14c3e8f5ab5a0112b6ee5dd632c90fe8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14c3e8f5ab5a0112b6ee5dd632c90fe8_JaffaCakes118
Size

680KB
MD5

14c3e8f5ab5a0112b6ee5dd632c90fe8
SHA1

4932e3c11ba8eb7956e95c546fda48aa3955f7b6
SHA256

416d050b7dad855f4055a3f7448f0a9170ed6de7866106e023a383ea713e5c0d
SHA512

52ee1d1604535481432ca37041a62d01801119c9a5035095a18c81ab52a2294c2c1c8a27820f9cd3d0bc2e8be9dac6825a37c8970640b17b9a9d054c1795e316
SSDEEP

12288:/dQfDIqdhbkWol3Z7v/1surVbWWuXzvcBR+SYxDtPWs2Z+J:/dQfDg9lh1MjXzEDiDtesX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14c3e8f5ab5a0112b6ee5dd632c90fe8_JaffaCakes118

Files

14c3e8f5ab5a0112b6ee5dd632c90fe8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ceb709f2874d9db32cd9c26353f59607

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ybkxz.pdb

Imports

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_AddMasked
ImageList_BeginDrag

advapi32

GetLengthSid
RegCreateKeyA
GetSidSubAuthorityCount
OpenServiceA
GetTokenInformation
RegCloseKey
RegEnumKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteValueA
OpenProcessToken

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

PeekNamedPipe
VirtualFree
GetCurrentDirectoryA
GetCommandLineA
TlsSetValue
GetFileAttributesA
GetStdHandle
GetCurrentProcessId
GetCurrentThread
SetFilePointer
CreateSemaphoreA
GetStringTypeA
UnlockFile
GetSystemTime
LockFile
GlobalFlags
GlobalFree
FlushFileBuffers
CreatePipe
InitializeCriticalSection
ExitProcess
FileTimeToLocalFileTime
CreateMutexA
GlobalUnlock
lstrlenA
GetFileSize
GetTickCount
GetFileType
GetModuleHandleW
SetUnhandledExceptionFilter
SetThreadPriority
SetEnvironmentVariableA
GetVersionExA
GetSystemInfo
GetLastError
GetFileTime
RaiseException
GlobalSize
MoveFileA
ReleaseMutex
TerminateThread
GlobalAlloc
GetCPInfo
SystemTimeToFileTime
GetLocaleInfoA
LeaveCriticalSection
GetTimeZoneInformation
GetLocaleInfoW
GetCurrentThreadId
WritePrivateProfileStringA
ReadFile
InterlockedExchange
LockResource
OutputDebugStringA
GetLocalTime
RtlUnwind
TlsGetValue
GetOEMCP
IsBadReadPtr
GetCurrentProcess
HeapCreate
LoadResource
WideCharToMultiByte
LCMapStringA
SetEvent
FreeResource
GetProcAddress
GlobalLock
GetPrivateProfileIntA
CreateDirectoryA
GetEnvironmentStringsW
GetVersion
GetACP
ExitThread
HeapReAlloc
lstrcmpA
SizeofResource
CompareStringW
TlsAlloc
SetLastError
GetStringTypeW
GetDriveTypeA
MulDiv
GetThreadLocale
GlobalGetAtomNameA
VirtualAlloc
CloseHandle
GetTimeFormatA
TlsFree
GetTempFileNameA
DeleteFileA
GetDiskFreeSpaceA
FindNextFileA
GetPrivateProfileStringA
lstrcpyA
GetEnvironmentStrings
GetModuleHandleA
IsBadWritePtr
FindClose
InterlockedDecrement
QueryPerformanceCounter
VirtualQuery
SetStdHandle
MultiByteToWideChar
GlobalReAlloc
DeleteCriticalSection
WinExec
IsValidCodePage
UnhandledExceptionFilter
HeapFree
GlobalAddAtomA
CompareStringA
CreateThread
FreeLibrary
GetShortPathNameA
FindFirstFileA
GetWindowsDirectoryA
GetDateFormatA
WriteConsoleA
GetModuleFileNameA
LocalFree
FreeEnvironmentStringsA
HeapDestroy
CopyFileA
lstrlenW
UnmapViewOfFile
EnterCriticalSection
InterlockedIncrement
WriteFile
LCMapStringW
GetTempPathA
LocalAlloc
LocalReAlloc
SetErrorMode
Sleep
DuplicateHandle
LoadLibraryA
CreateFileA
GetVolumeInformationA
SetCurrentDirectoryA
IsValidLocale
ResetEvent
TerminateProcess
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
SetHandleCount
IsBadCodePtr
lstrcatA
SetFileAttributesA
GetStartupInfoA
GlobalDeleteAtom
WaitForSingleObject
FileTimeToSystemTime
SetFileTime
ResumeThread
HeapAlloc
LocalFileTimeToFileTime
SetEndOfFile
CreateEventA
lstrcmpiA
GetProcessHeap

shell32

DragAcceptFiles
SHGetMalloc
DragQueryFileA
ShellExecuteA

mfc42

ord1576

user32

wsprintfA
CloseClipboard
DestroyMenu
EnumWindows
EndDialog
ReleaseCapture
CheckMenuItem
GetCapture
EqualRect
LoadCursorA
GetMenuItemID
CreateWindowExA
WaitForInputIdle
PeekMessageA
IsIconic
GetActiveWindow
UpdateWindow
LockWindowUpdate
KillTimer
UnhookWindowsHookEx
SystemParametersInfoA
TranslateMessage
CallNextHookEx
IsDialogMessageA
CreateDialogIndirectParamA
FillRect
IsZoomed
LoadBitmapA
GetDesktopWindow
RedrawWindow
GetClassInfoExA
CreateMenu
GetScrollRange
FrameRect
MessageBoxA
DrawFocusRect
RegisterClassExA
DrawIcon
ShowWindow
GetMessagePos
IsWindowVisible
RemoveMenu
RegisterClassA
SetForegroundWindow
SetFocus
LoadMenuA
GetMenu
EnableWindow
GetClientRect
DefWindowProcA
GetParent
GetTopWindow
DestroyWindow
IntersectRect
MoveWindow
CallWindowProcA
TranslateAcceleratorA
AdjustWindowRectEx
GetMenuState
DrawFrameControl
SetCapture
FlashWindow
ScreenToClient
SetWindowRgn
SetWindowLongA
BringWindowToTop
WinHelpA
DispatchMessageA
ReleaseDC
SetClipboardData
GetSystemMetrics
LoadStringA
SetWindowTextA
MapWindowPoints

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 472KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ceb709f2874d9db32cd9c26353f59607

Headers

File Characteristics

PDB Paths

Imports

comctl32

advapi32

version

kernel32

shell32

mfc42

user32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 472KB - Virtual size: 470KB

.data Size: 100KB - Virtual size: 98KB

.rsrc Size: 36KB - Virtual size: 34KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 472KB - Virtual size: 470KB

.data
Size: 100KB - Virtual size: 98KB

.rsrc
Size: 36KB - Virtual size: 34KB