29a7b87df139cb97e0588ffe2848de91_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29a7b87df139cb97e0588ffe2848de91_JaffaCakes118
Size

292KB
MD5

29a7b87df139cb97e0588ffe2848de91
SHA1

507b7772423b904230cfbe4fa8eef3335b7d0589
SHA256

4ca1c4cd9a6dd3a3b41a215434135694d8dccabdfcc42fad4bd0474025ab9c68
SHA512

2151b629d50ed25089ab722029a9d6fa7b03608472ee7a59b8eacc89bed5b06f3233bf4dc20eef7f17e6ed8532abdde6eff34cbfd8084cb66b174fba5758dfe9
SSDEEP

6144:qWUQM84/p820U4SqRM8voQrxtH+10MLFhe:qWUQ11U4JRMcTrxM10ahe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29a7b87df139cb97e0588ffe2848de91_JaffaCakes118

Files

29a7b87df139cb97e0588ffe2848de91_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4fb3ba56c330f4c1315cd81c38d019b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryW
IsDBCSLeadByteEx
SetThreadAffinityMask
DebugBreak
GetTapeStatus
TlsFree
GetPrivateProfileSectionW
WriteConsoleOutputA
GetSystemDirectoryW
GetNumberFormatA
EnumTimeFormatsW
GetModuleHandleA
GetOEMCP
CreateIoCompletionPort
CompareStringA
SetStdHandle
GetCommModemStatus
CreateDirectoryW
CallNamedPipeA
BackupSeek
IsValidLocale
_lopen
IsBadCodePtr
SetThreadPriority
SetThreadPriorityBoost
ExpandEnvironmentStringsA
WriteFileGather
WritePrivateProfileStructA
GetCommandLineW
CreateThread
CreateMutexW
GetStringTypeW
FindNextFileA
FileTimeToSystemTime
UnlockFile
WriteConsoleInputW
GetTempFileNameA
EnumResourceLanguagesW
GlobalCompact
lstrcmpA
GetProcessVersion
LoadLibraryExA
GetCommTimeouts
GetPriorityClass
GetModuleFileNameW
SwitchToFiber
FlushInstructionCache
SetPriorityClass
ReadDirectoryChangesW
GetProfileStringW
lstrcatW
CreateRemoteThread
GetFileAttributesW
GetFileAttributesExA
GetDriveTypeA
ReadProcessMemory
IsProcessorFeaturePresent
MoveFileExA
GetFileTime
SetConsoleTitleA
SetEnvironmentVariableA
FindResourceA
GetTempPathA
InitializeCriticalSection
GetTapePosition
GetCommState
SetHandleCount
GetFileInformationByHandle
CreateProcessA
GetLongPathNameW
FormatMessageW
SetCommBreak
lstrcpyW
LocalSize
LockResource
EnumResourceNamesW
DisconnectNamedPipe
GetEnvironmentStrings
WriteConsoleOutputW
GetLocaleInfoW
GetUserDefaultLCID
InterlockedExchangeAdd
LocalLock
SetFilePointer
Beep
WritePrivateProfileSectionW
OpenFileMappingA
HeapDestroy
GenerateConsoleCtrlEvent
SuspendThread
AddAtomA
GetUserDefaultLangID
VirtualProtect
GetVersionExA
lstrlenA
GetCommandLineA
ExitProcess

user32

SendMessageTimeoutW
SetTimer
DestroyCaret
BroadcastSystemMessageW
GetWindowInfo
CloseClipboard
NotifyWinEvent
LoadCursorFromFileW
GetMenuItemInfoW
IsCharAlphaA
ShowWindowAsync
GetMenuItemInfoA
EnumDisplayDevicesW
SetRectEmpty
SetProcessWindowStation
RegisterWindowMessageW
DestroyCursor
GetClassNameW
SetWindowsHookW
GetSysColor
CheckMenuRadioItem
DispatchMessageW
FlashWindowEx
SetClipboardViewer
EnumDisplaySettingsExA
ScrollWindowEx
SetProcessDefaultLayout
InflateRect
GetAsyncKeyState
SetWinEventHook
SetWindowTextA

gdi32

AddFontResourceW
ExtTextOutW
PlayEnhMetaFile
GetTextExtentExPointW
GetEnhMetaFileHeader
CreateDCA
EnumMetaFile
UpdateColors
GetDCOrgEx
GetWindowExtEx
EnumFontFamiliesExW
RectVisible
SetStretchBltMode
EnumFontsA
SetTextColor
MoveToEx
GetSystemPaletteUse
GetViewportExtEx
GetOutlineTextMetricsA

comdlg32

ChooseColorW

advapi32

SetEntriesInAclA
DeleteService
ImpersonateLoggedOnUser
RegConnectRegistryA
CopySid
GetAclInformation
LookupAccountSidW
CryptExportKey
RegUnLoadKeyA
InitiateSystemShutdownW
RegisterEventSourceA
LookupAccountSidA
DestroyPrivateObjectSecurity
GetPrivateObjectSecurity
RegDeleteValueA
RegDeleteKeyW
RegQueryValueExA
NotifyBootConfigStatus
MapGenericMask
GetTokenInformation
BuildTrusteeWithNameW
RegEnumValueW
EnumServicesStatusW
GetExplicitEntriesFromAclW
RegRestoreKeyW
RegQueryValueA
MakeAbsoluteSD
StartServiceA
AllocateLocallyUniqueId
OpenEventLogW
ReadEventLogW
OpenSCManagerA

shell32

SHBrowseForFolderW
ShellExecuteExW
Shell_NotifyIconA
FindExecutableW
SHAppBarMessage
DragQueryFileW

ole32

ReadClassStm
StgCreateDocfile

oleaut32

VariantInit
VariantClear
SafeArrayGetElement
SafeArrayUnaccessData
RegisterTypeLi
VariantCopyInd
SafeArrayCreateVector

comctl32

ImageList_Add
ImageList_GetImageCount
ImageList_SetImageCount

shlwapi

PathIsRelativeA
StrStrW
StrCmpIW
SHRegCreateUSKeyW
PathFindNextComponentW
StrCpyNW
SHAutoComplete
StrCatBuffA
SHCreateStreamOnFileW
SHRegSetUSValueW

setupapi

SetupDiClassNameFromGuidW
SetupIterateCabinetW
SetupOpenFileQueue
SetupOpenLog
SetupScanFileQueueW
SetupOpenInfFileA
SetupDiOpenDevRegKey
SetupGetStringFieldA
SetupInitDefaultQueueCallback
SetupDiSetDeviceInstallParamsW

Sections

.text
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4fb3ba56c330f4c1315cd81c38d019b3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

setupapi

Sections

.text Size: 276KB - Virtual size: 274KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 604B

.text
Size: 276KB - Virtual size: 274KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 604B