1578493e42c1f3edba301f0f54b1d2cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1578493e42c1f3edba301f0f54b1d2cd_JaffaCakes118
Size

380KB
MD5

1578493e42c1f3edba301f0f54b1d2cd
SHA1

c862c873c20cccb666b5d1cdb5f1c5d675835d33
SHA256

c46f55727b5fb510328dee076f8b4c682c1ef749ed99ac2e3dd1da5455997ea6
SHA512

2e4aac4b488e1596804453157e00a48bc337aaf12e0fbebefed8f7218e2db8b84a5724ed28f75209035fe0399630bab57e2a2d15e9868e08ac327c1e34f56250
SSDEEP

6144:7OQ/EjKwA6+jR32Shh6FHV6EZT+oycYqyRMFUlE4vA+E+RIWOreizH41ykFrLYeM:7sAZl3Rhh6FvUqAvAh+wOykWy76s4f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1578493e42c1f3edba301f0f54b1d2cd_JaffaCakes118

Files

1578493e42c1f3edba301f0f54b1d2cd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ba686cff6496f6773d46ff59fb9c0f29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantInit
VariantClear
VarR8FromI1
SysStringLen
SysFreeString
SysAllocString

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

setupapi

SetupDiGetClassDevsW
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
SetupCloseFileQueue
SetupCloseInfFile
SetupDiBuildDriverInfoList
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInstallParamsW
SetupDiInstallDriverFiles
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
SetupDiSetDeviceInstallParamsW
SetupDiSetSelectedDriverW
SetupFindFirstLineW
SetupGetStringFieldW
SetupOpenFileQueue
SetupOpenInfFileW
SetupScanFileQueueW

shell32

SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
SHGetFolderPathW

advapi32

RegDeleteKeyW
SetNamedSecurityInfoW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegEnumKeyW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LsaQueryInformationPolicy
LsaOpenPolicy
LsaNtStatusToWinError
LsaFreeMemory
LsaClose
LookupPrivilegeValueW
IsValidSid
GetTokenInformation
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetLengthSid
FreeSid
EqualSid
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
AdjustTokenPrivileges

shlwapi

StrChrW
PathStripToRootW
PathRemoveBackslashW
StrCmpIW
PathIsRelativeW
PathFindExtensionW
StrCmpW
StrRChrW
StrStrIW
StrToIntExW
PathIsUNCW
UrlGetPartW
PathIsRootW

user32

CharLowerA
CharNextW
CharUpperA
CharUpperW
DispatchMessageW
ExitWindowsEx
GetActiveWindow
GetKeyboardType
GetWindowThreadProcessId
MsgWaitForMultipleObjects
PeekMessageW
PostMessageW
SendMessageW
TranslateMessage

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
HMETAFILE_UserFree
CoInitialize

wininet

InternetGetConnectedState
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionA

kernel32

ReleaseMutex
ReadFile
QueryPerformanceCounter
SetEvent
MoveFileW
MapViewOfFile
LocalFree
LoadLibraryExW
LeaveCriticalSection
InterlockedIncrement
SetFileAttributesW
SetFilePointer
SetFileTime
RemoveDirectoryW
Sleep
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW
ResetEvent
SetUnhandledExceptionFilter
SetEndOfFile
CreateMutexW
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileW
DisableThreadLibraryCalls
MultiByteToWideChar
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
HeapReAlloc
HeapFree
HeapAlloc
GlobalFree
GlobalAlloc
GetVolumeInformationW
GetVersionExW
GetUserDefaultLangID
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetLocaleInfoW
GetLocalTime
GetFileType
GetFileTime
GetFileSize
GetExitCodeThread
CreateFileW
GetExitCodeProcess
GetDriveTypeW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
ExpandEnvironmentStringsW
CloseHandle
CompareFileTime
CompareStringA
CompareStringW
CreateDirectoryW
CreateEventW
EnterCriticalSection

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba686cff6496f6773d46ff59fb9c0f29

Headers

File Characteristics

Imports

oleaut32

crypt32

setupapi

shell32

advapi32

shlwapi

user32

ole32

wininet

kernel32

Sections

.text Size: 292KB - Virtual size: 292KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 16KB - Virtual size: 108KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 292KB - Virtual size: 292KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 16KB - Virtual size: 108KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB