0ab2bcb10689dee66447f6f54f8d35be_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ab2bcb10689dee66447f6f54f8d35be_JaffaCakes118
Size

563KB
MD5

0ab2bcb10689dee66447f6f54f8d35be
SHA1

2f3191cf0ec29bb97e5ed9ca7d0008fcd21d9770
SHA256

14081622b9e2b63dc2809b92775a1abe7341c04a8b27dedd6cafe29c5f805b57
SHA512

b3cf3014f89c0a5f06540872b2e86a3ed9bcb3a1eb112a68ccac4f456e5c4aa1b049f793fd987fd16c549e7b6daafe4b5089034a385728806fe7cf14bfb41943
SSDEEP

12288:Fvkqg3wbyCkwGM3NSKJk/jiUXGwTP89FV0R30QlbSLPrrGdgc8sADnqCGy:FrkmyCkw53k3GCP4FV0dXl2LjSdgcKqi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ab2bcb10689dee66447f6f54f8d35be_JaffaCakes118

Files

0ab2bcb10689dee66447f6f54f8d35be_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2da9090feb3b5ad189a8a38d81052da5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetDiskFreeSpaceA
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
LocalFree
DeleteFileA
CreateThread
LoadLibraryW
InterlockedDecrement
FindFirstFileW
LoadLibraryExW
FindClose
FindNextFileW
ExpandEnvironmentStringsW
lstrlenA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetProcessHeap
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetSystemTimeAsFileTime
LoadLibraryA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetFileAttributesA
IsValidCodePage
GetOEMCP
GetACP
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetHandleCount
HeapSize
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
GetFileType
VirtualAlloc
VirtualFree
HeapCreate
GetStringTypeW
ResetEvent
CopyFileA
GetProcAddress
GetLastError
CreateDirectoryA
MultiByteToWideChar
MulDiv
GetExitCodeProcess
CreateEventA
Sleep
TerminateThread
OpenProcess
GetWindowsDirectoryA
SetEvent
WaitForSingleObject
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
GetSystemDirectoryA
WideCharToMultiByte
LocalFileTimeToFileTime
CloseHandle
SetFileAttributesA
SetFileTime
CreateFileA
DosDateTimeToFileTime
LCMapStringA
LCMapStringW
GetCPInfo
RaiseException
RemoveDirectoryA
HeapReAlloc
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
GetModuleHandleW
ResumeThread
ExitThread
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
ReadFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindNextFileA
FindFirstFileA
CreateFileW
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
TerminateProcess

user32

ReleaseDC
EndDeferWindowPos
DestroyIcon
SetWindowTextW
DialogBoxParamA
EnableWindow
LoadStringW
SetWindowLongA
CharLowerA
EndPaint
GetClassNameA
SetTimer
GetWindowRect
SendDlgItemMessageA
FillRect
DrawTextW
KillTimer
DrawTextA
DrawIconEx
DialogBoxParamW
GetClientRect
SendMessageA
MapWindowPoints
BeginPaint
GetDC
DrawFocusRect
GetWindowTextA
GetWindowLongA
GetWindowTextW
CreateWindowExA
GetClassNameW
RegisterWindowMessageA
IsWindowUnicode
GetDlgItem
EndDialog
GetDesktopWindow
GetSysColor
SetWindowPos
EnumChildWindows
ShowWindow
GetSysColorBrush
IsDlgButtonChecked
IsWindow
PostMessageA
AdjustWindowRectEx
DeferWindowPos
MessageBoxW
BeginDeferWindowPos
GetSystemMetrics
SetWindowTextA
LoadImageA
SendMessageW

gdi32

GetTextExtentPoint32W
SetTextColor
DeleteDC
CreateFontA
GetDeviceCaps
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateFontW
GetTextMetricsA
GetObjectA
GetStockObject
CreateSolidBrush
BitBlt

advapi32

RegOpenKeyA
SaferCloseLevel
RegDeleteKeyA
SaferComputeTokenFromLevel
RegCloseKey
SaferCreateLevel
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
CreateProcessAsUserA

shell32

SHChangeNotify
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA
SHBrowseForFolderW

ole32

CoInitialize
CoUninitialize
StringFromGUID2
CoInitializeSecurity
CoCreateGuid
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

Sections

.text
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2da9090feb3b5ad189a8a38d81052da5

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 379KB - Virtual size: 378KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 7KB - Virtual size: 21KB

.rsrc Size: 31KB - Virtual size: 31KB

.text
Size: 379KB - Virtual size: 378KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 7KB - Virtual size: 21KB

.rsrc
Size: 31KB - Virtual size: 31KB