0e4aba6220cf0e88b1492f4e4177d67c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e4aba6220cf0e88b1492f4e4177d67c_JaffaCakes118
Size

500KB
MD5

0e4aba6220cf0e88b1492f4e4177d67c
SHA1

1bab298617c5990bb38712ddb8a3985e14d046c1
SHA256

d1d52c0755ba9ec70d6a0d8e1150cc1c9e1dabc5e17da8bc8c0af47f58c126a4
SHA512

e20f58add5a2703c1db9897e2550033e1107f6b11ce037d41cd3f7698ea6e2963bddcf342b50cd9a59e076b6516d51c13417ba09f471342ce429c8d7f4118e65
SSDEEP

6144:N7zFQ4lxQYnsCyteu9Chkud32k3i4NTIZXRd/G/vSzC4XkxRDH6w7/n+zPvobPJI:DBXRxuqkuNPS4NTI/dG/6NUrDaujbh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e4aba6220cf0e88b1492f4e4177d67c_JaffaCakes118

Files

0e4aba6220cf0e88b1492f4e4177d67c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc3814c28eafa133b86607f9292c6690

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\uesevabe\hte.pdb

Imports

winspool.drv

OpenPrinterA
ord204
ClosePrinter

user32

SetCapture
MessageBoxA
DefWindowProcA
TrackPopupMenu
SetFocus
IsDlgButtonChecked
RegisterClassA
IsWindowVisible
OpenClipboard
DestroyWindow
GetSysColor
GetDlgCtrlID
SetPropA
GetNextDlgTabItem
ShowWindow
CreateDialogIndirectParamA
DrawStateA
PeekMessageA
OffsetRect
GetLastActivePopup
GetSystemMetrics
LoadImageA
DrawTextA
TranslateMessage
GetActiveWindow
CheckMenuItem
GetClipboardData
GetDesktopWindow
GetFocus
PostMessageA
SetWindowTextA
FillRect
SetWindowLongA
DestroyIcon
CreateWindowExA
UpdateWindow
DispatchMessageA
GetPropA
ReleaseCapture
DrawFocusRect
RegisterClassExA

advapi32

RegQueryValueExA
RegOpenKeyExA
GetUserNameW
RegSetValueExW
RegQueryValueExW
CryptReleaseContext
CryptGenRandom
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Remove
ImageList_GetImageCount
ImageList_DrawEx

kernel32

LeaveCriticalSection
DeleteCriticalSection
IsDebuggerPresent
FlushFileBuffers
MultiByteToWideChar
CompareStringW
GetLocaleInfoA
GetVersionExA
HeapAlloc
LCMapStringW
GetEnvironmentStrings
GetLocaleInfoW
LoadLibraryA
GetModuleFileNameA
GetCurrentThread
TerminateProcess
GetConsoleOutputCP
TlsGetValue
VirtualAlloc
TlsFree
GetEnvironmentStringsW
GetCurrentProcess
HeapReAlloc
Sleep
SetFilePointer
UnhandledExceptionFilter
GetConsoleCP
GetCurrentThreadId
HeapCreate
GetCPInfo
CompareStringA
GetOEMCP
InterlockedIncrement
GetACP
GetConsoleMode
IsValidCodePage
CloseHandle
GetProcessHeap
SetLastError
GetTimeFormatA
FatalAppExitA
GetStdHandle
SetConsoleCtrlHandler
GetCurrentProcessId
TlsAlloc
InterlockedExchange
ReadFile
GetProcAddress
RtlUnwind
CreateFileA
GetLastError
GetStartupInfoA
FreeEnvironmentStringsW
WriteFile
GetStringTypeA
GetModuleHandleA
QueryPerformanceCounter
HeapSize
FreeEnvironmentStringsA
SetStdHandle
IsValidLocale
GetCommandLineA
GetUserDefaultLCID
CreateMutexA
GetStringTypeW
GetTimeZoneInformation
HeapFree
GetFileType
HeapDestroy
EnterCriticalSection
GetDateFormatA
ExitProcess
VirtualQuery
SetHandleCount
GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetTickCount
LCMapStringA
InterlockedDecrement
WriteConsoleA
VirtualFree
EnumSystemLocalesA
InitializeCriticalSection
WideCharToMultiByte
FreeLibrary
TlsSetValue
WriteConsoleW
SetUnhandledExceptionFilter

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc3814c28eafa133b86607f9292c6690

Headers

File Characteristics

PDB Paths

Imports

winspool.drv

user32

advapi32

comctl32

kernel32

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 93KB - Virtual size: 93KB

.rsrc Size: 48KB - Virtual size: 48KB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 93KB - Virtual size: 93KB

.rsrc
Size: 48KB - Virtual size: 48KB