193eb4ea2f5609f487141a052272a7ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

193eb4ea2f5609f487141a052272a7ae_JaffaCakes118
Size

658KB
MD5

193eb4ea2f5609f487141a052272a7ae
SHA1

4ed7a4a3cc0a6c880a46bac69902dc40f5192e84
SHA256

19af8384f280bcfdbbe2bbb47c6e116c8d8c1d85aaa707d65bef3aa34ca9cca2
SHA512

7f17ea0d11bb5d49b948de0248e6cfd7e10b79e7b307b18b55d8ab209b9a7186c939ffd8cdf79b25bb91801882b064d76a1fbaebcf274cfbbe1caf8a8d76687b
SSDEEP

12288:Fa11Gr3+pfNixGTdIkIxJIEo3gMH70mVogKp4tQ3BfS6oN+qESVBx7neivjX/I:FWixGpuIEow7WG4tQxa6ojxvnei7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
193eb4ea2f5609f487141a052272a7ae_JaffaCakes118

Files

193eb4ea2f5609f487141a052272a7ae_JaffaCakes118
.exe windows:4 windows x86 arch:x86

68028b03509683a6993b2a9d3fd70d76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
DeleteCriticalSection
MulDiv
FreeLibrary
SizeofResource
VirtualLock
LockResource
lstrcmpW
WaitForMultipleObjects
FlushInstructionCache
HeapSize
GetVersionExW
FormatMessageW
GetProcAddress
GetThreadLocale
GetSystemInfo
GlobalFree
OpenProcess
HeapFree
VirtualAlloc
IsDebuggerPresent
InterlockedExchange
QueryPerformanceCounter
GetCurrentThreadId
CreateThread
MultiByteToWideChar
TerminateProcess
LocalAlloc
GetSystemTimeAsFileTime
LoadLibraryA
RaiseException
GetLocaleInfoA
GlobalLock
GetTempPathW
UnhandledExceptionFilter
InterlockedIncrement
LocalFree
GetComputerNameW
GetTickCount
LoadLibraryW
VirtualFree
WaitForSingleObject
CreateEventW
GlobalHandle
HeapReAlloc
lstrlenW
HeapDestroy
CloseHandle
InterlockedCompareExchange
GetLocaleInfoW
HeapAlloc
SetEvent
EnterCriticalSection
CreateMutexW
InitializeCriticalSection
GlobalAlloc
LoadLibraryExW
GetACP
LoadResource
ReleaseMutex
GetVersionExA
HeapSetInformation
InterlockedDecrement
SetLastError
GetProcessId
Sleep
LCMapStringW
lstrlenA
GetCurrentProcess
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WideCharToMultiByte
GetLastError
ProcessIdToSessionId
FindResourceW
GetSystemDirectoryW
FindResourceExW
VirtualUnlock
LeaveCriticalSection
GlobalUnlock
GetStartupInfoW
ResetEvent
CreateFileW
GetModuleHandleW

ddraw

DirectDrawCreate
DirectDrawCreateEx

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

ole32

CoGetClassObject
OleUninitialize
OleInitialize
CoInitializeEx
CLSIDFromString
CoTaskMemFree
CoUninitialize
StringFromCLSID
CLSIDFromProgID
CoTaskMemAlloc
StringFromGUID2
CoInitializeSecurity
CoAllowSetForegroundWindow
CreateStreamOnHGlobal
CoCreateInstance
OleLockRunning
CoSetProxyBlanket
CoCreateGuid

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdiplus

GdipDisposeImage
GdiplusStartup
GdipCloneImage
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipFree
GdipCreateBitmapFromFile
GdipAlloc
GdipCreateBitmapFromFileICM

msvcrt

_initterm
_initterm
_wtoi64
_wcmdln
_exit
fabs
memcpy
_amsg_exit
_cexit
_controlfp
__p__commode
__wgetmainargs
?terminate@@YAXXZ
memset
__setusermatherr
__set_app_type
iswdigit
exit
__p__fmode
_XcptFilter

gdi32

BitBlt
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
GetStockObject
CreateSolidBrush
DeleteObject
DeleteDC
SelectObject
GetObjectW

shlwapi

PathCombineW
UrlCombineW
UrlApplySchemeW
UrlCanonicalizeW
UrlGetPartW
PathAppendW

crypt32

CryptUnprotectData
CryptProtectData

shell32

SHAppBarMessage
SHGetFolderPathW
FindExecutableW
ShellExecuteW
CommandLineToArgvW
Shell_NotifyIconW
ShellExecuteExW

secur32

GetUserNameExW

Sections

.text
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68028b03509683a6993b2a9d3fd70d76

Headers

File Characteristics

Imports

kernel32

ddraw

wtsapi32

ole32

version

gdiplus

msvcrt

gdi32

shlwapi

crypt32

shell32

secur32

Sections

.text Size: 358KB - Virtual size: 357KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 278KB - Virtual size: 278KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 358KB - Virtual size: 357KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 278KB - Virtual size: 278KB

.rsrc
Size: 15KB - Virtual size: 15KB