298d54153b7719aca54893133120d292_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

298d54153b7719aca54893133120d292_JaffaCakes118
Size

360KB
MD5

298d54153b7719aca54893133120d292
SHA1

9b3b38e1ba386457d2e99c88d31e379c2b412ef9
SHA256

3fee7da17f9d057df6ccae7fe72113c90b26b03f639c44a648f55afdaa871e48
SHA512

f2d834b8471aa42cb59e9ee7a7c3c3e94fdca44deb01a29eb027520ea71d6b69b06fb478903637cc052a1d5486aac8d40c6816e6e7948a6b8ff5777717cd136f
SSDEEP

6144:UKI+LqWHV2LQJzfHBXd3DAm0K4I3U71DX7o:LhHsQBHBXdsvJX7o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
298d54153b7719aca54893133120d292_JaffaCakes118

Files

298d54153b7719aca54893133120d292_JaffaCakes118
.exe windows:4 windows x86 arch:x86

678cc4632df38dbcecbea5f0cfecb5bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\aywj\etsuqttr.pdb

Imports

advapi32

RegCreateKeyExW
CryptDeriveKey
LookupAccountNameA
CryptGetKeyParam
RegConnectRegistryW
RegOpenKeyW
LookupSecurityDescriptorPartsW
RegRestoreKeyW
CryptAcquireContextA
RegOpenKeyExW
RegQueryInfoKeyW
CryptDecrypt
CryptReleaseContext
RegSetValueW
LookupSecurityDescriptorPartsA
LookupPrivilegeNameW
CryptEnumProvidersA
RegCreateKeyExA
CryptDuplicateKey
InitializeSecurityDescriptor
RegRestoreKeyA
CryptHashData

comctl32

DrawStatusText
ImageList_SetOverlayImage
ImageList_Merge
CreatePropertySheetPageW
ImageList_DragLeave
CreateToolbar
ImageList_ReplaceIcon
ImageList_Draw
ImageList_GetImageInfo
ImageList_Write
InitCommonControlsEx
CreateStatusWindowW
ImageList_GetIcon

kernel32

SetEnvironmentVariableA
GetSystemTime
GetStdHandle
GetEnvironmentStrings
InitializeCriticalSection
CloseHandle
GetCommandLineA
SystemTimeToFileTime
TlsSetValue
WriteConsoleA
GetCurrentThreadId
TlsAlloc
UnmapViewOfFile
GetStringTypeW
CompareStringA
SetConsoleMode
GetACP
RtlUnwind
InterlockedIncrement
OpenMutexA
GetCurrentProcess
GetTickCount
HeapFree
EnterCriticalSection
WaitCommEvent
EnumResourceNamesA
HeapAlloc
GetStringTypeA
GetProcAddress
LoadLibraryA
ResetEvent
LeaveCriticalSection
LCMapStringA
HeapCreate
WriteFile
GetWindowsDirectoryA
ReadFile
CreateNamedPipeW
EnumResourceLanguagesW
LCMapStringW
SetHandleCount
HeapValidate
WriteConsoleInputA
TerminateProcess
GetTimeZoneInformation
MultiByteToWideChar
WriteProfileSectionA
LocalFree
VirtualAlloc
GetModuleHandleA
MoveFileExA
GetStartupInfoA
GetConsoleTitleW
WideCharToMultiByte
GetPrivateProfileStringW
CreateMutexA
GetLocalTime
OpenSemaphoreA
VirtualQuery
LoadLibraryExW
GetSystemTimeAsFileTime
HeapReAlloc
ExitProcess
InterlockedDecrement
UnhandledExceptionFilter
IsBadWritePtr
UnlockFile
GetFileType
GetCPInfo
GetExitCodeThread
DeleteCriticalSection
SetLastError
DuplicateHandle
FreeEnvironmentStringsA
SetFilePointer
GetModuleFileNameA
QueryPerformanceCounter
FreeEnvironmentStringsW
WriteConsoleInputW
FlushFileBuffers
TlsGetValue
GetVersion
EnumCalendarInfoExA
CommConfigDialogW
WriteProfileStringA
DeleteFileW
GetCurrentProcessId
GetEnvironmentStringsW
FindNextChangeNotification
GetDiskFreeSpaceExW
SetStdHandle
GetLastError
GlobalFix
FindResourceExA
VirtualFree
ExpandEnvironmentStringsA
GetOEMCP
FindNextFileW
CompareStringW
SetConsoleTextAttribute
InterlockedExchange
GetEnvironmentVariableA
GlobalFindAtomA
GetCurrentThread
TlsFree
FlushViewOfFile
HeapDestroy

wininet

GetUrlCacheConfigInfoW
FindNextUrlCacheEntryExW
RetrieveUrlCacheEntryStreamA
GopherCreateLocatorW
HttpOpenRequestW
CreateUrlCacheEntryW
GetUrlCacheEntryInfoA
InternetAlgIdToStringW

user32

CreateIconFromResource
GetWindowModuleFileNameA
CreateWindowExW
GetKeyboardType
WindowFromDC
SetClassLongW
CharToOemW
GetUserObjectInformationW
GetSystemMetrics
SetCursorPos
EnumDisplaySettingsW
GetUserObjectInformationA
TranslateAcceleratorA
DrawTextExW
SwitchToThisWindow
AppendMenuW
DlgDirSelectExW
CreateDesktopA
SetPropA
MessageBoxW
OpenDesktopW
GetProcessDefaultLayout
GetPropW
UnregisterClassA
EnumDesktopsA
CreateDialogIndirectParamW
FillRect
SetMessageExtraInfo
MessageBoxA
FlashWindowEx
RegisterClassA
IsWindow
GetScrollInfo
UnionRect
DrawTextA
LoadCursorFromFileW
LoadBitmapW
DefWindowProcA
SendNotifyMessageA
GetNextDlgTabItem
CharNextA
RegisterClassExA
ShowWindow
GetClipboardFormatNameW
ScrollDC
SetScrollRange
GetSystemMenu
DestroyWindow
VkKeyScanExA
GetMenuStringW
GetActiveWindow
EnableWindow
LoadImageW
OpenIcon
NotifyWinEvent
MessageBoxIndirectW
UnhookWinEvent
CloseClipboard
SetDlgItemTextA
DlgDirListA
CreateWindowStationA
WINNLSGetEnableStatus

comdlg32

ReplaceTextA

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

678cc4632df38dbcecbea5f0cfecb5bd

Headers

File Characteristics

PDB Paths

Imports

advapi32

comctl32

kernel32

wininet

user32

comdlg32

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 92KB - Virtual size: 96KB

.rsrc Size: 80KB - Virtual size: 77KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 92KB - Virtual size: 96KB

.rsrc
Size: 80KB - Virtual size: 77KB