210366d4a3a26e2054f68303d496a7d7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

210366d4a3a26e2054f68303d496a7d7_JaffaCakes118
Size

384KB
MD5

210366d4a3a26e2054f68303d496a7d7
SHA1

ec1cd9889d6552ed7805f12dc9ca01e0a1aec6e8
SHA256

3eb3b72914c651d93adfb6e82e2cd9efbec77117d18446b486b6e87db9630db6
SHA512

e5d0751f9b453d4a19c74b494c67d48003528ba1356efb000c6e405526baf37dab7cc023749841b8b8f021199c249951d3732484e0ffab7410efb36fc995a8d4
SSDEEP

6144:pZ2XN0gD4kkgSpKZlC1CjB71Ma5OqqBNDiAtblmrvVTYrCu71ivm776s4HU3oNLI:zMl0BgS0Zo8lyQIBN2At5mrdT071iG7o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
210366d4a3a26e2054f68303d496a7d7_JaffaCakes118

Files

210366d4a3a26e2054f68303d496a7d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3313debfa378eea0b82d0fde5074af75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageW
CharNextW
CharUpperA
CharUpperW
DispatchMessageW
ExitWindowsEx
GetActiveWindow
GetKeyboardType
GetWindowThreadProcessId
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
CharLowerA
PostMessageW

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
HMETAFILE_UserFree
CoInitialize

crypt32

CryptHashPublicKeyInfo
CertGetCertificateContextProperty

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LsaQueryInformationPolicy
LsaOpenPolicy
LsaNtStatusToWinError
LsaFreeMemory
LsaClose
LookupPrivilegeValueW
IsValidSid
GetTokenInformation
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetLengthSid
FreeSid
AdjustTokenPrivileges
AllocateAndInitializeSid
CopySid
EqualSid

setupapi

SetupScanFileQueueW
SetupOpenInfFileW
SetupOpenFileQueue
SetupGetStringFieldW
SetupFindFirstLineW
SetupDiSetSelectedDriverW
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiInstallDriverFiles
SetupDiGetDriverInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInstallParamsW
SetupDiGetClassDevsW
SetupDiEnumDriverInfoW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiSetDeviceInstallParamsW
SetupCloseInfFile
SetupCloseFileQueue
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Get_DevNode_Registry_PropertyW
SetupDiBuildDriverInfoList

wininet

InternetGetConnectedState
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionA

kernel32

SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW
ExpandEnvironmentStringsW
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReleaseMutex
ReadFile
QueryPerformanceCounter
MultiByteToWideChar
MoveFileW
MapViewOfFile
LocalFree
LoadLibraryExW
LeaveCriticalSection
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
HeapReAlloc
HeapFree
HeapAlloc
GlobalFree
GlobalAlloc
GetVolumeInformationW
GetVersionExW
GetUserDefaultLangID
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
CloseHandle
CompareFileTime
CompareStringA
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateMutexW
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileW
DisableThreadLibraryCalls
EnterCriticalSection
GetProcessHeap
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeW
GetExitCodeProcess
GetExitCodeThread
GetFileSize
GetFileTime
GetFileType
GetLocalTime
GetLocaleInfoW
GetPrivateProfileStringW
GetProcAddress

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
SHBrowseForFolderW

oleaut32

VariantInit
VariantClear
VarR8FromI1
SysStringLen
SysFreeString
SysAllocString

shlwapi

PathFindExtensionW
PathIsRelativeW
PathIsRootW
PathIsUNCW
PathRemoveBackslashW
PathStripToRootW
StrChrW
StrCmpIW
StrCmpW
StrRChrW
StrStrIW
StrToIntExW
UrlGetPartW

Sections

.text
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3313debfa378eea0b82d0fde5074af75

Headers

File Characteristics

Imports

user32

ole32

crypt32

advapi32

setupapi

wininet

kernel32

shell32

oleaut32

shlwapi

Sections

.text Size: 296KB - Virtual size: 296KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 16KB - Virtual size: 104KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 296KB - Virtual size: 296KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 16KB - Virtual size: 104KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB