16069a1316f49c068a54c5fe47ca5e77_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16069a1316f49c068a54c5fe47ca5e77_JaffaCakes118
Size

616KB
MD5

16069a1316f49c068a54c5fe47ca5e77
SHA1

5b84372b0632ef9a126128d7077fe794db215e12
SHA256

e6b36ba78934fa27b1cc5fa0604cc99b7e0124a143af4b7f900f57f1ad5feeab
SHA512

cb8f7ec98a6623a5d694af639d1fb1a29a7605889aa6ec73b2e2ea5e2f5ed71e59de80458dca7f58bb7cb214f8783a9a4d2f26de7d22e3a17911a2fa6983a772
SSDEEP

12288:5kHDrKzdg1YdK7U61i7aglyFFY1aGJEHbKwlzLeCfztqoZ:5MrKBe7UCi7TlH1TWjLeCfztN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16069a1316f49c068a54c5fe47ca5e77_JaffaCakes118

Files

16069a1316f49c068a54c5fe47ca5e77_JaffaCakes118
.exe windows:4 windows x86 arch:x86

514346e63828f517d1ab472667e19c34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ejwp\

Imports

kernel32

GetCurrentProcess
HeapAlloc
FreeResource
GetStringTypeA
GetStdHandle
HeapSize
TlsFree
CloseHandle
GetSystemDefaultLangID
ReadFile
GetLongPathNameW
GetCompressedFileSizeA
LocalUnlock
MultiByteToWideChar
RtlUnwind
GetLastError
IsValidLocale
GetCPInfo
GetCurrentThread
GetTimeZoneInformation
EnumSystemCodePagesW
GetModuleHandleW
LoadResource
TlsSetValue
CreateMutexA
GetFileType
GlobalFindAtomW
TlsAlloc
SetHandleCount
GetCurrentThreadId
GetDateFormatA
WritePrivateProfileSectionW
OpenWaitableTimerA
SetUnhandledExceptionFilter
VirtualAlloc
WriteConsoleW
MoveFileW
CreateToolhelp32Snapshot
GetConsoleCP
CompareStringA
GetNumberFormatA
LeaveCriticalSection
OpenSemaphoreW
SetFilePointer
ConnectNamedPipe
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetModuleFileNameW
CreateProcessA
GetLogicalDriveStringsW
TlsGetValue
GetProcAddress
GetLogicalDrives
LCMapStringA
GetLocaleInfoA
VirtualFree
WaitCommEvent
QueryPerformanceCounter
lstrlen
InterlockedIncrement
ReadConsoleOutputCharacterA
GetConsoleOutputCP
GetAtomNameW
GetThreadPriorityBoost
GetStringTypeW
TerminateProcess
GetCommandLineW
FindNextChangeNotification
FillConsoleOutputAttribute
GetTickCount
GetStartupInfoA
RtlZeroMemory
InitializeCriticalSectionAndSpinCount
GetOEMCP
GetProcessHeap
GetProfileStringW
ReadConsoleA
GetMailslotInfo
DeleteCriticalSection
SetEndOfFile
GlobalGetAtomNameA
LockFileEx
GetUserDefaultLCID
GetLocaleInfoW
GetACP
FreeLibrary
WriteFile
LCMapStringW
EnterCriticalSection
LoadLibraryExW
GetModuleFileNameA
SetConsoleCtrlHandler
GetConsoleTitleW
WriteConsoleOutputW
SetFileTime
CompareStringW
OpenEventW
SetEnvironmentVariableW
CreateDirectoryExW
GetVersionExA
IsValidCodePage
DeleteFileA
AddAtomA
HeapReAlloc
Sleep
HeapDestroy
GetModuleHandleA
HeapCreate
CreatePipe
lstrcpynW
GetEnvironmentStringsA
GetCommandLineA
GetShortPathNameA
CreateEventA
InterlockedDecrement
SetCriticalSectionSpinCount
FreeEnvironmentStringsW
GetStartupInfoW
IsBadReadPtr
InterlockedExchange
IsDebuggerPresent
SetEnvironmentVariableA
CreateFileA
VirtualQuery
WriteConsoleA
LockFile
ExitProcess
EnumResourceLanguagesW
CreateMailslotW
SetConsoleMode
EnumSystemLocalesA
GetWindowsDirectoryA
GetEnvironmentStringsW
GetPrivateProfileStringA
FlushFileBuffers
WideCharToMultiByte
VirtualProtect
GetTimeFormatA
GetConsoleMode
LoadLibraryA
SetLastError
SetStdHandle
GetCurrentProcessId
OpenMutexA
HeapFree
SetThreadContext

