1a34c624507cf7a017fba7ac938b12c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1a34c624507cf7a017fba7ac938b12c3_JaffaCakes118
Size

106KB
MD5

1a34c624507cf7a017fba7ac938b12c3
SHA1

c997f8abe57967b6eaa38dc83117783d545cb274
SHA256

74664f0dc4084497ce6ccb687d5b6b2fcf0d790aa7ff9ce2a5fb78432ddba7b3
SHA512

7238c77f8c853e1beba6d33fb4f42241df05e205138d982a0c8f64f0cfb803aa8f10798f0b43c25d38f4b3fae40e986ae4ec0477bbae184b4c207b1dca2ef035
SSDEEP

1536:6slsur/ilRAtAknR/62xg64+IeFLOaakv7OclEzf4qBalffG:6s68qlRnw/hi7+RhOalv7Ocir1Qm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a34c624507cf7a017fba7ac938b12c3_JaffaCakes118

Files

1a34c624507cf7a017fba7ac938b12c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0f5491f11b755de122b90d899ba9e4c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

kernel32

GetVolumeInformationW
GetFileAttributesW
Sleep
GetTickCount
ProcessIdToSessionId
GetCurrentProcessId
GetLastError
OpenMutexW
GetVersionExW
CreateMutexW
ReleaseMutex
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
MultiByteToWideChar
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
CreateFileMappingW
OpenFileMappingW
GetDriveTypeW
LoadLibraryW
GetLocaleInfoW
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
HeapFree
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
GetLogicalDriveStringsW
CloseHandle
DeviceIoControl
CreateFileW
InterlockedDecrement
InterlockedIncrement
GetSystemTimeAsFileTime
HeapAlloc
FreeLibrary
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy

user32

RegisterWindowMessageW
UnregisterClassA
PostMessageW
SendMessageW
IsWindow
FindWindowW
DefWindowProcW
PostQuitMessage
EndPaint
BeginPaint
UpdateWindow
ShowWindow
SetTimer
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
GetMessageW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegEnumKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_CxxThrowException
??0exception@std@@QAE@ABQBD@Z
?terminate@@YAXXZ
??3@YAXPAX@Z
_wcsicmp
wcslen
memcmp
memcpy_s
memmove_s
__CxxFrameHandler3
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??2@YAPAXI@Z
??_V@YAXPAX@Z
wcsstr
wcschr
wcsrchr
_wcsupr_s
iswspace
wcscmp
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
wcscpy_s
_wsplitpath_s
wcscat_s
_vscwprintf
vswprintf_s
?what@exception@std@@UBEPBDXZ
__argc
sprintf_s
malloc
strlen
wcstombs_s
mbstowcs_s
free
_wtol
_wcslwr_s
memset
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_crt_debugger_hook

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f5491f11b755de122b90d899ba9e4c2

Headers

File Characteristics

Imports

wtsapi32

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

msvcr80

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.nrdata Size: 68KB - Virtual size: 68KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.nrdata
Size: 68KB - Virtual size: 68KB