0cd8f7e4432c91ba264ec83b0bb244c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0cd8f7e4432c91ba264ec83b0bb244c9_JaffaCakes118
Size

469KB
MD5

0cd8f7e4432c91ba264ec83b0bb244c9
SHA1

77990831a8f2f895df1556497455a3fd58266c08
SHA256

46d521c9eced50d4d96280d0c6d1414278448c48c1988a6c2c330e8ba81c8a6e
SHA512

940b286827e8c668a52f8e959d393af409f789adedb7f462ecdcd981eeaf89f5055f3ce61d7c5b07403090116d1474354baaef4df6425c3caccdc999a8277ba8
SSDEEP

12288:GykoH1OpYIk8KhajrzGr+1eUOVrnaj7QN:GigZWhajPGrIOVrnaj7Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cd8f7e4432c91ba264ec83b0bb244c9_JaffaCakes118

Files

0cd8f7e4432c91ba264ec83b0bb244c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e6ff04c8e8121acc68e1f96e9340eb37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
ExpandEnvironmentStringsW
UnhandledExceptionFilter
GetSystemDefaultUILanguage
GetCurrentDirectoryW
FindFirstFileW
lstrlenA
lstrlenW
CreateEventW
CloseHandle
SetErrorMode
FindClose
FreeResource
GetVolumeInformationW
CreateFileW
TlsGetValue
GetCurrentThreadId
GetModuleHandleW
GetModuleFileNameW
DeleteFileW
DeleteCriticalSection
lstrcmpW
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
FreeLibraryAndExitThread
GetFileAttributesW
GlobalLock
TlsAlloc
GetProfileStringW
GlobalAlloc
SetUnhandledExceptionFilter
GetACP
LockResource
GetCurrentProcessId
TerminateProcess
GetShortPathNameW
LoadLibraryW
GetModuleHandleA
LocalSize
SizeofResource
GetUserDefaultLCID
WideCharToMultiByte
LocalReAlloc
InterlockedCompareExchange
GlobalReAlloc
GetSystemTimeAsFileTime
lstrcmpiW
TlsSetValue
lstrcpynW
SetCurrentDirectoryW
TlsFree
EnterCriticalSection
DisableThreadLibraryCalls
GetTickCount
FindNextFileW
ResetEvent
LocalFree
LeaveCriticalSection
FormatMessageW
MulDiv
WaitForSingleObject
CreateThread
GlobalFree
GetFullPathNameW
GetLastError
FindResourceW
GetProcessVersion
GetTempFileNameW
GetCurrentProcess
InterlockedExchange
SetEvent
GetProcAddress
GetVersionExA
lstrcpyW
DelayLoadFailureHook
GetLocaleInfoW
QueryPerformanceCounter
SetLastError
LoadLibraryA
GetDriveTypeW
InterlockedIncrement
FreeLibrary
LoadResource
LocalAlloc
FindResourceA
GlobalUnlock
lstrcpyA
FindResourceExW

comctl32

CreateToolbarEx
ImageList_Draw
ImageList_Destroy
CreatePropertySheetPageW
InitCommonControlsEx
ImageList_GetIconSize
PropertySheetW

shlwapi

StrDupW
PathFindFileNameW
StrChrW
PathGetDriveNumberW
StrRChrW
PathFileExistsW
StrCmpNIW
SHOpenRegStream2W
PathIsUNCW
wvnsprintfW
StrRetToBufW
SHRegGetBoolUSValueW
UrlIsW
SHRegGetValueW
PathRemoveBlanksW
StrCmpW
PathAddBackslashW
PathCombineW
PathMatchSpecW
StrCmpIW
StrStrW
PathIsRootW
wnsprintfW
PathFindExtensionW
PathSkipRootW

