0eb2b5ebc8911528b9571a17a1ffabd5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0eb2b5ebc8911528b9571a17a1ffabd5_JaffaCakes118
Size

2.0MB
MD5

0eb2b5ebc8911528b9571a17a1ffabd5
SHA1

7e38e9d1967e34d8a507d45268521c1dcb0fe925
SHA256

5c481dd1e67c2f74745fbeca45c0bb5ec2734732d96a7c6413b40cabd315b160
SHA512

3b767cd07e9994b004edcba5cb29a8d0e6b5d41b7a7ee715fb30e4530b91487e6df98c9b9e644af7d974638ee81e171f9cbbd155392f4abc02d6de04d6ab898d
SSDEEP

49152:vxqPyAVTP//klfAI8qm93E7cEJTanzYn1+Gvbo7c7C62I:v8PyAVTH8lfhm5yhazY1+GjC1I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0eb2b5ebc8911528b9571a17a1ffabd5_JaffaCakes118

Files

0eb2b5ebc8911528b9571a17a1ffabd5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

131ee6cea59f5aa6f42696af4479676a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Titanium\src\Tool\7zsfx\Win32\Release\7zsfx.pdb

Imports

kernel32

GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
ExitThread
CreateThread
RtlUnwind
RaiseException
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc
GetConsoleCP
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetErrorMode
FlushFileBuffers
SystemTimeToFileTime
GetThreadLocale
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GlobalAddAtomW
SetLastError
FreeResource
GlobalDeleteAtom
InterlockedCompareExchange
CreateMutexA
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
InterlockedExchange
lstrcmpW
GlobalFree
GlobalAlloc
FormatMessageW
MulDiv
GetExitCodeThread
ResumeThread
SetThreadPriority
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
SetEvent
ReleaseSemaphore
DuplicateHandle
CreateSemaphoreA
CreateEventA
HeapFree
GetProcessHeap
HeapAlloc
GetExitCodeProcess
CreateProcessW
GetVersionExW
ReleaseMutex
CreateMutexW
WaitForSingleObject
Sleep
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
ResetEvent
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
SetEndOfFile
WriteFile
SetFilePointer
ReadFile
GetFileSize
GetLocalTime
LocalAlloc
GetCurrentProcess
LocalFree
SetFileAttributesW
FindClose
MoveFileExW
lstrlenW
LoadLibraryW
FreeLibrary
WideCharToMultiByte
FindNextFileW
FindFirstFileW
MultiByteToWideChar
lstrcpyW
DeleteFileW
CreateDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetDriveTypeW
SleepEx
RemoveDirectoryW
GlobalLock
InitializeCriticalSection
GetLastError
CreateFileW
CloseHandle
GetUserDefaultUILanguage
GlobalUnlock
GetCurrentProcessId
LockResource
OutputDebugStringW
DeleteCriticalSection
SizeofResource
LoadResource
FindResourceW
LeaveCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
lstrlenA
GetProcAddress
GetModuleHandleW
GetConsoleMode
GetModuleFileNameW

user32

LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowTextW
IsDialogMessageW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
DestroyMenu
GetMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
CopyRect
IsWindow
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetFocus
UnregisterClassW
SetForegroundWindow
BringWindowToTop
SystemParametersInfoW
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SendMessageTimeoutW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW
UpdateWindow
InvalidateRect
RedrawWindow
ReleaseDC
GetDC
DestroyCursor
GetParent
SetCursor
DrawStateW
DrawFocusRect
FrameRect
FillRect
GetSysColor
GetWindowInfo
GetWindowRect
MapDialogRect
LoadBitmapW
LoadIconW
EnableWindow
PostMessageW
ShowWindow
SendMessageW
KillTimer
SetTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
wsprintfW
MessageBoxW
GetClassInfoW
UnregisterClassA

gdi32

CreateSolidBrush
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleDC
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetStockObject
SelectObject
GetDeviceCaps
DeleteObject
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
StretchBlt

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

AddAce
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetAclInformation
InitializeAcl
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegFlushKey
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetMalloc

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindFileNameA
PathFindExtensionW
PathFindFileNameW
PathFileExistsW

oleaut32

VariantClear
VariantChangeType
VariantInit

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpSetOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpConnect
WinHttpSetStatusCallback
WinHttpWriteData

Sections

.text
Size: 392KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

131ee6cea59f5aa6f42696af4479676a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

winhttp

Sections

.text Size: 392KB - Virtual size: 389KB

.rdata Size: 88KB - Virtual size: 86KB

.data Size: 40KB - Virtual size: 56KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 324KB - Virtual size: 321KB

.text
Size: 392KB - Virtual size: 389KB

.rdata
Size: 88KB - Virtual size: 86KB

.data
Size: 40KB - Virtual size: 56KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 324KB - Virtual size: 321KB