22dd39db0489272af6af0c20d213f62c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

22dd39db0489272af6af0c20d213f62c_JaffaCakes118
Size

245KB
MD5

22dd39db0489272af6af0c20d213f62c
SHA1

026b92a6ff74a689fdfcd7484c14931601564e24
SHA256

162e75673dc2873b99c895f48d8b1621296c8fdde2e98dd70dd490999ef8e03e
SHA512

7efd5ff67a42a56ddeb977193290678358d9b8d8b247c9b896857b0d6ac782864292f4685c296355c6f136e2ec38b1cdfbafcf8b6b2b47745be936f7c7b03c9b
SSDEEP

6144:+pAwrYwShsVZffYGw4veAEZ2uaUQ2vdEHFhfN:+9rOGZfw2E4mQiMF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22dd39db0489272af6af0c20d213f62c_JaffaCakes118

Files

22dd39db0489272af6af0c20d213f62c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

60c4e96fce4e6354fb5e3ff01f484031

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

ord75
ord11
ord45
ord140
ord17
ord135
ord185

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
HeapFree
HeapAlloc
GetProcessHeap
WaitForMultipleObjects
LocalFree
CreateThread
CreateEventW
SetFilePointer
GetLocalTime
InitializeCriticalSectionAndSpinCount
lstrcpyW
ResetEvent
GetSystemInfo
LocalAlloc
CreateMutexW
SetLastError
ReleaseMutex
VirtualQuery
OpenFileMappingW
OpenMutexW
ResumeThread
TerminateThread
SetThreadPriority
HeapReAlloc
HeapDestroy
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GlobalFree
CreateDirectoryW
ExpandEnvironmentStringsW
OpenEventW
lstrlenW
lstrlenA
LoadLibraryExW
FormatMessageW
GetTempPathW
GetTempFileNameW
OpenProcess
WriteFile
UnmapViewOfFile
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
DeleteFileW
OutputDebugStringW
GetModuleHandleW
FindFirstFileW
FindNextFileW
FindClose
QueryPerformanceFrequency
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetCurrentThreadId
HeapSize
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
LoadLibraryA
VirtualAllocEx

user32

PeekMessageW
DispatchMessageW
TranslateMessage
FindWindowExW
GetClassNameW
GetWindowThreadProcessId
MsgWaitForMultipleObjectsEx

advapi32

RegEnumKeyExW
RegOpenKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
CryptReleaseContext
CryptAcquireContextW
ConvertSidToStringSidW
LookupAccountNameW
GetUserNameW
RegEnumValueW
RegEnumKeyW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
SetNamedSecurityInfoW
AddAce
AddAccessAllowedAce
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptGenRandom
RegDeleteValueW
GetNamedSecurityInfoW
GetSidSubAuthority
GetAce
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetAclInformation
GetLengthSid
InitializeAcl
RegCloseKey

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoCreateGuid
StringFromGUID2
CoCreateInstance
CoInitializeEx
CoUninitialize
OleRun

oleaut32

VariantChangeType
SysAllocString
VariantInit
VariantClear
VariantCopy
SysAllocStringLen
VarCmp
SysStringByteLen
VarUdateFromDate
SysStringLen
SysFreeString

shlwapi

PathFileExistsW
StrStrIA
PathRemoveFileSpecW
SHDeleteEmptyKeyW
StrCmpW

esent

JetMakeKey
JetTerm
JetEndSession
JetDetachDatabase
JetCloseDatabase
JetCloseTable
JetMove
JetCommitTransaction
JetGetObjectInfo
JetBeginTransaction
JetCreateIndex
JetOpenTable
JetOpenDatabase
JetAttachDatabase
JetBeginSession
JetInit
JetSetSystemParameter
JetCreateInstance
JetFreeBuffer
JetGetInstanceInfo
JetGetTableColumnInfo
JetGetTableIndexInfo
JetSetIndexRange
JetSeek
JetSetCurrentIndex
JetRetrieveColumn

psapi

EnumProcessModules
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kbdgr

KbdLayerDescriptor

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rFZ
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fX
Size: 512B - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tw
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.F
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kz
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60c4e96fce4e6354fb5e3ff01f484031

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

esent

psapi

version

kbdgr

Sections

.text Size: 17KB - Virtual size: 16KB

.rFZ Size: 1KB - Virtual size: 2KB

.fX Size: 512B - Virtual size: 586B

.tw Size: 1024B - Virtual size: 1KB

.rdata Size: 5KB - Virtual size: 4KB

.F Size: 2KB - Virtual size: 2KB

.kz Size: 512B - Virtual size: 254B

.data Size: 212KB - Virtual size: 471KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 17KB - Virtual size: 16KB

.rFZ
Size: 1KB - Virtual size: 2KB

.fX
Size: 512B - Virtual size: 586B

.tw
Size: 1024B - Virtual size: 1KB

.rdata
Size: 5KB - Virtual size: 4KB

.F
Size: 2KB - Virtual size: 2KB

.kz
Size: 512B - Virtual size: 254B

.data
Size: 212KB - Virtual size: 471KB

.rsrc
Size: 4KB - Virtual size: 4KB