0bc5321e0ae2258d5d88c3e8ffa2c870_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0bc5321e0ae2258d5d88c3e8ffa2c870_JaffaCakes118
Size

246KB
MD5

0bc5321e0ae2258d5d88c3e8ffa2c870
SHA1

1aa67fab4e7b350b2b0d07095fa350864fb8eb22
SHA256

412e9acefd8dcebffcf44063e830055c9808615616e511a8e547b4fe83ab3378
SHA512

955d5fcbfaa00b858047e26ece1cfd6e2771eef4b81ab6c181fd43c8d8c85c04ee2eaea37a8e83165cac2a7d1426843d8222b51347fed46a57a46d7511168988
SSDEEP

6144:74vbHYyd2VxMdP215vitUBlEUAnvRSeS0UgOqIlnu:eLJsIoBy12gOqOu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bc5321e0ae2258d5d88c3e8ffa2c870_JaffaCakes118

Files

0bc5321e0ae2258d5d88c3e8ffa2c870_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c680cdecb19802e3d78dffb0c25e251

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
GetModuleFileNameExA
EnumProcesses

gdi32

MoveToEx
GetTextExtentPoint32W
CreateFontIndirectW
DeleteDC
CreateSolidBrush
SetBkMode
CreatePen
SetTextColor
GetStockObject
SetBkColor
BitBlt
SetTextJustification
LineTo
GetTextMetricsW
CreateCompatibleDC
DeleteObject
GetObjectW
GetCurrentObject
CreateCompatibleBitmap
SelectObject

shell32

ShellExecuteW
SHGetFolderPathW

comctl32

InitCommonControlsEx

advapi32

AdjustTokenPrivileges
RegCloseKey
RegQueryValueExW
LookupPrivilegeValueW
RegOpenKeyExW
GetUserNameW
OpenProcessToken

user32

GetDesktopWindow
GetSysColor
SetCursor
SetWindowPos
ClientToScreen
GetWindowLongW
GetClientRect
GetParent
GetCursorPos
LoadCursorW
ExitWindowsEx
DrawTextW
CopyRect
MessageBoxW
SendMessageW
FindWindowW
ScreenToClient
IsWindow
RedrawWindow
SetWindowLongW
FillRect
IsWindowVisible
GetWindowRect
PostMessageW
SetForegroundWindow
EnableWindow
PtInRect
SystemParametersInfoW
GetPropW
SetPropW
GetAncestor
RemovePropW

shlwapi

PathFindFileNameW

kernel32

FindClose
GetModuleHandleW
WriteFile
GetProcessTimes
FindNextFileW
UnmapViewOfFile
FreeLibrary
MapViewOfFile
LeaveCriticalSection
CreateProcessW
FormatMessageA
SetLastError
OpenFileMappingW
CreateThread
VirtualQuery
GetCommandLineW
OpenEventW
SetFilePointer
ReleaseMutex
OpenProcess
GetCurrentThreadId
DeleteFileW
ResetEvent
CreateFileW
OpenMutexW
FindFirstFileW
CreateMutexW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
CreateDirectoryW
EnterCriticalSection
GetLocalTime
CloseHandle
IsDebuggerPresent
DeleteCriticalSection
WaitForSingleObject
SetErrorMode
VirtualAllocEx

oleaut32

SysAllocString
SysFreeString

mscms

CreateProfileFromLogColorSpaceW
UnregisterCMMA
CreateProfileFromLogColorSpaceA
GetStandardColorSpaceProfileW
InstallColorProfileA
CheckBitmapBits

comuid

DllUnregisterServer
DllCanUnloadNow

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.AHC
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QlWd
Size: 1024B - Virtual size: 691B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kg
Size: 512B - Virtual size: 419B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Lm
Size: 1024B - Virtual size: 603B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BsTAyR
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gWDnqf
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bqbOIQ
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zoav
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ekIcMu
Size: 512B - Virtual size: 286B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vWK
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c680cdecb19802e3d78dffb0c25e251

Headers

DLL Characteristics

File Characteristics

Imports

psapi

gdi32

shell32

comctl32

advapi32

user32

shlwapi

kernel32

oleaut32

mscms

comuid

Sections

.text Size: 16KB - Virtual size: 16KB

.AHC Size: 512B - Virtual size: 428B

.QlWd Size: 1024B - Virtual size: 691B

.kg Size: 512B - Virtual size: 419B

.Lm Size: 1024B - Virtual size: 603B

.BsTAyR Size: 1KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 3KB

.gWDnqf Size: 1KB - Virtual size: 2KB

.bqbOIQ Size: 2KB - Virtual size: 3KB

.zoav Size: 1024B - Virtual size: 1024B

.data Size: 212KB - Virtual size: 379KB

.ekIcMu Size: 512B - Virtual size: 286B

.vWK Size: 512B - Virtual size: 420B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 16KB

.AHC
Size: 512B - Virtual size: 428B

.QlWd
Size: 1024B - Virtual size: 691B

.kg
Size: 512B - Virtual size: 419B

.Lm
Size: 1024B - Virtual size: 603B

.BsTAyR
Size: 1KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 3KB

.gWDnqf
Size: 1KB - Virtual size: 2KB

.bqbOIQ
Size: 2KB - Virtual size: 3KB

.zoav
Size: 1024B - Virtual size: 1024B

.data
Size: 212KB - Virtual size: 379KB

.ekIcMu
Size: 512B - Virtual size: 286B

.vWK
Size: 512B - Virtual size: 420B

.rsrc
Size: 3KB - Virtual size: 2KB