256a35a6f9a5fefda30197e407100b00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

256a35a6f9a5fefda30197e407100b00_JaffaCakes118
Size

281KB
MD5

256a35a6f9a5fefda30197e407100b00
SHA1

2d0c7f2ffbbb6a826f30911e460c833b501acda0
SHA256

660e21990e8620c97f3eb2eb6d74b7589dfa4b18edc21716ad114d89d2e6edcd
SHA512

aa476586a6f3fcd8e44c2a966b6835886fc2e5f058b6620637b34ec4b240ec5f613443d49a67fcb0aec6116a5541bc1c8130f9b4ff3cc484202d35aa3d80e773
SSDEEP

6144:5+87CQnGPfW94emS8c3xkvAJ01Gzza7aaner+unnA:s8Wg14jS53S801Gz+unnA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
256a35a6f9a5fefda30197e407100b00_JaffaCakes118

Files

256a35a6f9a5fefda30197e407100b00_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fda72af611398e2be95b3687f99c2bf0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
GetWindowsDirectoryW
CreateProcessW
SetLastError
GetModuleHandleW
MulDiv
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
CloseHandle
FreeLibrary
LocalFree
GlobalFree
GlobalAlloc
OpenProcess
GetComputerNameW
ExpandEnvironmentStringsA
CreateMutexW
GetProcAddress

user32

InflateRect
DrawStateW
ScreenToClient
IsWindow
GetFocus
LoadCursorW
SetCursor
ReleaseCapture
PtInRect
SetCapture
GetIconInfo
SetRect
RedrawWindow
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
IsRectEmpty
SystemParametersInfoW
GetCursorPos
IntersectRect
InvertRect
PostMessageW
GetCapture
DefWindowProcW
GetClassInfoW
GetKeyState
GetMessagePos
ClipCursor
IsWindowVisible
EnableWindow
DrawIconEx
SetRectEmpty
FillRect
GetWindowRect
GetDC
ReleaseDC
LoadImageW
GetSystemMetrics
ModifyMenuW
GetSystemMenu
SetTimer
KillTimer
SetForegroundWindow
SendMessageW
LoadIconW
InvalidateRect
DestroyIcon
PostQuitMessage
CopyRect
GetParent
SetWindowLongW
CreatePopupMenu
AppendMenuW
ClientToScreen
WindowFromPoint
GetDoubleClickTime
CopyIcon
FrameRect
DrawEdge
DispatchMessageW
TranslateMessage
PeekMessageW
GetSysColor
GetClientRect
UpdateWindow
LoadStringW

gdi32

GetObjectW
GetTextExtentPoint32W
GetCurrentObject
GetTextMetricsW
CreatePatternBrush
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateRectRgn
CreateCompatibleBitmap
CreateHalftonePalette
CreatePalette
GetDIBColorTable
BitBlt
RealizePalette
GetDeviceCaps
SetPixel
GetPixel
RoundRect
CreatePen
StretchBlt
PatBlt
CreateCompatibleDC
SelectObject
CreateSolidBrush
CreateFontIndirectW
DeleteObject
GetStockObject

shell32

ShellExecuteW

advapi32

RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExA
RegQueryValueExA
GetSecurityInfo
GetSecurityDescriptorDacl
GetUserNameW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo
CreateProcessAsUserW
GetTokenInformation
LookupAccountSidW
RegCloseKey
OpenProcessToken

comctl32

_TrackMouseEvent

msoert2

PszAllocA

dpnet

DirectPlay8Create
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vD
Size: 512B - Virtual size: 763B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZCOOpe
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HH
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.EUOaJT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EfJ
Size: 131KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xVuq
Size: 512B - Virtual size: 402B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eHi
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VoF
Size: 81KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fda72af611398e2be95b3687f99c2bf0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

msoert2

dpnet

Sections

.text Size: 26KB - Virtual size: 25KB

.vD Size: 512B - Virtual size: 763B

.rdata Size: 4KB - Virtual size: 3KB

.ZCOOpe Size: 2KB - Virtual size: 1KB

.HH Size: 1KB - Virtual size: 1KB

.EUOaJT Size: 1KB - Virtual size: 1KB

.EfJ Size: 131KB - Virtual size: 203KB

.xVuq Size: 512B - Virtual size: 402B

.eHi Size: 512B - Virtual size: 474B

.data Size: 7KB - Virtual size: 42KB

.VoF Size: 81KB - Virtual size: 172KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 26KB - Virtual size: 25KB

.vD
Size: 512B - Virtual size: 763B

.rdata
Size: 4KB - Virtual size: 3KB

.ZCOOpe
Size: 2KB - Virtual size: 1KB

.HH
Size: 1KB - Virtual size: 1KB

.EUOaJT
Size: 1KB - Virtual size: 1KB

.EfJ
Size: 131KB - Virtual size: 203KB

.xVuq
Size: 512B - Virtual size: 402B

.eHi
Size: 512B - Virtual size: 474B

.data
Size: 7KB - Virtual size: 42KB

.VoF
Size: 81KB - Virtual size: 172KB

.rsrc
Size: 24KB - Virtual size: 23KB