199271084d14cb028d86af82653176d3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

199271084d14cb028d86af82653176d3_JaffaCakes118
Size

372KB
MD5

199271084d14cb028d86af82653176d3
SHA1

471641d4f53e54cc542860f7df1237afc39f5a73
SHA256

46e91367923c85ee626e71be8dd001326cf6d304877ba11633b2aa360f098f71
SHA512

ba03245ed2cef5191e5bbc3de177eedae8c642052f571a92c5a82a311fc78c96c80fb347e10191181ec348f1aefc1566d856b6530b5d98ece961b7f816a10cf6
SSDEEP

6144:g54tFyGVwKpmX2zV05vr4q226sh9NX8fkohAlcXIXj5jhag38FvBi7prNkkbw1Dh:7XmKpN6kxFk78bFwj5jwg3qOjqdOm1N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
199271084d14cb028d86af82653176d3_JaffaCakes118

Files

199271084d14cb028d86af82653176d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5126a02811cbb141f1baeb20661f65e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateFontIndirectW
GetDeviceCaps
GetStockObject
GetObjectW
DeleteObject

msvcrt

_setjmp3
memset
malloc
_wcsicmp
_vsnwprintf
longjmp
_wtoi
memcpy
bsearch
_vsnprintf
_ultow
_amsg_exit
_XcptFilter
_wtol
_adjust_fdiv
_wcsnicmp
memmove
_initterm
free

user32

GetDlgItem
GetDC
EndDialog
SendMessageW
IsWindow
ExitWindowsEx
GetDesktopWindow
PeekMessageW
EnableWindow
SetDlgItemTextW
MessageBeep
ReleaseDC
GetSystemMetrics
CharUpperW
GetDlgItemTextW
SetWindowPos
CharNextW
LoadStringW
GetWindowRect
MessageBoxW
OemToCharA
DispatchMessageW
CharNextA
MsgWaitForMultipleObjects
CharPrevW
UpdateWindow
CreateDialogParamW
DialogBoxParamW
SendDlgItemMessageW
SetWindowTextW
DestroyWindow
ShowWindow

rpcrt4

RpcStringFreeW

kernel32

CloseHandle
GetCurrentProcessId
GetCurrentProcess
SizeofResource
GetSystemInfo
MulDiv
MoveFileExW
GetEnvironmentVariableW
GetTempFileNameW
FindFirstFileW
CreateDirectoryW
FindResourceW
GetFileAttributesW
InterlockedExchange
UnmapViewOfFile
LocalAlloc
DeleteFileW
FindClose
QueryPerformanceCounter
DisableThreadLibraryCalls
ExpandEnvironmentStringsW
LocalFree
GetVolumeInformationW
GetWindowsDirectoryW
GetFileTime
SetFilePointer
MapViewOfFile
RtlUnwind
GetProcAddress
FindResourceExW
lstrlenA
MoveFileW
GetFullPathNameW
WritePrivateProfileSectionW
LocalReAlloc
GetLocalTime
EnumResourceLanguagesW
GetShortPathNameW
SetLastError
FormatMessageW
MultiByteToWideChar
CompareStringW
GetCurrentThreadId
SetFileTime
GetTickCount
CopyFileW
lstrlenW
GetLastError
GetPrivateProfileSectionW
GetStartupInfoA
GetPrivateProfileStringW
GetSystemDefaultUILanguage
GetDriveTypeW
GetProfileStringW
SetFileAttributesW
lstrcmpiW
RemoveDirectoryW
WideCharToMultiByte
LoadResource
lstrcmpiA
LoadLibraryW
SearchPathW
FreeLibrary
CreateFileMappingW
GetDiskFreeSpaceW
Sleep
CreateFileW
WritePrivateProfileStringW
LoadLibraryExW
GetUserDefaultUILanguage
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
WriteFile
lstrcmpW
FindNextFileW
GetModuleFileNameW
UnhandledExceptionFilter
MapViewOfFileEx
ReadFile
GetFileSize
GetVersionExW
InterlockedCompareExchange
CreateProcessW
GetTempPathW
GetSystemDirectoryW
GetPrivateProfileIntW

shlwapi

StrChrW
PathAppendW
PathCombineW
PathRemoveFileSpecW
PathAddBackslashW
PathBuildRootW
StrRChrW
PathFileExistsW
StrStrIW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree

advapi32

RegCreateKeyExW
RegQueryValueExA
FreeSid
ConvertSidToStringSidA
GetTokenInformation
RegQueryInfoKeyW
CredRenameW
BuildTrusteeWithNameA
RegQueryValueExW
RegOpenKeyExA
ControlTraceA
AllocateAndInitializeSid
RegSaveKeyW
AdjustTokenPrivileges
CancelOverlappedAccess
CreateServiceW
RegSetValueW
RegFlushKey
RegDeleteValueW
RegDeleteKeyW
LookupPrivilegeValueW
RegSetValueExW
RegCloseKey
RegLoadKeyW

ntdll

NtAllocateVirtualMemory
RtlAdjustPrivilege

setupapi

SetupGetStringFieldW
SetupFindFirstLineW
SetupFindNextLine
SetupOpenAppendInfFileW
SetupTermDefaultQueueCallback
SetupInstallFromInfSectionW
SetupCommitFileQueueW
SetupQueueCopyW
SetupOpenInfFileW
SetupOpenFileQueue
SetupInitDefaultQueueCallbackEx
SetupGetLineTextW
SetupSetDirectoryIdW
SetupCloseFileQueue
SetupDefaultQueueCallbackW
SetupCloseInfFile

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5126a02811cbb141f1baeb20661f65e

Headers

File Characteristics

Imports

gdi32

msvcrt

user32

rpcrt4

kernel32

shlwapi

ole32

advapi32

ntdll

setupapi

version

Sections

.text Size: 10KB - Virtual size: 9KB

.rsrc Size: 354KB - Virtual size: 353KB

.data Size: 3KB - Virtual size: 1.2MB

.rdata Size: 4KB - Virtual size: 3KB

.text
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 354KB - Virtual size: 353KB

.data
Size: 3KB - Virtual size: 1.2MB

.rdata
Size: 4KB - Virtual size: 3KB