1763a319e123c28e1a0a643929931232_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1763a319e123c28e1a0a643929931232_JaffaCakes118
Size

587KB
MD5

1763a319e123c28e1a0a643929931232
SHA1

5c539803097e6765bc9a4f70dafc26e36ceef7b1
SHA256

9d62f51ac02d947d9ba7f637f749b3eaf6967c2d227947997edd71fd50da9083
SHA512

d9eddf9dbf175e94adc7d7da9fdfeb8374f8213bde0ba46aee42f89479616bf90730f1091d86de94ddf8e43c21868ca5eaf12be8dd7b289b9bce0e346fd3d1eb
SSDEEP

12288:jKrez0Ba4KnTjm0Y6++NoQ40hKxhLQAqXScmRuw2bjIs/:CKx++mYhoh/qXz2uX1/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1763a319e123c28e1a0a643929931232_JaffaCakes118

Files

1763a319e123c28e1a0a643929931232_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c0aad80557d7351bcee7f9c0e071c8b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
ExitProcess
Sleep
HeapReAlloc
lstrlenW
HeapCreate
GetModuleFileNameA
LCMapStringA
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LCMapStringW
SetStdHandle
WriteConsoleA
VirtualFree
VirtualAlloc
CloseHandle
OpenMutexW
GetCommandLineW
lstrcmpW
GetCurrentProcessId
WriteConsoleW
CreateFileA
FlushFileBuffers
GetConsoleOutputCP
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
SizeofResource
MultiByteToWideChar
SetLastError
FindResourceW
LoadResource
LockResource
lstrcatW
lstrcpynW
lstrlenA
lstrcpynA
lstrcpyW
GetVersionExW
FreeLibrary
LoadLibraryW
lstrcmpiW
GetModuleHandleW
GetProcAddress
InterlockedDecrement
InterlockedIncrement
GetStdHandle
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException

user32

OffsetRect
CallNextHookEx
CharLowerW
UnhookWindowsHookEx
GetClassNameW
RegisterWindowMessageW
GetSysColorBrush
GetWindowDC
GetMessagePos
SetWindowsHookExW
SetRectEmpty
WindowFromPoint
FrameRect
ModifyMenuW
DrawEdge
DrawFrameControl
DrawTextW
FillRect
GetActiveWindow
GetWindowThreadProcessId
IsWindowEnabled
ScreenToClient
LoadMenuW
LoadAcceleratorsW
ReleaseCapture
GetFocus
GetSystemMetrics
GetDesktopWindow
InflateRect
GetSysColor
ReleaseDC
AdjustWindowRectEx
GetKeyState
SetCursor
SetCapture
ClientToScreen
GetDC
PeekMessageW
PtInRect
MessageBeep
IsMenu
GetSubMenu
IsWindowVisible
LoadBitmapW
CallWindowProcW
CheckMenuRadioItem
EnableMenuItem
AppendMenuW
DeleteMenu
TrackPopupMenuEx
MonitorFromPoint
GetMonitorInfoW
GetMenuItemID
GetMenuItemCount
DestroyMenu
LoadStringA
PostQuitMessage
SetFocus
LoadStringW
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
IsWindow
GetDlgCtrlID
GetParent
RedrawWindow
UpdateWindow
MapWindowPoints
GetClientRect
SetWindowPos
SetMenu
GetMenu
SetWindowTextW
PostMessageW
CreateWindowExW
RemoveMenu
CreatePopupMenu
GetWindowLongW
InvalidateRect
GetWindowRect
SendMessageW
TranslateAcceleratorW
GetClassInfoExW
LoadCursorW
LoadImageW
RegisterClassExW
DestroyWindow
CharNextW
DefWindowProcW
ShowWindow
SetWindowLongW
wvsprintfW
SystemParametersInfoW
UnregisterClassA

gdi32

DeleteObject
CreateCompatibleDC
GetObjectW
CreateDIBSection
SelectObject
DeleteDC
GetCurrentObject
SetViewportOrgEx
CreateCompatibleBitmap
Polygon
CreatePen
CreateSolidBrush
BitBlt
CreateFontIndirectW
SetBkMode
SetTextColor
SetBrushOrgEx
SetBkColor
PatBlt
CreateBitmap
GetStockObject
CreatePatternBrush

advapi32

RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

oleaut32

VarUI4FromStr

comctl32

ImageList_DragLeave
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_BeginDrag
ImageList_AddMasked
ImageList_LoadImageW
ord8
ImageList_DrawIndirect
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
CreateStatusWindowW
InitCommonControlsEx
ImageList_Draw

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0aad80557d7351bcee7f9c0e071c8b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 342KB - Virtual size: 341KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 342KB - Virtual size: 341KB