0e9e14738a3417a2494d17438972ed59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e9e14738a3417a2494d17438972ed59_JaffaCakes118
Size

1.1MB
MD5

0e9e14738a3417a2494d17438972ed59
SHA1

8fb5ee3272b7bbc55df08a3c535855afbe6fa49f
SHA256

8ec06d2d1c8f8de4c948864a1c5991aaa3f50ce04a058fe8082e2bb5eca6a18e
SHA512

589ee0394c06c7d9e4983ef8ebe9ee29c832723163b3bd3a8c8dd557a180187e4681824cb4f338ec79d4b1be923bd123a24596ef454eec7e23e28688b4a0716f
SSDEEP

24576:Q9YM6RWENmvmC7pbln8V/hZVBqIAHMtcj:APREcvmmbluZZVBqIv6j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e9e14738a3417a2494d17438972ed59_JaffaCakes118

Files

0e9e14738a3417a2494d17438972ed59_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2bea9db9db3592ac66fdd8abfcaf3f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
GetCommandLineA
GetCurrentProcess
DeleteFileA
GetTempPathA
lstrcatA
GetSystemDirectoryA
OpenEventA
ReadFile
IsBadCodePtr
LoadLibraryExA
IsDBCSLeadByte
lstrcmpiA
GetTickCount
SetStdHandle
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
SizeofResource
FindResourceA
LoadResource
lstrcpyA
GetModuleFileNameA
GetShortPathNameA
FreeLibrary
LoadLibraryA
GetProcAddress
GetLocalTime
GetModuleHandleA
GetLastError
CompareStringW
CompareStringA
lstrlenA
HeapSize
InterlockedIncrement
GetVersionExA
lstrcpynA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
ResetEvent
GetCurrentThreadId
CloseHandle
WaitForMultipleObjects
EnterCriticalSection
CreateEventA
CreateThread
WaitForSingleObject
LeaveCriticalSection
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
LCMapStringW
LCMapStringA
SetEvent
GetSystemInfo
FormatMessageA
TerminateProcess
GetSystemTime
VirtualAlloc
VirtualFree
Sleep
HeapCreate
SetEnvironmentVariableA
SetEndOfFile
ExitProcess
IsBadReadPtr
GetVersion
GetStartupInfoA
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
CreateDirectoryA
GetFullPathNameA
LocalFree
GetTimeZoneInformation
GetFileSize
GetUserDefaultLCID
OpenFile
RtlUnwind
RaiseException
DeviceIoControl
ExpandEnvironmentStringsA
WinExec
GetWindowsDirectoryA
GetFileAttributesA
FlushFileBuffers
GetFileTime
CompareFileTime
SetFilePointer
CreateFileA
WriteFile
DefineDosDeviceA
QueryDosDeviceA
InterlockedExchange

user32

CharToOemA
GetMessageA
SetTimer
KillTimer
MessageBoxA
MsgWaitForMultipleObjects
LoadStringA
CharNextA
GetThreadDesktop
DefWindowProcA
DispatchMessageA
RegisterClassExA
CreateWindowExA
PostThreadMessageA
GetDesktopWindow
GetProcessWindowStation
SetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
CloseDesktop
CloseWindowStation
wsprintfA
PeekMessageA

advapi32

RegQueryValueExA
DeregisterEventSource
StartServiceCtrlDispatcherA
DeleteService
CreateServiceA
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceStatus
RegisterServiceCtrlHandlerA
RegisterEventSourceA
OpenSCManagerA
OpenServiceA
ControlService
StartServiceA
QueryServiceStatus
CloseServiceHandle
RegQueryInfoKeyA
RegSetValueExA
RegEnumValueA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
ReportEventA

ole32

StringFromGUID2
CoTaskMemRealloc
CoSuspendClassObjects
CoResumeClassObjects
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoUninitialize
CoRevokeClassObject
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoInitializeSecurity
CoRegisterClassObject

oleaut32

VariantClear
LoadTypeLi
RegisterTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString
SysAllocStringLen

setupapi

SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiSetClassInstallParamsA
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdA
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList

wsock32

htonl
htons

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 852KB - Virtual size: 848KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 100KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f2bea9db9db3592ac66fdd8abfcaf3f1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

setupapi

wsock32

version

Sections

.text Size: 852KB - Virtual size: 848KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 100KB - Virtual size: 107KB

.rsrc Size: 124KB - Virtual size: 124KB

.text
Size: 852KB - Virtual size: 848KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 100KB - Virtual size: 107KB

.rsrc
Size: 124KB - Virtual size: 124KB