1acaa1a709db41bf2e24b57274c8cc7b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1acaa1a709db41bf2e24b57274c8cc7b_JaffaCakes118
Size

455KB
MD5

1acaa1a709db41bf2e24b57274c8cc7b
SHA1

a91da3c04ae76a665884d0ae6eb25b449dd19178
SHA256

2a5cb9d042ac77563225db0953c6895a64de89cf0a5abf6a706f9cb8624f1530
SHA512

f776b812f73deb5c6dd8823adc71b6783c534f2a600bd518fb14dc09ac4038f8cf491f65723c447a28d20e56059ea02905dd9953d2d57187eb96e330bcb0c460
SSDEEP

12288:5G4HzBfNpxaOtShkHCAZIXZvKil2jwAFXyS:5G4TPpx13nupvPsjNQS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1acaa1a709db41bf2e24b57274c8cc7b_JaffaCakes118

Files

1acaa1a709db41bf2e24b57274c8cc7b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

572698a49e97c064d6ab544d2873baf0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleUninitialize
OleInitialize
CoTaskMemFree

shlwapi

PathFileExistsW
PathAppendW
StrRChrW
StrChrW
PathAddBackslashW
PathBuildRootW
PathRemoveFileSpecW
PathCombineW
StrStrIW

msvcrt

malloc
memmove
_vsnprintf
_ultow
_amsg_exit
_wtoi
_wcsicmp
memset
bsearch
memcpy
longjmp
_wtol
_adjust_fdiv
_initterm
_setjmp3
_XcptFilter
_vsnwprintf
free
_wcsnicmp

rpcrt4

RpcStringFreeW

user32

GetDlgItem
DialogBoxParamW
ReleaseDC
SetWindowPos
GetDC
CreateDialogParamW
EnableWindow
IsWindow
ShowWindow
UpdateWindow
CharNextA
OemToCharA
DispatchMessageW
GetDesktopWindow
SendDlgItemMessageW
SendMessageW
GetDlgItemTextW
CharUpperW
MessageBoxW
CharNextW
SetWindowTextW
LoadStringW
ExitWindowsEx
GetSystemMetrics
DestroyWindow
GetWindowRect
PeekMessageW
CharPrevW
EndDialog
MessageBeep
SetDlgItemTextW
MsgWaitForMultipleObjects

ntdll

NtAllocateVirtualMemory
RtlAdjustPrivilege

advapi32

RegSaveKeyW
CredRenameW
RegCloseKey
BuildTrusteeWithNameA
ConvertSidToStringSidA
RegLoadKeyW
RegUnLoadKeyW
AdjustTokenPrivileges
RegCreateKeyExW
RegQueryValueExA
RegEnumKeyW
ControlTraceA
AllocateAndInitializeSid
RegDeleteKeyW
FreeSid
RegOpenKeyExA
RegOpenKeyExW
CancelOverlappedAccess
RegFlushKey
OpenProcessToken
LookupPrivilegeValueW
GetTokenInformation
EqualSid
CreateServiceW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdi32

CreateFontIndirectW
DeleteObject
GetDeviceCaps
GetObjectW
GetStockObject

kernel32

WriteFile
GetCurrentThreadId
CreateFileMappingW
GetVolumeInformationW
MultiByteToWideChar
GetSystemDefaultUILanguage
LocalAlloc
GetCurrentProcessId
GetCurrentProcess
SetFileAttributesW
CreateDirectoryW
LocalFree
lstrcmpW
LoadResource
SizeofResource
ExpandEnvironmentStringsW
FindResourceW
QueryPerformanceCounter
UnhandledExceptionFilter
InterlockedCompareExchange
DisableThreadLibraryCalls
RtlUnwind
EnumResourceLanguagesW
CloseHandle
GetSystemDirectoryW
GetModuleFileNameW
WritePrivateProfileStringW
GetUserDefaultUILanguage
GetLocalTime
CreateFileW
LoadLibraryW
FreeLibrary
FormatMessageW
GetEnvironmentVariableW
RemoveDirectoryW
GetFileAttributesW
CompareStringW
GetTempFileNameW
CopyFileW
MapViewOfFile
lstrlenW
GetTickCount
GetShortPathNameW
GetProfileStringW
lstrlenA
GetProcAddress
GetDriveTypeW
SetUnhandledExceptionFilter
MoveFileExW
MoveFileW
GetVersionExW
lstrcmpiA
WideCharToMultiByte
GetFileTime
GetDiskFreeSpaceW
SearchPathW
FindNextFileW
SetFilePointer
GetSystemInfo
FindClose
GetTempPathW
GetPrivateProfileIntW
LoadLibraryExW
FindFirstFileW
TerminateProcess
GetFullPathNameW
SetLastError
lstrcmpiW
ReadFile
LockResource
GetFileSize
GetPrivateProfileStringW
MapViewOfFileEx
SetFileTime
UnmapViewOfFile
DeleteFileW
FindResourceExW
Sleep
LocalReAlloc
GetWindowsDirectoryW
GetPrivateProfileSectionW
GetLastError
WritePrivateProfileSectionW
GetStartupInfoA
GetSystemTimeAsFileTime
InterlockedExchange
CreateProcessW

setupapi

SetupInitDefaultQueueCallbackEx
SetupCommitFileQueueW
SetupGetLineTextW
SetupGetStringFieldW
SetupQueueCopyW
SetupFindFirstLineW
SetupCloseFileQueue
SetupTermDefaultQueueCallback
SetupCloseInfFile
SetupOpenFileQueue
SetupDefaultQueueCallbackW
SetupOpenInfFileW
SetupSetDirectoryIdW
SetupFindNextLine
SetupOpenAppendInfFileW
SetupInstallFromInfSectionW

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

572698a49e97c064d6ab544d2873baf0

Headers

File Characteristics

Imports

ole32

shlwapi

msvcrt

rpcrt4

user32

ntdll

advapi32

version

gdi32

kernel32

setupapi

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 434KB - Virtual size: 433KB

.data Size: 4KB - Virtual size: 936KB

.reloc Size: 512B - Virtual size: 36B

.rdata Size: 4KB - Virtual size: 4KB

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 434KB - Virtual size: 433KB

.data
Size: 4KB - Virtual size: 936KB

.reloc
Size: 512B - Virtual size: 36B

.rdata
Size: 4KB - Virtual size: 4KB