advapi32

LookupPrivilegeValueA
CryptHashSessionKey
RegQueryValueExW
LookupPrivilegeNameW
RegLoadKeyA
LookupAccountSidA
LookupPrivilegeValueW
CryptDecrypt
LookupPrivilegeDisplayNameW
RegOpenKeyA
ReportEventW
RegEnumValueW
RegLoadKeyW
CryptExportKey
LookupAccountNameW
RegDeleteValueA
RegReplaceKeyW
CryptGetUserKey

user32

RegisterClipboardFormatW
SetMessageExtraInfo
GetClipboardFormatNameW
CascadeWindows
GrayStringW
CreateMDIWindowA
SendNotifyMessageW
CloseWindow
TrackPopupMenuEx
EndDeferWindowPos
MessageBoxW
MoveWindow
MessageBoxA
GetMenuItemCount
UpdateWindow
BeginPaint
SetUserObjectInformationA
SetPropA
EnumThreadWindows
GetKeyboardType
LoadBitmapW
ChangeDisplaySettingsA
SetProcessDefaultLayout
CreateWindowExA
SetFocus
CloseClipboard
MessageBeep
CharLowerBuffA
WaitMessage
CopyIcon
ChangeClipboardChain
AppendMenuA
RegisterClassA
OemToCharW
GetWindowLongW
SendMessageTimeoutA
wsprintfA
CreateIconIndirect
UnregisterClassW
DefWindowProcW
DestroyWindow
ShowWindow
DdeImpersonateClient
CopyAcceleratorTableW
ShowOwnedPopups
GetActiveWindow
CopyRect
GetMenuCheckMarkDimensions
GetMenuBarInfo
WindowFromDC
GetAsyncKeyState
RegisterClassExA
CreateCursor
ShowCaret
DdeDisconnect
CreateDialogParamW
WINNLSGetIMEHotkey
DefDlgProcA
ScreenToClient
OpenWindowStationA

gdi32

WidenPath
GetEnhMetaFileHeader
GetStockObject
GetCharWidthFloatW
RemoveFontResourceA
SetBrushOrgEx
SelectPalette
CancelDC

wininet

FtpCommandW
CommitUrlCacheEntryA
FindCloseUrlCache
RetrieveUrlCacheEntryStreamA
InternetCrackUrlA
HttpSendRequestExW
InternetQueryDataAvailable
HttpAddRequestHeadersW

comctl32

CreateStatusWindow
ImageList_SetImageCount
ImageList_Merge
ImageList_Duplicate
CreateStatusWindowW
ImageList_DragShowNolock
ImageList_GetIcon
ImageList_Read
CreatePropertySheetPageW
ImageList_DragLeave
ImageList_AddMasked
ImageList_LoadImage
InitCommonControlsEx
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_GetFlags
ImageList_Write
ImageList_Create
ImageList_GetBkColor
ImageList_SetOverlayImage
ImageList_LoadImageW
DrawStatusText
InitMUILanguage
DestroyPropertySheetPage

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

514346e63828f517d1ab472667e19c34

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

wininet

comctl32

Sections

.text Size: 228KB - Virtual size: 227KB

.rdata Size: 256KB - Virtual size: 252KB

.data Size: 116KB - Virtual size: 131KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 228KB - Virtual size: 227KB

.rdata
Size: 256KB - Virtual size: 252KB

.data
Size: 116KB - Virtual size: 131KB

.rsrc
Size: 12KB - Virtual size: 11KB