0f18988f38e999b4c3e7a80080bae4be_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f18988f38e999b4c3e7a80080bae4be_JaffaCakes118
Size

767KB
MD5

0f18988f38e999b4c3e7a80080bae4be
SHA1

f608b655a8774f9c6e7a84d12d1e7c4d396cae31
SHA256

f8746c3faf403d56ae3e4568b4632ef51ffe804df11d8b9b86ea533238d4724e
SHA512

3abe123372b4e9604e8354b8293ade96f7ea4a6be132e7606f4fffafc6b0bb03fa5c1dc63f74c65f6c1517d258aedd3203b0481cd8def367fcdc6f779f3268a8
SSDEEP

12288:VoP08iYg5pQkLjU7htnANCiDFd7JjYJxy+us4dVxqy1r08dkMeQFl0IiCPqOb:abgQHANCCFIvyXF3/rfjEj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f18988f38e999b4c3e7a80080bae4be_JaffaCakes118

Files

0f18988f38e999b4c3e7a80080bae4be_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6349c917fe22ac27506adb491adc6118

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ezoql\aoqeadl\ugla.pdb

Imports

comctl32

ImageList_DragMove
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_BeginDrag
ImageList_Add
ImageList_SetOverlayImage
ImageList_SetIconSize
ImageList_SetBkColor
CreateStatusWindowW
ImageList_AddIcon
ImageList_LoadImageA
InitCommonControlsEx
DrawStatusText
CreateMappedBitmap
ImageList_SetImageCount

comdlg32

PageSetupDlgW
PrintDlgW
GetSaveFileNameW

shell32

SHLoadInProc
SHGetPathFromIDListA
RealShellExecuteExA
SHGetPathFromIDList

user32

PostMessageA
IsDlgButtonChecked
GetKeyboardType
CreateIconFromResourceEx
RegisterDeviceNotificationA
UpdateWindow
DrawTextA
DestroyMenu
DdeAddData
DefWindowProcW
LookupIconIdFromDirectoryEx
ToAscii
GrayStringW
MessageBoxA
CreateWindowExW
LoadIconA
RegisterClassA
OemKeyScan
SetDebugErrorLevel
IsCharAlphaA
EnumDesktopsA
SetUserObjectInformationA
SetWinEventHook
TranslateAccelerator
EnumDisplaySettingsA
CreateMDIWindowW
TrackMouseEvent
IsCharAlphaNumericW
GetFocus
PackDDElParam
BeginDeferWindowPos
GetKeyboardState
BringWindowToTop
ScrollDC
CheckMenuItem
RegisterClassExA
GetClassInfoExA
SetWindowRgn
DefFrameProcW
DdeDisconnectList
DestroyWindow
ChildWindowFromPointEx
GetWindowTextA
ClipCursor
SetParent
GetMenuContextHelpId
DdeDisconnect
ShowWindow
DrawTextW

kernel32

GetConsoleCP
GetProfileStringA
FlushFileBuffers
InterlockedExchangeAdd
GetModuleFileNameA
SetLastError
GetEnvironmentStringsA
SetConsoleMode
FindAtomW
GetCurrentThread
WriteConsoleW
OutputDebugStringW
GetCurrentThreadId
WritePrivateProfileStringW
ExitProcess
GetEnvironmentStrings
OpenWaitableTimerA
GetStartupInfoA
SetStdHandle
GetPrivateProfileStructW
MoveFileA
SetHandleCount
CreateMutexW
OpenMutexA
GetMailslotInfo
GetProcAddress
HeapAlloc
DebugBreak
TlsSetValue
HeapCreate
GetConsoleOutputCP
GetLocaleInfoW
SetUnhandledExceptionFilter
GetCurrentProcess
GetConsoleMode
OutputDebugStringA
ExpandEnvironmentStringsA
LoadLibraryA
LeaveCriticalSection
DuplicateHandle
FindResourceExA
VirtualQuery
GetACP
VirtualAlloc
CreateWaitableTimerA
HeapDestroy
GetModuleFileNameW
GetCommandLineA
GetTimeZoneInformation
FreeLibraryAndExitThread
IsValidCodePage
GetProfileSectionW
GetStringTypeW
RemoveDirectoryA
FreeLibrary
DeleteCriticalSection
LocalFileTimeToFileTime
GetPrivateProfileStringW
GetCompressedFileSizeA
VirtualFree
InitializeCriticalSection
LCMapStringA
IsBadReadPtr
GetDateFormatW
GetModuleHandleA
InterlockedExchange
WriteFile
InterlockedDecrement
HeapReAlloc
lstrcmpi
HeapFree
RaiseException
ReadFile
SetEnvironmentVariableA
QueryPerformanceCounter
CreateFileA
WideCharToMultiByte
HeapValidate
LCMapStringW
RtlUnwind
GetCurrentProcessId
lstrlenA
FreeEnvironmentStringsW
GetProcessAffinityMask
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
GetCalendarInfoA
EnumCalendarInfoA
FreeEnvironmentStringsA
IsDebuggerPresent
TerminateProcess
TlsFree
GetLocaleInfoA
TlsAlloc
GetFileType
OpenFileMappingW
GetVersionExA
GetSystemDefaultLCID
WriteConsoleA
InterlockedIncrement
CompareStringA
SetConsoleCursorPosition
FileTimeToLocalFileTime
CloseHandle
CreateMutexA
IsValidLocale
CompareStringW
GetStringTypeA
ReadConsoleOutputW
GetTimeFormatA
WaitForMultipleObjectsEx
GetStdHandle
GetUserDefaultLCID
LoadLibraryW
EnumSystemLocalesA
TlsGetValue
OpenFileMappingA
WriteProfileStringW
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetFilePointer
GetProcessHeap
GetLastError
EnterCriticalSection
GetOEMCP
GetDateFormatA
GetTickCount
SetConsoleCtrlHandler

advapi32

CryptContextAddRef
RegQueryMultipleValuesW
CryptImportKey
RegCreateKeyExA
RegCreateKeyExW
CryptExportKey
RegRestoreKeyA
LookupPrivilegeValueW
DuplicateTokenEx
RegSetValueW
CryptCreateHash
CryptDuplicateKey
CryptSetProvParam
RegQueryValueW
CryptGetUserKey
CreateServiceW
CryptSignHashW

Sections

.text
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6349c917fe22ac27506adb491adc6118

Headers

File Characteristics

PDB Paths

Imports

comctl32

comdlg32

shell32

user32

kernel32

advapi32

Sections

.text Size: 325KB - Virtual size: 324KB

.rdata Size: 293KB - Virtual size: 293KB

.data Size: 111KB - Virtual size: 136KB

.rsrc Size: 36KB - Virtual size: 35KB

.text
Size: 325KB - Virtual size: 324KB

.rdata
Size: 293KB - Virtual size: 293KB

.data
Size: 111KB - Virtual size: 136KB

.rsrc
Size: 36KB - Virtual size: 35KB