294a3ac38ab3c1a13dedab252f2828d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

294a3ac38ab3c1a13dedab252f2828d2_JaffaCakes118
Size

1.1MB
MD5

294a3ac38ab3c1a13dedab252f2828d2
SHA1

adea5650bc6c32425906ae1dff0b154c7dadef03
SHA256

f3b658f24eb3030da61acf4f5fe049594b0c5164c962efa3dd925f5d9465aff7
SHA512

bb5b727855bf842c403ac5197a1f5715e35ef4c9abc4f138d3221f91293d0a895cde8f1ac20605b141c4a985a7dea36155152e383cf6ff3ac0b20827d2bc207d
SSDEEP

24576:u0BO9n2U0F+YoVfuA8QQbZVKRQ3m9n49vaaaoMXcgAaVADKFdu9J6eTrw8:7mn2BZHR1KFdu9J6eTd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
294a3ac38ab3c1a13dedab252f2828d2_JaffaCakes118

Files

294a3ac38ab3c1a13dedab252f2828d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

399db7a1cde0360836f3d4ee5f6ef999

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shell32

ShellExecuteA

kernel32

InitializeCriticalSection
TlsGetValue
DuplicateHandle
CreateEventW
SetEvent
WaitForMultipleObjects
GetThreadPriority
ResumeThread
TlsSetValue
SetThreadPriority
TerminateThread
GetCurrentThread
TlsAlloc
Sleep
TlsFree
GetCurrentThreadId
UnmapViewOfFile
CreateFileMappingW
GetSystemInfo
MapViewOfFile
SetErrorMode
GetLogicalDrives
GetFileTime
DeviceIoControl
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
MoveFileW
CopyFileW
DeleteFileW
GetFullPathNameW
SetEndOfFile
GetTempPathW
CreateFileW
DeleteCriticalSection
GetProcAddress
GetCurrentProcess
GetCurrentDirectoryW
WriteFile
ReadFile
SetFilePointerEx
GetFileAttributesExW
FindFirstFileW
FindClose
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
GetVersionExW
FormatMessageW
LocalFree
GetTimeFormatW
GetDateFormatW
GetLocaleInfoW
GetCommandLineW
GetCurrentProcessId
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
CloseHandle
GetUserDefaultLCID
CompareStringW
WideCharToMultiByte
GetLastError
GetModuleFileNameW
GetModuleHandleW
OutputDebugStringW
ResetEvent
FindNextFileW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
EnterCriticalSection
WritePrivateProfileStringA
WinExec
MoveFileExA
MultiByteToWideChar
GetVolumeInformationA
LoadLibraryW
LeaveCriticalSection

iphlpapi

GetAdaptersInfo

msvcp80

?uncaught_exception@std@@YA_NXZ

msvcr80

_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_vsnprintf_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_beginthread
_beginthreadex
_endthreadex
fwrite
_write
fgets
fread
_fseeki64
_read
fclose
_close
_getpid
_wchmod
_open_osfhandle
_getdrive
_wgetdcwd
feof
?terminate@@YAXXZ
_errno
_fileno
_get_osfhandle
_gmtime64_s
_localtime64_s
_mktime64
__iob_func
fprintf
fflush
exit
getenv_s
rand
??0exception@std@@QAE@ABQBDH@Z
strcpy_s
_clearfp
_control87
_tzset
_get_tzname
isspace
isdigit
isalpha
isupper
strncmp
_lseeki64
_ftelli64
strchr
_waccess
_purecall
memchr
memmove
??_V@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
memcpy
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
realloc
free
atoi
memset
_CxxThrowException
??3@YAXPAX@Z
malloc
__CxxFrameHandler3
__set_app_type
_encode_pointer
__setusermatherr
__p__commode
_filelengthi64
_adjust_fdiv
__p__fmode

ws2_32

WSAAsyncSelect

user32

TranslateMessage
DispatchMessageW
SetWindowsHookExW
UnhookWindowsHookEx
DestroyWindow
UnregisterClassW
RegisterClassW
CreateWindowExW
SetWindowLongW
MsgWaitForMultipleObjectsEx
DefWindowProcW
KillTimer
GetQueueStatus
CallNextHookEx
SetTimer
PostMessageW
PeekMessageW
CharNextExA
GetWindowLongW

advapi32

RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegFlushKey
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
OpenProcessToken
RegEnumValueW
RegEnumKeyExW
GetTokenInformation
RegSetValueExW

Sections

.text
Size: 696KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

399db7a1cde0360836f3d4ee5f6ef999

Headers

File Characteristics

Imports

ole32

shell32

kernel32

iphlpapi

msvcp80

msvcr80

ws2_32

user32

advapi32

Sections

.text Size: 696KB - Virtual size: 694KB

.rdata Size: 408KB - Virtual size: 404KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 696KB - Virtual size: 694KB

.rdata
Size: 408KB - Virtual size: 404KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB