA
ShellExecuteA
SHGetFolderPathA

ole32

CoTaskMemAlloc

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 821KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49c06f71b8399dd0a255c402ef1e1b2a

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 14KB - Virtual size: 22KB

.cdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 821KB - Virtual size: 820KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 14KB - Virtual size: 22KB

.cdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 821KB - Virtual size: 820KB

.reloc
Size: 13KB - Virtual size: 13KB