user32

IsWindowVisible
GetDlgCtrlID
GetWindowLongW
GetPropW
CheckDlgButton
IsDlgButtonChecked
DestroyWindow
CreateDialogIndirectParamW
SetFocus
MsgWaitForMultipleObjects
InvalidateRect
GetFocus
DefWindowProcW
EnableWindow
ShowCursor
KillTimer
InflateRect
GetDlgItemTextA
RegisterWindowMessageA
ShowWindow
GetSysColorBrush
PeekMessageW
LoadCursorW
DrawFocusRect
LoadAcceleratorsW
DrawTextW
SetDlgItemInt
CreateDialogIndirectParamA
GetDC
RedrawWindow
TranslateMessage
SetWindowPlacement
BeginPaint
ValidateRect
IntersectRect
SetCursor
RegisterWindowMessageW
GetKeyboardLayout
SetDlgItemTextW
LoadImageW
CharPrevW
ClipCursor
EndPaint
LockWindowUpdate
SetDlgItemTextA
GetSystemMetrics
FillRect
RegisterClipboardFormatW
DrawEdge
UnhookWindowsHookEx
EndDialog
GetWindowLongA
CharNextA
CreatePopupMenu
DestroyMenu
GetDlgItemTextW
MessageBeep
DialogBoxIndirectParamAorW
CreateWindowExW
RemovePropW
DeferWindowPos
IsWindowEnabled
GetWindow
EnumChildWindows
ScreenToClient
CheckRadioButton
GetClientRect
CharNextW
SetCapture
CallNextHookEx
PostMessageW
MoveWindow
SetTimer
TranslateAcceleratorW
GetDialogBaseUnits
LoadIconW
ChildWindowFromPoint
SetWindowPos
CallWindowProcW
WinHelpW
SetWindowTextW
GetWindowTextLengthW
DlgDirListW
GetWindowPlacement
DrawIcon
GetSysColor
ReleaseDC
GrayStringW
GetWindowTextW
PtInRect
DispatchMessageW
CharLowerW
IsWindow
GetWindowRect
EndDeferWindowPos
SetParent
GetParent
CopyRect
MapWindowPoints
SetPropW
UpdateWindow
SendMessageW
MessageBoxW
GetSystemMenu
SetWindowsHookExW
BeginDeferWindowPos
LoadStringW
GetDlgItemInt
DeleteMenu
FrameRect
SetWindowLongW
GetKeyState
SendDlgItemMessageW
DialogBoxIndirectParamW
FindWindowExW
GetDlgItem
GetLastActivePopup
EqualRect
CreateDialogIndirectParamAorW

ntdll

_wcsicmp
RtlUnicodeStringToAnsiString
RtlInitUnicodeStringEx
RtlUnicodeToMultiByteSize
RtlUnwind
wcslen
memmove
NtAllocateVirtualMemory
NtQueryVirtualMemory
RtlAnsiStringToUnicodeString
_chkstk
RtlIsNameLegalDOS8Dot3

msasn1

ASN1_CreateDecoder

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SheChangeDirExW
SHGetMalloc
SHCreateShellItem
SHGetFileInfoW
SHAddToRecentDocs
SHGetFolderLocation
SHBindToParent
SHGetSpecialFolderLocation

gdi32

GetNearestColor
CreateSolidBrush
EnumFontFamiliesExW
Rectangle
TextOutW
CreatePen
GetObjectW
DeleteObject
GetViewportExtEx
CreateCompatibleDC
CreateICW
SetTextColor
CreateFontIndirectW
DeleteDC
GetWindowExtEx
SetMapMode
LineTo
ExcludeClipRect
BitBlt
GetDeviceCaps
GetTextMetricsW
TranslateCharsetInfo
GetTextExtentPointW
CreateDIBitmap
PatBlt
GetTextCharsetInfo
CreateDCW
SetViewportExtEx
GetMapMode
SelectClipRgn
GetCharWidth32W
ExtTextOutW
CreateCompatibleBitmap
SetBkMode
SetBkColor
CreateDiscardableBitmap
CreateRectRgnIndirect
GetTextCharset
CreateFontW
SelectPalette
RealizePalette
SelectObject
MoveToEx
GetStockObject
SetWindowExtEx

advapi32

RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegQueryValueW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 420KB - Virtual size: 984KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e6ff04c8e8121acc68e1f96e9340eb37

Headers

File Characteristics

Imports

kernel32

comctl32

shlwapi

user32

ntdll

msasn1

shell32

gdi32

advapi32

Sections

.text Size: 27KB - Virtual size: 27KB

.reloc Size: 512B - Virtual size: 20B

.data Size: 420KB - Virtual size: 984KB

.rsrc Size: 14KB - Virtual size: 14KB

.rdata Size: 5KB - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 27KB

.reloc
Size: 512B - Virtual size: 20B

.data
Size: 420KB - Virtual size: 984KB

.rsrc
Size: 14KB - Virtual size: 14KB

.rdata
Size: 5KB - Virtual size: 4KB