1bf5dc0615b6b964866278f13b85f789_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1bf5dc0615b6b964866278f13b85f789_JaffaCakes118
Size

341KB
MD5

1bf5dc0615b6b964866278f13b85f789
SHA1

89026549d60e2d3bb298b8d3a0e23419a608afe8
SHA256

2e776a4a98e62672fa4b5970a1ea2e9a0733df89e6015fd4166c01588a44f6c2
SHA512

096fed65c3b69471042cfe7a6ee1856e88691939fded143e741505baa17607a3bc6666caed8f4af76c714384d61a13a8faaf6ba84e623990dc80720790f3e5c5
SSDEEP

6144:rU5zvxuenu5x7sPnddAAmSuNI2JKhoW4/86VZVIiWuEVm/eSG/NW4:a55nm8mXDNIhaWcVZiE/j8W4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bf5dc0615b6b964866278f13b85f789_JaffaCakes118

Files

1bf5dc0615b6b964866278f13b85f789_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e200088f5dbc7ea1bd609ad6693cee3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHAddToRecentDocs
SHAppBarMessage

rpcrt4

RpcEpRegisterNoReplaceA

ole32

CoTaskMemFree
CoTaskMemAlloc

version

VerQueryValueW

user32

CloseWindow
CloseDesktop
CloseWindowStation
CharPrevA
CharNextA
GetDC
GetKeyboardLayout
GetKeyboardLayoutList
GetMenuCheckMarkDimensions
GetMonitorInfoA
GetSysColor
GetSystemMetrics
ReleaseDC
CloseClipboard

kernel32

ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetProcessTimes
GetShortPathNameA
GetStringTypeExW
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
EnterCriticalSection
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapReAlloc
HeapSize
HeapUnlock
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
SetFileAttributesW
SetLastError
SetLocalTime
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
WaitForSingleObject
WideCharToMultiByte
WriteFile
DeleteFileW
DeleteCriticalSection
CreateSemaphoreA
CreateMutexA
CreateFileW
CreateDirectoryW
CloseHandle
GetTempPathW

advapi32

FreeSid
AddAccessDeniedAce
UnregisterTraceGuids
TraceEvent
SetSecurityDescriptorDacl
RegisterTraceGuidsA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyW
RegCreateKeyExW
RegCloseKey
OpenThreadToken
InitializeSecurityDescriptor
InitializeAcl
GetTraceLoggerHandle
GetTraceEnableLevel
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
CheckTokenMembership
AllocateAndInitializeSid
AddAccessAllowedAce

shlwapi

StrCmpNA
StrChrA
ChrCmpIA
PathFileExistsA

dsound

ord9

Exports

Exports

TokenizerInit
TokenizerTerminate
TokenizerTokenize

Sections

.text
Size: 276KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e200088f5dbc7ea1bd609ad6693cee3

Headers

File Characteristics

Imports

shell32

rpcrt4

ole32

version

user32

kernel32

advapi32

shlwapi

dsound

Exports

Exports

Sections

.text Size: 276KB - Virtual size: 279KB

.rdata Size: 36KB - Virtual size: 40KB

.data Size: 13KB - Virtual size: 16KB

.idata Size: 4KB - Virtual size: 8KB

.rsrc Size: 6KB - Virtual size: 8KB

.text
Size: 276KB - Virtual size: 279KB

.rdata
Size: 36KB - Virtual size: 40KB

.data
Size: 13KB - Virtual size: 16KB

.idata
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 6KB - Virtual size: 8KB