291c689b410941ef6dcf7b590fef8ed7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

291c689b410941ef6dcf7b590fef8ed7_JaffaCakes118
Size

364KB
MD5

291c689b410941ef6dcf7b590fef8ed7
SHA1

befc8712d5681138d8538f46e072bcbd5062d8a7
SHA256

faea683cd86661dd97e806241c26721f37b01f0a1fdee7a389bfc74caf4e0d7a
SHA512

712ad7410b73170a48de4688feb74417bcf997f7522ea075d36f840a41e3467e78e62b6ee8772d744dcfa1a51614a041c803d9782c5d073960fb89321aaf6a2c
SSDEEP

6144:NaRltZg1GUn3E2H0UODgnRZUzjkwQIiSCvbMXkQJ1YpB/sSnxQV:OtZgGU0Y0UYwRZEQJbMx/wB/9Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
291c689b410941ef6dcf7b590fef8ed7_JaffaCakes118

Files

291c689b410941ef6dcf7b590fef8ed7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7dbcbf793fa99025dc165d7b7eb8fb5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
GetModuleFileNameW
GetPrivateProfileStringA
GetCurrentProcessId
EnumResourceNamesW
DeleteCriticalSection
GetNumberFormatW
GetLongPathNameA
FormatMessageW
DebugBreak
GetTapeStatus
FreeLibrary
CreateDirectoryA
PulseEvent
SetFileAttributesA
SetMailslotInfo
VirtualAlloc
SetConsoleMode
MultiByteToWideChar
SetThreadAffinityMask
CreateDirectoryExA
FillConsoleOutputCharacterA
GlobalFree
LocalSize
LocalReAlloc
LocalAlloc
GetCompressedFileSizeW
EraseTape
IsBadWritePtr
GetThreadContext
InitializeCriticalSection
SizeofResource
GetBinaryTypeW
EnumResourceLanguagesW
EnumCalendarInfoA
WritePrivateProfileStructA
QueryDosDeviceW
GetTempFileNameA
GetSystemTimeAsFileTime
PrepareTape
EnumResourceNamesA
SuspendThread
CreateIoCompletionPort
GetUserDefaultLangID
GetProcessTimes
GetSystemTimeAdjustment
SetCurrentDirectoryA
SetHandleCount
FlushConsoleInputBuffer
VirtualUnlock
CopyFileExW
SetErrorMode
GetVersionExA
GetLocaleInfoW
GetTimeZoneInformation
GetCommState
FindResourceExA
GetProfileIntA
EnumSystemCodePagesA
MoveFileExA
GetStringTypeExW
SetThreadLocale
CreateDirectoryW
SetVolumeLabelA
FreeLibraryAndExitThread
GetCurrentProcess
GetTapeParameters
ReleaseMutex
SetProcessShutdownParameters
VirtualAllocEx
WriteProcessMemory
TryEnterCriticalSection
GetStartupInfoA
SetConsoleOutputCP
GetDiskFreeSpaceW
GetThreadPriority
GetPrivateProfileStringW
LCMapStringA
CreateMutexW
GlobalGetAtomNameW
ReadConsoleInputW
GetConsoleMode
GetSystemInfo
FileTimeToLocalFileTime
lstrcpynA
GetCommConfig
_lopen
GetDriveTypeA
ReadFile
GetCommandLineA
VirtualProtect
_lread
ExitProcess

user32

GetWindowRgn
DrawTextExA
InsertMenuItemA
GetScrollPos
OpenDesktopW
IsWindowEnabled
DestroyCursor
DrawEdge
AppendMenuW
ScrollDC
EnumThreadWindows
GetMonitorInfoA
IsDialogMessageW
CreateAcceleratorTableW
SetClipboardViewer
CopyImage
CascadeWindows
GetWindowContextHelpId
CreateMenu
MonitorFromWindow
GetMenuDefaultItem
UnregisterClassA
GetKeyboardState
CreateDialogIndirectParamA
DialogBoxParamW
InvertRect
ShowWindowAsync
SendDlgItemMessageW
SetCaretPos
SetScrollInfo
CharUpperBuffW
CreateCursor
OpenWindowStationA
PeekMessageA
ModifyMenuA
GetMenuItemRect
PostThreadMessageW
GetWindowTextA
SetWindowPlacement
IsWindow
ScreenToClient
ChildWindowFromPointEx
GetWindowTextLengthW

gdi32

CreatePenIndirect
PolyBezier
WidenPath
OffsetRgn
Ellipse
EndDoc

comdlg32

GetSaveFileNameW

advapi32

CryptDestroyHash
CryptExportKey
CryptAcquireContextA
RegEnumKeyA
RegisterEventSourceA
GetSecurityDescriptorGroup
RegRestoreKeyW
NotifyChangeEventLog
CryptCreateHash
LogonUserA
ReportEventW
ClearEventLogW
CryptSetHashParam
PrivilegeCheck
IsValidSid
GetServiceDisplayNameW
AdjustTokenPrivileges
OpenThreadToken
SetTokenInformation
RegEnumKeyW
CryptHashData
RegUnLoadKeyW
RegQueryValueW
RegSetValueA
RegGetKeySecurity
RegCreateKeyExW
GetAclInformation
QueryServiceObjectSecurity

shell32

DragFinish

ole32

RevokeDragDrop
CoInitializeEx
CoCreateInstanceEx
CreateBindCtx
CoDisconnectObject
ReadClassStg
OleLockRunning

oleaut32

SafeArrayUnaccessData

comctl32

ImageList_EndDrag
ImageList_Merge
_TrackMouseEvent

shlwapi

SHGetValueW
StrToIntW
SHRegGetBoolUSValueA
PathFindFileNameA
PathStripPathW
SHRegCloseUSKey
PathRemoveFileSpecW
StrCpyW
StrRChrW
StrFormatByteSizeA
StrFormatByteSize64A

Sections

.text
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7dbcbf793fa99025dc165d7b7eb8fb5c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

Sections

.text Size: 332KB - Virtual size: 330KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 20KB - Virtual size: 16KB

.text
Size: 332KB - Virtual size: 330KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 16KB