245edaff767633a0043636df8d012c06_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

245edaff767633a0043636df8d012c06_JaffaCakes118
Size

376KB
MD5

245edaff767633a0043636df8d012c06
SHA1

7d37f5f1d412b293ffe8f655202d1664d7f8f0ce
SHA256

7e79abb0a65a91022e7302c5b36cf536e733d4a2cc5a93bdc6b2ee92f8de6e93
SHA512

e111db7c6a54a301d5bda9ce0894491c3bae27b1fb632a2ad9541a428a72a265a950f57544d10484d1cb8cb7f6fbc4c8c72788cf3e1ef7938741da4537ecd7e2
SSDEEP

6144:Az2YWC21BADI+w590mdE4EF95vtcVTY15EdX5j566WcparkBhUJyfN9uTB0leUDb:5YWC21BADI+w590mdnEF9htSs15EdJtV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
245edaff767633a0043636df8d012c06_JaffaCakes118

Files

245edaff767633a0043636df8d012c06_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7c4127fa341057be609672d8f98d71d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA

winmm

timeGetTime

dbghelp

MakeSureDirectoryPathExists

kernel32

GetLongPathNameA
OpenProcess
TerminateProcess
CreateDirectoryA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
CreateEventA
ResumeThread
GlobalAlloc
SetEvent
FreeResource
GetProcAddress
GetModuleHandleA
lstrcpynA
lstrcmpW
lstrcatA
FreeLibrary
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GetCurrentThread
SetLastError
WritePrivateProfileStringA
LocalFree
FormatMessageA
InterlockedDecrement
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
CreateFileA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GlobalFlags
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
RtlUnwind
ExitProcess
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
WaitForSingleObject
CloseHandle
ResetEvent
GetModuleFileNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
wsprintfA
PostQuitMessage
ValidateRect
GetCursorPos
TranslateMessage
GetMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
BeginPaint
EndPaint
GetSysColorBrush
DestroyMenu
GetClassLongA
GetClassInfoExA
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
ShowWindow
SetWindowTextA
IsDialogMessageA
GetClassNameA
SendMessageA
EnableWindow
CopyRect
RegisterWindowMessageA
DrawIcon
IsIconic
GetClientRect
SetParent
LoadIconA
GetSystemMetrics
RemovePropA
SetWindowLongA
CallWindowProcA
GetPropA
SetCursor
LoadCursorA
ReleaseCapture
PtInRect
WinHelpA
MessageBoxA
RedrawWindow
CharUpperA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
ClientToScreen
GetWindowRect
SetCapture
InvalidateRect
GetCapture
GetWindowLongA
SetPropA
GetParent
GetDlgItem
FillRect
GetSysColor
ReleaseDC
GetDC
SetRect
GetWindow

gdi32

ScaleWindowExtEx
SetWindowExtEx
SetMapMode
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetStockObject
CreateFontA
SetTextColor
DeleteObject
CreateFontIndirectA
GetObjectA
BitBlt
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
GetDeviceCaps
RestoreDC
SaveDC
CreateBitmap
SetBkColor
GetClipBox

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegConnectRegistryA
RegQueryValueA
RegEnumValueA
RegOpenKeyA

shell32

ShellExecuteA
SHFileOperationA
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

OleLoadPicture
VariantClear
VariantChangeType
VariantInit

comctl32

ord17
ImageList_Destroy

shlwapi

PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
SHDeleteKeyA

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA

Sections

.text
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c4127fa341057be609672d8f98d71d0

Headers

File Characteristics

Imports

psapi

winmm

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

oleacc

winspool.drv

comdlg32

Sections

.text Size: 236KB - Virtual size: 234KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 8KB - Virtual size: 45KB

.rsrc Size: 56KB - Virtual size: 52KB

.text
Size: 236KB - Virtual size: 234KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 8KB - Virtual size: 45KB

.rsrc
Size: 56KB - Virtual size: 52KB