2719b9fb97fe9c77c5d94f1703314b1f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2719b9fb97fe9c77c5d94f1703314b1f_JaffaCakes118
Size

158KB
MD5

2719b9fb97fe9c77c5d94f1703314b1f
SHA1

2d4a5fddda21e19bd6a9042668b2ba233d66a516
SHA256

76543a78dcb017a021e59dd70a2e4acd2470b4b6fa0f0d1c3993256a83402430
SHA512

2a83eadc075979c2a2777b4d29e54b03a065bc6e12c7562c17b4211907402ef5e91304ec5ad44ba68ed0e3ab4c9d3851ab419cdcac7962364c34b7a53d4812f7
SSDEEP

3072:4oGNaxAHlFprspYo1lLLSYNY4TGZ6NQ0QMebKIXZ0EbOiKf75msC2vXGW+2yKZWU:gamHlFWpHLFNaZ6hQMyKIXfyjbCkjjWW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2719b9fb97fe9c77c5d94f1703314b1f_JaffaCakes118

Files

2719b9fb97fe9c77c5d94f1703314b1f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6aad67a7cd7648fe6e4b9c82e95eca3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

user32

CharNextA
DispatchMessageW
GetWindowRect
EndDialog
CharNextW
DialogBoxParamW
CharUpperW
GetDC
ExitWindowsEx
GetDlgItem
DestroyWindow
CreateDialogParamW
GetDlgItemTextW
EnableWindow
ReleaseDC
GetDesktopWindow
GetSystemMetrics
PeekMessageW
ShowWindow
MessageBoxW
MsgWaitForMultipleObjects
MessageBeep
IsWindow
SendMessageW
CharPrevW
SetWindowTextW
UpdateWindow
SetWindowPos
LoadStringW
SetDlgItemTextW
SendDlgItemMessageW
OemToCharA

rpcrt4

RpcStringFreeW

ntdll

NtAllocateVirtualMemory
NtLoadKey

gdi32

GetStockObject
DeleteObject
CreateFontIndirectW
GetObjectW
GetDeviceCaps

msvcrt

memcpy
_initterm
_vsnwprintf
_ultow
_XcptFilter
_amsg_exit
free
_adjust_fdiv
__p__fmode
malloc
_wcsnicmp
_wtoi
memset
memmove
__p__commode
_setjmp3
_vsnprintf
_wtol
_wcsicmp

advapi32

RegUnLoadKeyW
RegCloseKey
RegLoadKeyW
RegQueryValueExA
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueW
RegQueryValueExW
FreeSid
RegSetValueW
EqualSid
RegQueryInfoKeyW
IsValidSecurityDescriptor
AllocateAndInitializeSid
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
RegDeleteKeyW
GetSecurityDescriptorControl
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegSaveKeyW
GetTokenInformation

shlwapi

StrChrW
PathBuildRootW
PathAppendW
PathAddBackslashW
PathFileExistsW
StrRChrW
StrStrIW
PathCombineW
PathRemoveFileSpecW

setupapi

SetupFindNextLine
SetupCloseInfFile
SetupDefaultQueueCallbackW
SetupOpenAppendInfFileW
SetupOpenFileQueue
SetupSetDirectoryIdW
SetupGetLineTextW
SetupFindFirstLineW
SetupGetStringFieldW
SetupQueueCopyW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupCommitFileQueueW
SetupInstallFromInfSectionW
SetupCloseFileQueue
SetupOpenInfFileW

kernel32

GetUserDefaultUILanguage
FindFirstFileW
UnhandledExceptionFilter
GetVolumeInformationW
CompareStringW
CreateDirectoryW
FindNextFileW
Sleep
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
FindResourceExW
FreeLibrary
GetFileTime
GetDriveTypeW
DisableThreadLibraryCalls
WriteFile
GetDiskFreeSpaceW
TerminateProcess
GetSystemDefaultUILanguage
lstrcmpiW
GetCurrentProcess
GetPrivateProfileSectionW
FindResourceW
QueryPerformanceCounter
ReadFile
LocalFree
SetFilePointer
GetModuleHandleW
SearchPathW
LoadLibraryW
RtlUnwind
lstrlenA
GetVersionExW
GetWindowsDirectoryW
MoveFileW
GetShortPathNameW
SizeofResource
GetSystemTimeAsFileTime
SetLastError
SetFileTime
InterlockedExchange
GetFileAttributesW
lstrcmpiA
lstrcmpW
GetSystemDirectoryW
GetLocalTime
UnmapViewOfFile
GetFullPathNameW
GetPrivateProfileIntW
GetEnvironmentVariableW
MapViewOfFile
WideCharToMultiByte
GetCurrentThreadId
InterlockedCompareExchange
GetCurrentProcessId
GetFileSize
GetTickCount
CloseHandle
CreateFileMappingW
LoadLibraryExW
CopyFileW
MoveFileExW
GetModuleFileNameW
GetSystemInfo
LockResource
DeleteFileW
CreateProcessW
GetTempFileNameW
FormatMessageW
ExitProcess
EnumResourceLanguagesW
SetFileAttributesW
lstrlenW
GetProcAddress
CreateFileW
GetProfileStringW
GetStartupInfoA
MulDiv
MapViewOfFileEx
GetTempPathW
FindClose
WritePrivateProfileStringW
MultiByteToWideChar
LocalReAlloc
GetPrivateProfileStringW
WritePrivateProfileSectionW
GetLastError

ole32

OleInitialize
CoTaskMemFree
OleUninitialize

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6aad67a7cd7648fe6e4b9c82e95eca3b

Headers

DLL Characteristics

File Characteristics

Imports

version

user32

rpcrt4

ntdll

gdi32

msvcrt

advapi32

shlwapi

setupapi

kernel32

ole32

Sections

.text Size: 8KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 36B

.rsrc Size: 145KB - Virtual size: 144KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 360KB

.text
Size: 8KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 36B

.rsrc
Size: 145KB - Virtual size: 144KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 360KB