29298af5eb885afb777944602498a7e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29298af5eb885afb777944602498a7e8_JaffaCakes118
Size

239KB
MD5

29298af5eb885afb777944602498a7e8
SHA1

7c466c60d1e81120cab992c8b40ce7f031e15e85
SHA256

143672877f02c0df597419a294731eda387eae18e4c8220d4e974436f811a2ab
SHA512

bbe538a060cfea864be5d9fea5effa11d681db3dd210d313b9d8de46ac239d08f1d6222799d075dac5b32bfab3e454c51e6860479350159d64d68878a1418f1f
SSDEEP

6144:VI7Wrd0anGlXzkz0z0m3lYgqnnCf+BrPwg+Kt:W7Md0NYovOnCS+G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29298af5eb885afb777944602498a7e8_JaffaCakes118

Files

29298af5eb885afb777944602498a7e8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4b9795fceb31869dd7832eb08ec09c3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BeginUpdateResourceW
GetCurrentThreadId
SystemTimeToFileTime
GetDiskFreeSpaceA
GetModuleHandleA
IsBadReadPtr
IsValidCodePage
DosDateTimeToFileTime
CopyFileExA
CreateEventW
GetAtomNameA
ReadDirectoryChangesW
GetTickCount
FatalAppExitA
GetNumberFormatW
GetDiskFreeSpaceW
lstrcmpW
GetSystemTime
GetSystemInfo
ExpandEnvironmentStringsA
GetComputerNameA
GlobalGetAtomNameW
GetProcAddress
WaitForMultipleObjects
GetVersionExW
CopyFileA
RemoveDirectoryW
ConnectNamedPipe
GetVersionExA
lstrcatA
DeleteAtom

user32

OpenClipboard
RegisterClassExA
SetCursorPos
PostMessageA
GetCapture
SetWindowRgn
ShowWindow
DialogBoxIndirectParamA
GetCapture
GetCaretPos
RemoveMenu
GetAsyncKeyState
GetKeyboardType
CreateDialogIndirectParamA
CreateDialogIndirectParamW
AdjustWindowRect
WaitForInputIdle
EnumWindows
GetCursorPos
EmptyClipboard
GetMenuItemInfoW
LoadCursorA
SetWindowLongW
GetWindowRgn

gdi32

AddFontResourceW
CreateBrushIndirect
CreateBitmap
TranslateCharsetInfo
GetEnhMetaFileW
DeleteObject
CreatePen
CreateFontIndirectA
CreateFontIndirectW
CreateDIBPatternBrush
CreateEllipticRgn
CreateDIBSection
ExtCreateRegion
CreateFontIndirectExA
RemoveFontResourceExA

advapi32

BackupEventLogA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
OpenBackupEventLogW
RegQueryValueW
RegCloseKey

comdlg32

GetSaveFileNameW
PrintDlgW

oleaut32

VarR4FromI4
VarI8FromUI8
VarCyFromUI4
VarUI4FromDisp
VarBoolFromI8
VarDecNeg
VarDecFromI2
SysReAllocStringLen

setupapi

CM_Reenumerate_DevNode_Ex
pSetupDestroyRunOnceNodeList
pSetupSetQueueFlags
SetupScanFileQueueW
CM_Set_Class_Registry_PropertyW
CM_Open_Class_Key_ExW
CM_Get_Version
SetupDiEnumDriverInfoA
SetupQuerySpaceRequiredOnDriveA
SetupDiCancelDriverInfoSearch
CM_Get_Device_ID_Size_Ex

version

VerLanguageNameW
VerFindFileA
VerInstallFileA

winmm

mmTaskBlock
waveOutGetVolume
tid32Message

sqlunirl

_RegSetValue_@20
_ReplaceText_@4
_GetClassLong_@8
_SetFileAttributes_@8
_strerror_@4
_LoadAccelerators_@8
_FindWindow_@8
_GetProfileString_@20
_SetComputerName_@4
_GetCompressedFileSize_@8
_GetMenuItemInfo_@16

wsock32

WSAIsBlocking
getsockname
recvfrom
WSAAsyncGetServByPort
WEP
WSACleanup
SetServiceA
getservbyport
closesocket
GetNameByTypeA
accept
gethostbyname

crypt32

I_CryptDetachTls
CertVerifyCRLTimeValidity
CertGetIntendedKeyUsage
I_CryptGetLruEntryIdentifier
CryptExportPKCS8
CryptUnprotectData
I_CryptFreeLruCache
CertOIDToAlgId
CertGetCRLContextProperty

Sections

.f
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OFS
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vcEE
Size: 4KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ykokc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JyS
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Rux
Size: 3KB - Virtual size: 491KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VgdRDD
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CDwES
Size: 1KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QgXljc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kuu
Size: 11KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b9795fceb31869dd7832eb08ec09c3e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comdlg32

oleaut32

setupapi

version

winmm

sqlunirl

wsock32

crypt32

Sections

.f Size: 2KB - Virtual size: 2KB

.OFS Size: 85KB - Virtual size: 85KB

.vcEE Size: 4KB - Virtual size: 437KB

.ykokc Size: 14KB - Virtual size: 14KB

.JyS Size: 5KB - Virtual size: 15KB

.Rux Size: 3KB - Virtual size: 491KB

.VgdRDD Size: 4KB - Virtual size: 14KB

.CDwES Size: 1KB - Virtual size: 192KB

.QgXljc Size: 84KB - Virtual size: 84KB

.kuu Size: 11KB - Virtual size: 343KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 1024B

.f
Size: 2KB - Virtual size: 2KB

.OFS
Size: 85KB - Virtual size: 85KB

.vcEE
Size: 4KB - Virtual size: 437KB

.ykokc
Size: 14KB - Virtual size: 14KB

.JyS
Size: 5KB - Virtual size: 15KB

.Rux
Size: 3KB - Virtual size: 491KB

.VgdRDD
Size: 4KB - Virtual size: 14KB

.CDwES
Size: 1KB - Virtual size: 192KB

.QgXljc
Size: 84KB - Virtual size: 84KB

.kuu
Size: 11KB - Virtual size: 343KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 1024B