0f394c3b8e22c703590f14446fca33d9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0f394c3b8e22c703590f14446fca33d9_JaffaCakes118
Size

243KB
MD5

0f394c3b8e22c703590f14446fca33d9
SHA1

b1354af512ba2774b8c96ad5c42d33fa0ac11c08
SHA256

6b9d7be16a7b3ae02ee056bd3fe21f0f7567e7a99238ec458db966219895812f
SHA512

847b3e5c9bc3384f3e231da5cc9924f2be0ddedbc9bf24222fad995b11b4ede8aeef51a7675e2871923a501b21c4d5cd54bf1a6bec09c91f054aea8b1e19bc19
SSDEEP

6144:BH3Jh95UbcMYDd2R2G136wH/8cYZJoeX7XBsyknw3IKn3x:BH3r7UeDd2RNNHUc8JoQDVkw3IKh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f394c3b8e22c703590f14446fca33d9_JaffaCakes118

Files

0f394c3b8e22c703590f14446fca33d9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2ebfeec30302b9efbd195455afd50822

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptUnprotectData
CryptProtectData

oleaut32

VarUI4FromStr

kernel32

GetProcessHeap
CreateFileW
LocalAlloc
GetModuleHandleW
FreeLibrary
GetTimeFormatW
HeapReAlloc
EnterCriticalSection
HeapDestroy
HeapAlloc
HeapFree
ResetEvent
IsDebuggerPresent
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
FindResourceExW
LocalFree
lstrlenW
CreateEventW
WaitForMultipleObjects
LeaveCriticalSection
SizeofResource
WaitForSingleObject
FindResourceW
DeleteCriticalSection
LoadLibraryExW
GetDateFormatW
lstrlenA
ReadFile
GetFileSize
lstrcmpiW
LockResource
GetCurrentThreadId
LoadResource
CloseHandle
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
HeapSize
DisableThreadLibraryCalls
FormatMessageW
RaiseException
VirtualAlloc

user32

GetSystemMenu
IsWindow
PeekMessageW
SetForegroundWindow
LoadIconW
DestroyWindow
GetMonitorInfoW
CharNextW
SetWindowLongW
GetActiveWindow
DefWindowProcW
FlashWindow
SystemParametersInfoW
GetDesktopWindow
MonitorFromPoint
TrackPopupMenuEx
GetClientRect
SetActiveWindow
AttachThreadInput
GetWindowRect
PostMessageW
ShowWindow
SetWindowTextW
FindWindowW
SetWindowPos
IsIconic
ClientToScreen
GetForegroundWindow
GetWindowThreadProcessId
GetSystemMetrics
GetWindowLongW

ole32

IIDFromString
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

comctl32

InitCommonControlsEx

mscms

CreateColorTransformW
SetColorProfileElement
AssociateColorProfileWithDeviceA
AssociateColorProfileWithDeviceW
GetCountColorProfileElements
UninstallColorProfileW
InternalGetPS2PreviewCRD
CloseColorProfile

kbdhe319

KbdLayerDescriptor

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Ix
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.f
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NxM
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zwenmF
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tzmoY
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.H
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 214KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ebfeec30302b9efbd195455afd50822

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

oleaut32

kernel32

user32

ole32

comctl32

mscms

kbdhe319

Sections

.text Size: 16KB - Virtual size: 15KB

.Ix Size: 1024B - Virtual size: 5KB

.f Size: 512B - Virtual size: 2KB

.NxM Size: 1KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.zwenmF Size: 1024B - Virtual size: 14KB

.tzmoY Size: 1024B - Virtual size: 532B

.H Size: 1024B - Virtual size: 9KB

.data Size: 214KB - Virtual size: 355KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 15KB

.Ix
Size: 1024B - Virtual size: 5KB

.f
Size: 512B - Virtual size: 2KB

.NxM
Size: 1KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.zwenmF
Size: 1024B - Virtual size: 14KB

.tzmoY
Size: 1024B - Virtual size: 532B

.H
Size: 1024B - Virtual size: 9KB

.data
Size: 214KB - Virtual size: 355KB

.rsrc
Size: 3KB - Virtual size: 3KB