2b07b12506eb093f072b152df30e00ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b07b12506eb093f072b152df30e00ef_JaffaCakes118
Size

544KB
MD5

2b07b12506eb093f072b152df30e00ef
SHA1

aef4c94e25b601aeba150c2961aa8c2dc2b4ecda
SHA256

42e8e934468ba0324636ad7b6a3d411b6be687c2c87f148ed94c5256df9643de
SHA512

c6797fe520fde5b187c238963bd8adef0cb9e757ab8fb97101acb65c6ecc0f3ca85e7b3de6417c246e26abc19afb5ac559e70be7355f7d8a6952491c6748f9ae
SSDEEP

12288:1rSbg0Kb/vyqS4MgIESjdCnKUS5TsGod:okH/vyqli8S5TsGo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b07b12506eb093f072b152df30e00ef_JaffaCakes118

Files

2b07b12506eb093f072b152df30e00ef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

632167ef61781d69542fb8576ba53cf3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetForegroundWindow
LoadBitmapA
TranslateMessage
CallWindowProcA
SetMenuItemBitmaps
InvalidateRect
MapDialogRect
ShowWindow
SetForegroundWindow
GetWindowDC
ScreenToClient
KillTimer
LoadMenuA
GetDesktopWindow
LoadCursorA
DestroyWindow
SetWindowLongA
CreateDialogIndirectParamA
CreateWindowExA
IsWindow
MessageBoxA
RegisterClassExA
SetRect
SendMessageA
RedrawWindow
GetScrollInfo
DrawEdge
RegisterClassA
SetClipboardData
GetCursorPos
SetParent
ReleaseCapture
IntersectRect
GetFocus
EndDialog
DefWindowProcA
LoadStringA
DestroyIcon
OffsetRect
LoadImageA
LoadIconA

kernel32

GetConsoleOutputCP
TlsFree
GetCurrentProcessId
GetConsoleMode
GetStartupInfoA
GetLastError
SetStdHandle
SetFilePointer
HeapCreate
FreeEnvironmentStringsW
SetHandleCount
LCMapStringA
CreateFileA
GetFileType
GetACP
SetLastError
DeleteCriticalSection
InterlockedIncrement
GetEnvironmentStringsW
HeapSize
IsValidCodePage
CreateMutexA
InitializeCriticalSection
IsDebuggerPresent
GetStdHandle
RtlUnwind
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
TerminateProcess
GetStringTypeW
QueryPerformanceCounter
TlsAlloc
SetUnhandledExceptionFilter
LCMapStringW
FreeEnvironmentStringsA
CompareStringA
LoadLibraryA
GetTickCount
GetProcAddress
VirtualAlloc
GetTimeZoneInformation
InterlockedDecrement
ExitProcess
GetOEMCP
HeapReAlloc
GetEnvironmentStrings
GetModuleFileNameA
WriteFile
VirtualQuery
GetSystemTimeAsFileTime
CompareStringW
LeaveCriticalSection
GetCurrentThreadId
FlushFileBuffers
VirtualFree
GetProcessHeap
EnterCriticalSection
CloseHandle
GetConsoleCP
SetEnvironmentVariableA
GetCurrentProcess
Sleep
WriteConsoleA
GetCPInfo
GetStringTypeA
GetDateFormatA
HeapFree
HeapDestroy
TlsSetValue
TlsGetValue
InterlockedExchange
UnhandledExceptionFilter
GetTimeFormatA
GetCommandLineA
ReadFile
GetVersionExA
RaiseException
GetLocaleInfoA
GetModuleHandleA
HeapAlloc

shell32

ShellExecuteExA
ord155
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHFileOperationA
ShellExecuteA
DragFinish

comctl32

ImageList_Write
ImageList_Destroy
ImageList_Create
ImageList_GetIcon
ImageList_EndDrag
PropertySheetA
ImageList_GetImageCount
CreatePropertySheetPageA
ImageList_BeginDrag
DestroyPropertySheetPage
ImageList_Draw
ImageList_DragEnter
ImageList_LoadImageA
ImageList_DragMove
ImageList_Read
ImageList_DragLeave
ImageList_ReplaceIcon

advapi32

InitializeSecurityDescriptor
OpenSCManagerA
RegDeleteValueA
RegCloseKey
AllocateAndInitializeSid
RegEnumKeyA
DeleteService
RegCreateKeyExA
RegEnumValueA
AdjustTokenPrivileges
OpenThreadToken
CreateServiceA
CloseServiceHandle
RegQueryValueA
OpenProcessToken
OpenServiceA
RegQueryValueExA
RegCreateKeyA
QueryServiceConfigA
RegEnumKeyExA
ControlService
RegSetValueExA
SetSecurityDescriptorDacl
RegOpenKeyExA
FreeSid
ChangeServiceConfigA
RegDeleteKeyA
LookupPrivilegeValueA
GetUserNameA
QueryServiceStatus
StartServiceA
RegOpenKeyA

oleaut32

LoadTypeLi

comdlg32

GetFileTitleA
GetSaveFileNameA

winspool.drv

GetPrinterDriverDirectoryA
GetPrinterA
AddPrinterDriverA
EnumJobsA
DocumentPropertiesA
DeviceCapabilitiesA
ClosePrinter
AddPrinterA
ord204
EnumPrinterDriversA

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

632167ef61781d69542fb8576ba53cf3

Headers

File Characteristics

Imports

user32

kernel32

shell32

comctl32

advapi32

oleaut32

comdlg32

winspool.drv

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 268KB - Virtual size: 267KB

.data Size: 80KB - Virtual size: 83KB

.rsrc Size: 72KB - Virtual size: 68KB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 268KB - Virtual size: 267KB

.data
Size: 80KB - Virtual size: 83KB

.rsrc
Size: 72KB - Virtual size: 68KB