1b357efa7188654432ec83306bb29e7d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b357efa7188654432ec83306bb29e7d_JaffaCakes118
Size

501KB
MD5

1b357efa7188654432ec83306bb29e7d
SHA1

71e37b5e33bca9157a3d54b0d5272d201fa73e08
SHA256

9b556166cbae29d12c82ca19adb98fe893de4c880f79814e0e775c8e1aeec729
SHA512

0f2aaa67e8ff62cd65ea116fd56cca0204de8a1ab37afc8fca9348fcaa146dcfc550ba3b7b24e18d734bf3b8689e295b6a86ece2546abc05dd01cd057db8af0f
SSDEEP

12288:EQZpQHBRvR7wxGTUNcT47iHds8hgnxOJbdDFwHbZPVlZMMnMMMMMUyzPJaEf:EQyBJ1wxGTrTzH7agJ9Fcd/MMnMMMMMX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b357efa7188654432ec83306bb29e7d_JaffaCakes118

Files

1b357efa7188654432ec83306bb29e7d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

627709282aa9a281f041790f69a6f405

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostMessageA
DeleteMenu
SendDlgItemMessageA
IsWindow
GetAsyncKeyState
GetMenu
EnableWindow
BeginDeferWindowPos
PtInRect
GetWindowDC
wsprintfA
GetKeyState
PostMessageW
SetDlgItemTextA
FillRect
GetMessagePos
DdeDisconnect
GetMessageTime
HideCaret
IsRectEmpty
UpdateWindow
GetMenuItemCount
GetScrollInfo
SetWindowLongA
DdeQueryConvInfo
DrawFocusRect
OemToCharA
KillTimer
CallNextHookEx
MsgWaitForMultipleObjects
GetClipboardData
CreateWindowExA
GetClassNameA
GetSubMenu
AdjustWindowRect

kernel32

LockResource
SetEndOfFile
FileTimeToSystemTime
SystemTimeToFileTime
GetUserDefaultLCID
lstrcmpA
LockFile
HeapSize
GetWindowsDirectoryA
HeapFree
GetProcAddress
CreateFileA
GetLocaleInfoA
WideCharToMultiByte
GetACP
GetModuleFileNameW
GetFileAttributesA
RemoveDirectoryA
GlobalSize
GetSystemTime
LoadResource
FileTimeToLocalFileTime
GetTempFileNameA
LCMapStringA
GlobalAlloc
GetDriveTypeA
CreateProcessA
GetCurrentThreadId
GetProfileStringA
GetLastError
_llseek
LoadLibraryA
GetCurrentProcess
SetEvent
CompareStringW
GetLocalTime
ExitThread
GetCommandLineA
GetCurrentProcessId
Sleep
InterlockedDecrement
GetSystemDirectoryA
GetOEMCP
GlobalFree
VirtualQuery
GlobalLock
CreateThread
SetLastError
lstrcpyA
GetCurrentDirectoryA
GlobalReAlloc
_lwrite
GetTimeZoneInformation
TlsAlloc
OpenProcess
GetVersion
lstrlenA
GetSystemDefaultLangID
SetLocalTime
UnhandledExceptionFilter
DeleteFileA
CreateDirectoryA
CreateSemaphoreA
ReadFile
SearchPathA
lstrcmpiA
IsBadCodePtr
TerminateProcess
ExitProcess
WinExec
GetFileTime
FindClose
SetStdHandle
VirtualAlloc
HeapDestroy
SetHandleCount
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsW
GetTickCount
LoadLibraryExA
CreateEventA
ReleaseSemaphore
GetCPInfo
SetFileTime
GlobalDeleteAtom
SetEnvironmentVariableA
HeapAlloc
VirtualFree
UnlockFile
FreeEnvironmentStringsA
FlushFileBuffers
MoveFileA
GetShortPathNameA
GetSystemDefaultLCID
GetVersionExA
InitializeCriticalSection
IsDBCSLeadByte
FreeResource
SetCurrentDirectoryA
FindResourceA
GetStringTypeExA
HeapCreate
FormatMessageA
GetStringTypeW
FlushInstructionCache
CompareStringA
EnterCriticalSection
GetFileType
GlobalAddAtomA
lstrcatA
DuplicateHandle
GetStringTypeA
SizeofResource
lstrcmpiW
MulDiv
WaitForSingleObject
GlobalHandle
HeapReAlloc
GetModuleHandleA
InterlockedIncrement
_lread
DeleteCriticalSection
RtlUnwind
_lclose
GetExitCodeProcess
RaiseException
FindFirstFileA
ResumeThread
lstrcpynA
VirtualProtect
WriteFile
GetModuleFileNameA
FindNextFileA
GetSystemInfo
GetDateFormatA
GlobalUnlock
GetTempPathA
TlsGetValue
GetEnvironmentStrings
GetStdHandle
GetUserDefaultLangID
CloseHandle
GetVolumeInformationA
GetStartupInfoA
SetErrorMode
SetFilePointer
FormatMessageW
TlsFree
GetFullPathNameA
ResetEvent
LeaveCriticalSection
CreateProcessW
SetFileAttributesA
GetEnvironmentStringsW
FreeLibrary
IsBadReadPtr

samlib

SamConnectWithCreds
SamRemoveMultipleMembersFromAlias

ddraw

DirectDrawEnumerateA

ws2_32

setsockopt

advapi32

ReportEventA
RegOpenKeyExA
RegSetValueExW
RegDeleteKeyW
RegCreateKeyA
RegCloseKey
RegEnumValueW
RegDeleteKeyA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
SetSecurityDescriptorDacl
DeregisterEventSource
InitializeSecurityDescriptor
RegCreateKeyW
RegQueryInfoKeyA
OpenProcessToken
RegisterEventSourceA
RegOpenKeyW
RegQueryValueExW
RegOpenKeyA
RegEnumKeyW
RegSetValueA
LookupPrivilegeValueA
RegDeleteValueW
RegQueryValueA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

627709282aa9a281f041790f69a6f405

Headers

File Characteristics

Imports

user32

kernel32

samlib

ddraw

ws2_32

advapi32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 155KB - Virtual size: 1024KB

.rsrc Size: 131KB - Virtual size: 131KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 155KB - Virtual size: 1024KB

.rsrc
Size: 131KB - Virtual size: 131KB