280d2bbd100e428b2d66ad88729f4967_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

280d2bbd100e428b2d66ad88729f4967_JaffaCakes118
Size

625KB
MD5

280d2bbd100e428b2d66ad88729f4967
SHA1

aa9fd0842093b386e5e34c811ed3931328a2a5c4
SHA256

253c88b639c382faf0d47532607961fc0f52e8591c553d4ce82ff613e3d575bd
SHA512

6a36e0c75066f77e20d5b19c0f7a4c8e3e4aed5dfd9bcfd0bec7b9a28fbef45e44e577967c4186ccbee8ff080057ec4f400a9b50b4b0e748543e7fbe517ac253
SSDEEP

12288:Mhka1KO/LVdS8hlxR0KCCYM0mgOMmKBb/VuMN/Re:wKOWklH00YM0mgOMmA9/Re

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
280d2bbd100e428b2d66ad88729f4967_JaffaCakes118

Files

280d2bbd100e428b2d66ad88729f4967_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c493e3795a673244bb832e92e25873b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommState
IsProcessorFeaturePresent
GetComputerNameW
GetFileAttributesA
GetVolumeInformationW
FillConsoleOutputCharacterA
EnumResourceNamesW
EndUpdateResourceA
ReadDirectoryChangesW
GetTempFileNameA
SetErrorMode
CreateNamedPipeW
SetCurrentDirectoryA
GetUserDefaultLangID
GetCompressedFileSizeW
AreFileApisANSI
WritePrivateProfileSectionA
GetSystemTimeAsFileTime
SetConsoleMode
EnumCalendarInfoA
GetConsoleMode
_llseek
WriteConsoleOutputW
CancelIo
GetFileAttributesExA
SetConsoleActiveScreenBuffer
GetModuleFileNameW
SetProcessAffinityMask
GetThreadPriority
SetupComm
SetNamedPipeHandleState
ClearCommBreak
SetProcessShutdownParameters
GetStringTypeExW
SetHandleCount
WriteProcessMemory
FlushFileBuffers
GetLocaleInfoW
VirtualAlloc
SetProcessWorkingSetSize
lstrcmpiW
WritePrivateProfileSectionW
LoadLibraryExW
FileTimeToLocalFileTime
SetConsoleTitleA
IsBadWritePtr
CreateFileW
GetProcessTimes
ConnectNamedPipe
VirtualQueryEx
FindResourceExW
RemoveDirectoryA
VirtualQuery
GetTickCount
FreeLibraryAndExitThread
GetLogicalDriveStringsA
SetConsoleOutputCP
FormatMessageW
GetThreadContext
SetConsoleCursorPosition
GetACP
lstrcmpA
SetVolumeLabelA
SetEvent
GetConsoleCursorInfo
GetCommModemStatus
GetFileType
GetPrivateProfileStringW
GetHandleInformation
SearchPathW
GetSystemDirectoryW
CreateDirectoryW
RaiseException
MultiByteToWideChar
FlushConsoleInputBuffer
GetOEMCP
SwitchToFiber
GetTimeZoneInformation
SetFileTime
_lclose
_lread
GlobalGetAtomNameW
PulseEvent
Beep
GlobalDeleteAtom
IsDBCSLeadByteEx
ReleaseMutex
PeekConsoleInputW
DuplicateHandle
GetWindowsDirectoryA
LocalReAlloc
GetLargestConsoleWindowSize
UnhandledExceptionFilter
PrepareTape
lstrcmpiA
CreateProcessA
VirtualProtect
CreateEventA
ExitProcess

user32

CloseDesktop
UnregisterClassW
CreateIconIndirect
InternalGetWindowText
RegisterDeviceNotificationA
GetDlgItemInt
SetDlgItemTextW
EnumDisplaySettingsExA
LoadMenuA
GetCaretBlinkTime
wvsprintfW
CharToOemW
GetMenuStringW
GetClassInfoW
DrawEdge
CharUpperA
GetMenuItemCount
GetMessagePos
GetWindowTextA
GetMenuStringA
GetSystemMenu
IsCharAlphaW
DefDlgProcA
GetKeyState
MapDialogRect
AdjustWindowRect
InsertMenuItemA

gdi32

ExtTextOutA

comdlg32

ChooseFontW
GetFileTitleW

advapi32

ReportEventW
GetServiceDisplayNameW
QueryServiceObjectSecurity
InitializeSid
LookupAccountSidA
RegSetKeySecurity
RegUnLoadKeyW
GetSecurityDescriptorSacl
OpenServiceA
GetUserNameA
GetCurrentHwProfileW
ObjectCloseAuditAlarmA
RegEnumKeyW
GetSecurityInfo
SetNamedSecurityInfoA
StartServiceCtrlDispatcherW
ReadEventLogW
RegGetKeySecurity
CreateServiceA
SetEntriesInAclA
AccessCheckAndAuditAlarmW
RegSaveKeyW
RevertToSelf
ImpersonateSelf
RegSetValueW
RegEnumValueA
GetSidSubAuthorityCount
CreateServiceW
ImpersonateLoggedOnUser
AbortSystemShutdownA
DeleteAce
EnumServicesStatusA

shell32

DragFinish
SHFileOperationA
FindExecutableW
SHAddToRecentDocs

ole32

OleRegGetUserType
ProgIDFromCLSID
GetRunningObjectTable
CoFreeAllLibraries
CoGetInterfaceAndReleaseStream
CoDisconnectObject
CoMarshalInterface
CoCreateInstance
GetClassFile

oleaut32

SafeArrayPutElement
SysStringLen
SafeArrayUnaccessData
SysFreeString
VariantCopy
SafeArrayRedim
SafeArrayCreate
SetErrorInfo
LoadTypeLi
SafeArrayGetLBound
SysAllocStringLen
SafeArrayGetElement

msvcrt

vwprintf
fscanf
_wcsupr
iswalpha
malloc
wcstod
strncat
_umask
putc
perror
_locking
_fcvt
_ismbcspace
localeconv
strrchr
fputws
strtoul
setbuf
signal
_get_osfhandle
_close
strncpy
_wfopen
_spawnvp
setvbuf
putchar
_wopen
_eof
system
free
mktime
_endthread
_setmode
_mbscmp
_wtol
_getmbcp
strtod

Sections

.text
Size: 3KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c493e3795a673244bb832e92e25873b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcrt

Sections

.text Size: 3KB - Virtual size: 219KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 266KB - Virtual size: 266KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 3KB - Virtual size: 219KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 266KB - Virtual size: 266KB

.rsrc
Size: 16KB - Virtual size: 16KB