19fcc93b0329fbe04672d1cead06552a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

19fcc93b0329fbe04672d1cead06552a_JaffaCakes118
Size

253KB
MD5

19fcc93b0329fbe04672d1cead06552a
SHA1

a98920ac1be9fe1f13d5bb1f4d07561169a7d921
SHA256

7505543fd9ed09a94d9c4038bdb0588b5deb73b978377c2c379f8e28076c11aa
SHA512

760ec9107a4806a3942622f01b2a1d259f9b038620afddac640660c6370c7943703a39703f42263ab837a6b661c3534f9d26815c2bd4b7f1651f997046dbbf7f
SSDEEP

6144:E9WJj8dSAnPjj73BftsY/bFCIFA0NP0khF0Mq3+Ebj3z2t:RJj8gAH73BfdA21NP0k7013Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19fcc93b0329fbe04672d1cead06552a_JaffaCakes118

Files

19fcc93b0329fbe04672d1cead06552a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a5351ad10c610414214d0927cfa4189

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateEventW
FreeLibrary
RemoveDirectoryW
GetTempPathW
GetTempFileNameW
SetEvent
Sleep
lstrcpynW
GetLastError
GetModuleHandleW
LoadLibraryW
lstrlenA
lstrlenW
MultiByteToWideChar
OpenEventW
CompareFileTime
GetVersionExW
CreateMutexW
GetLocaleInfoW
ExpandEnvironmentStringsA
LoadLibraryA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetExitCodeProcess
lstrcatW
lstrcmpW
GetCurrentProcessId
GetLocalTime
InitializeCriticalSection
ExpandEnvironmentStringsW
lstrcpynA
SystemTimeToFileTime
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
GetFileAttributesW
GetVolumeInformationW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetCurrentThread
GetCurrentProcess
LocalAlloc
LocalFree
CreateDirectoryW
GetProcAddress

user32

GetForegroundWindow
GetActiveWindow
MessageBoxW
MoveWindow
GetTopWindow
RegisterWindowMessageW
SetTimer
LoadCursorW
GetSystemMetrics
LoadIconW
CopyRect
GetSysColor
PeekMessageW
IsWindow
EnumWindows
PostMessageW
GetCursorPos
DestroyIcon
GetFocus
InvalidateRect
LoadMenuW
GetSubMenu
EnableMenuItem
CheckMenuItem
OffsetRect
SetWindowPos
LoadImageW
SendMessageW
EnableWindow
FindWindowA
GetCapture
GetCaretPos
SetCursor
LoadMenuIndirectW
DefWindowProcA
GetKeyboardType
IsDlgButtonChecked
SetDlgItemInt
DialogBoxParamA
GetKeyboardLayout
MessageBoxIndirectA
CreateWindowExW
AdjustWindowRect
WaitForInputIdle
RegisterClassExA
GetClassInfoW
mouse_event
FindWindowW
LoadMenuA
GetClassInfoExA
MessageBoxA
GetDlgItemTextW
GetClassInfoA
GetAsyncKeyState
wvsprintfW
CharPrevA
WinHelpA
GetMenu
UnregisterClassW
wsprintfW

gdi32

CreatePatternBrush
DeleteObject
CreateSolidBrush
CreatePen
CreateRectRgn
GetStockObject
CreateCompatibleDC
CreateFontIndirectW
CreateMetaFileA
GetEnhMetaFileW
GetRasterizerCaps
CreateDIBSection
CreateDIBPatternBrush
GetMetaFileW
StretchDIBits
AddFontResourceW
RemoveFontResourceW
RemoveFontResourceExA
ExtCreateRegion
CreateEllipticRgn

advapi32

AddAccessAllowedAce
RegOpenKeyExA
RegQueryValueExA
QueryServiceConfigW
ChangeServiceConfigW
DeleteService
ControlService
OpenServiceW
StartServiceW
QueryServiceStatus
OpenSCManagerW
CreateServiceW
CloseServiceHandle
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
FreeSid
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
SetSecurityDescriptorDacl
RevertToSelf
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
GetUserNameW

shell32

ShellExecuteW
ShellExecuteExW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetReplGetInfo
NetUseGetInfo

Sections

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jEty
Size: 105KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZTghsb
Size: 113KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a5351ad10c610414214d0927cfa4189

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

netapi32

Sections

.edata Size: 2KB - Virtual size: 1KB

.rdata Size: 13KB - Virtual size: 16KB

.rdata Size: 5KB - Virtual size: 47KB

.jEty Size: 105KB - Virtual size: 177KB

.data Size: 6KB - Virtual size: 353KB

.ZTghsb Size: 113KB - Virtual size: 160KB

.rsrc Size: 7KB - Virtual size: 7KB

.edata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 13KB - Virtual size: 16KB

.rdata
Size: 5KB - Virtual size: 47KB

.jEty
Size: 105KB - Virtual size: 177KB

.data
Size: 6KB - Virtual size: 353KB

.ZTghsb
Size: 113KB - Virtual size: 160KB

.rsrc
Size: 7KB - Virtual size: 7KB