0f8b60278b93835c57a536019cf32556_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f8b60278b93835c57a536019cf32556_JaffaCakes118
Size

77KB
MD5

0f8b60278b93835c57a536019cf32556
SHA1

c20fd115d6683060db5891370404ec74f5893606
SHA256

c263b35dcf0ed4aa4c6add2ea4c4dbe4d1a20c52fe5906b062c655d73c5d24be
SHA512

01ae6ec9c755b6cd335752908f8143bbc9e8066dbd52976e2e2efb5c21567dfdefff701a767f817630a3a690197aaf0fbe3cf0a741b1b783e95e11ea77fdb2b6
SSDEEP

1536:TY/ydqtxskwJL681lEXuqOFFyJdJ13wvHz8Limg6Y:TY/9txskwJPEiyZ1wvT8LiT1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f8b60278b93835c57a536019cf32556_JaffaCakes118

Files

0f8b60278b93835c57a536019cf32556_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e1ffd1cc5cc75cb8b72d8abafe9f15f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempPathW
LocalAlloc
LocalFree
CreateProcessW
SetErrorMode
WideCharToMultiByte
lstrcpynW
GetModuleHandleW
SetLastError
GetCurrentThreadId
CreateDirectoryW
FindFirstFileW
CopyFileW
DeleteFileW
GetWindowsDirectoryW
CloseHandle
OpenEventW
RemoveDirectoryW
GetSystemDirectoryW
OutputDebugStringW
lstrlenA
LockResource
LoadResource
FindResourceW
FreeResource
lstrcmpiW
lstrlenW
WaitForSingleObject
CreateEventW
SetFileAttributesW
LoadLibraryExW
ExpandEnvironmentStringsA
FreeLibrary
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateFileW
ReadFile
WriteFile
FindNextFileW
FindClose
VirtualAlloc

user32

GetForegroundWindow
GetSysColor
GetSubMenu
RemoveMenu
GetSysColorBrush
CreatePopupMenu
CreateMenu
GetMenuItemID
GetMenuState
ModifyMenuW
InsertMenuW
GetMenuItemCount
AppendMenuW
GetSystemMetrics
LoadBitmapW
DrawIconEx
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetDesktopWindow
SystemParametersInfoW
DrawEdge
FillRect
SetRect
GetMenuItemInfoW
GetDlgItem
MoveWindow
GetTopWindow
RegisterWindowMessageW
ScreenToClient
CopyRect
DeleteMenu
EnableMenuItem
CheckMenuItem
GetMessagePos
IsChild
CallNextHookEx
InvalidateRect
GetClassNameW
SetWindowsHookExW
UnhookWindowsHookEx
DestroyIcon
GetDC
ReleaseDC
TranslateAcceleratorW
LoadAcceleratorsW
GetClientRect
RedrawWindow
SetWindowPos
IsWindowVisible
GetDlgCtrlID
PostMessageW
GetWindow
GetWindowRect
GetParent
LoadStringW
IsWindow
EnableWindow
SendMessageW

gdi32

GetDeviceCaps
DeleteObject
CreateSolidBrush
GetPixel
GetObjectW
CreateFontW
CreateCompatibleDC
BitBlt
CreateFontIndirectW
CreatePen
Rectangle
CreateCompatibleBitmap
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetTextExtentPoint32W
Ellipse
DeleteDC
SelectObject
CreateDIBSection
SetPixel
PatBlt
CreateHatchBrush
GetBkMode
CreatePatternBrush

advapi32

OpenThreadToken
RegOpenKeyExA
RegQueryValueExA
SetEntriesInAclW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW
GetLengthSid
IsValidSecurityDescriptor
FreeSid
RevertToSelf
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
ImpersonateSelf
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AccessCheck
SetSecurityDescriptorGroup
OpenProcessToken

shell32

ShellExecuteW

comctl32

ImageList_GetIconSize

esent

JetCreateIndex

winipsec

DeleteQMPolicy
AddMMFilter
CloseTransportFilterHandle
EnumTransportFilters
GetMMPolicy
AddQMPolicy

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EOfyu
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lWelBw
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.omDUs
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e1ffd1cc5cc75cb8b72d8abafe9f15f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

esent

winipsec

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 4KB

.EOfyu Size: 1KB - Virtual size: 2KB

.lWelBw Size: 1KB - Virtual size: 2KB

.data Size: 45KB - Virtual size: 242KB

.omDUs Size: 1KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 4KB

.EOfyu
Size: 1KB - Virtual size: 2KB

.lWelBw
Size: 1KB - Virtual size: 2KB

.data
Size: 45KB - Virtual size: 242KB

.omDUs
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB