1044024eaba1e5ec5bf8b7f4891997e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1044024eaba1e5ec5bf8b7f4891997e7_JaffaCakes118
Size

650KB
MD5

1044024eaba1e5ec5bf8b7f4891997e7
SHA1

c4820fe649402e4379cd2a57a91e2b6de3d69533
SHA256

7be2dd0d0599c65d444d08b0fb44af44817c3cc341dc82672350508b4e486cc3
SHA512

de59c4f107e294ff4b472514279064534d8beecfeef8efdac2a63aac3febd94057208af99ce7cf70e5d98bc4d3ce7ce1f12f77dd487e013178ad20b37168d844
SSDEEP

12288:+5129CvZ8ZEBHgc0y90DCN1xaKmPSV0pOtvIEpOluHpc1rnnhrZGtIvChtkkwu7:+5/h8Z6iyxGbhpOtDJc/rZgkB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1044024eaba1e5ec5bf8b7f4891997e7_JaffaCakes118

Files

1044024eaba1e5ec5bf8b7f4891997e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

43f9984d0878877d17b30a5492a6f75d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSRegisterSessionNotification

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdiplus

GdipDisposeImage
GdiplusStartup
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdiplusShutdown
GdipCreateBitmapFromFileICM

shell32

Shell_NotifyIconW
SHAppBarMessage
FindExecutableW
ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

OleInitialize
CoUninitialize
CoCreateInstance
StringFromGUID2
CoInitializeEx
OleUninitialize
CoSetProxyBlanket
CoTaskMemAlloc
CoAllowSetForegroundWindow
CLSIDFromProgID
OleLockRunning
CoGetClassObject
CoTaskMemFree
StringFromCLSID
CLSIDFromString
CreateStreamOnHGlobal
CoInitializeSecurity
CoCreateGuid

kernel32

lstrcmpW
InterlockedIncrement
QueryPerformanceCounter
LeaveCriticalSection
GlobalHandle
GlobalFree
InterlockedDecrement
GetStartupInfoW
LocalAlloc
GetProcAddress
LoadLibraryA
GetLocaleInfoW
VirtualUnlock
HeapReAlloc
CreateEventW
CreateThread
CloseHandle
HeapSetInformation
VirtualAlloc
GetCurrentThreadId
GetACP
HeapFree
UnhandledExceptionFilter
HeapSize
GetLocaleInfoA
EnterCriticalSection
GetSystemDirectoryW
RaiseException
OpenProcess
HeapDestroy
GetModuleFileNameW
LoadResource
lstrlenW
VirtualLock
MulDiv
GlobalLock
GlobalAlloc
DeleteCriticalSection
LoadLibraryExW
WideCharToMultiByte
GetLastError
GetSystemInfo
IsProcessorFeaturePresent
LCMapStringW
FormatMessageW
InterlockedCompareExchange
GetVersionExW
MultiByteToWideChar
TerminateProcess
WaitForSingleObject
FreeLibrary
GetComputerNameW
LoadLibraryW
SetEvent
IsDebuggerPresent
InitializeCriticalSection
VirtualFree
GetThreadLocale
GetTempPathW
ProcessIdToSessionId
SetLastError
ResetEvent
lstrlenA
GetCurrentProcess
GetVersionExA
FindResourceExW
GetTickCount
CreateFileW
SizeofResource
CreateMutexW
SetUnhandledExceptionFilter
HeapAlloc
Sleep
LockResource
FlushInstructionCache
GetSystemTimeAsFileTime
GlobalUnlock
ReleaseMutex
LocalFree
WaitForMultipleObjects
InterlockedExchange
GetProcessId
FindResourceW
GetModuleHandleW

ddraw

DirectDrawCreate
DirectDrawCreateEx

gdi32

DeleteDC
GetStockObject
CreateSolidBrush
CreateCompatibleDC
SelectObject
DeleteObject
CreateCompatibleBitmap
GetDeviceCaps
BitBlt
GetObjectW

msvcrt

memset
_amsg_exit
_initterm
_controlfp
iswdigit
fabs
_wcmdln
?terminate@@YAXXZ
__set_app_type
__p__fmode
_wtoi64
_exit
_cexit
__p__commode
exit
memcpy
__wgetmainargs
__setusermatherr
_initterm
_XcptFilter

shlwapi

UrlCanonicalizeW
UrlGetPartW
UrlCombineW
PathCombineW
UrlApplySchemeW
PathAppendW

secur32

GetUserNameExW

crypt32

CryptUnprotectData
CryptProtectData

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43f9984d0878877d17b30a5492a6f75d

Headers

File Characteristics

Imports

wtsapi32

version

gdiplus

shell32

ole32

kernel32

ddraw

gdi32

msvcrt

shlwapi

secur32

crypt32

Sections

.text Size: 366KB - Virtual size: 365KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 272KB - Virtual size: 271KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 366KB - Virtual size: 365KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 272KB - Virtual size: 271KB

.rsrc
Size: 6KB - Virtual size: 6KB