31741fa3568750d26ee03fe0c32b560b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31741fa3568750d26ee03fe0c32b560b_JaffaCakes118
Size

262KB
MD5

31741fa3568750d26ee03fe0c32b560b
SHA1

5a81b60db65ee170f1aff21568ab1579579de60a
SHA256

c2d492837f481630bf6fa3a8a46640f7a45a24339d44e5aebbafb3368b46e820
SHA512

be31ffcfe3a715bf90b18953ef3db6bf0045271ac98fefa832d4be6a04a7233d97020fedd93993100a759c76782235fe68adfcacd7ecb01c3376c3ff7a2c9fa4
SSDEEP

6144:/AOTXcblksLgwsOMn9RNwzJsT52CQlnyK:/eRkwMn9RNwziwDyK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31741fa3568750d26ee03fe0c32b560b_JaffaCakes118

Files

31741fa3568750d26ee03fe0c32b560b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bb11f82b447bcf469f7163d6005c2af5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

kernel32

GetCurrentProcess
GetSystemWindowsDirectoryW
SetEnvironmentVariableW
WaitForSingleObject
GetModuleHandleW
GetPrivateProfileStringW
InitializeCriticalSection
GetSystemDirectoryW
LoadLibraryW
CopyFileW
SizeofResource
FormatMessageW
GetVersionExW
GetExitCodeProcess
GetFileAttributesW
ReadFile
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
lstrlenW
RaiseException
GetLastError
GetProcAddress
CreateFileMappingW
lstrcmpiW
InterlockedDecrement
DeleteCriticalSection
CloseHandle
DeleteFileW
GetCurrentProcessId
LocalFree
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
InterlockedIncrement
LoadLibraryExW
CreateProcessW
LoadResource
FreeLibrary
FindResourceW
UnmapViewOfFile
MapViewOfFile
GetFileSize
GetEnvironmentVariableW
HeapSetInformation
GetCommandLineW
lstrlenA
SetFilePointer
CreateEventW
CreateMutexW
DuplicateHandle
GetSystemDefaultLCID
SetEvent
GetVersion
GetModuleHandleA
lstrcmpA
GetVersionExA
GetSystemInfo
ReleaseMutex
CreateDirectoryW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
MulDiv
GetTempFileNameW
GetTempPathW
LocalAlloc
InterlockedExchange
LoadLibraryA
GetStartupInfoW
HeapFree
HeapAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
SetUnhandledExceptionFilter
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA

dlmgr

?NeedToCheckCert@CDownloadJob@dlmgr@@SGHH@Z

user32

SetForegroundWindow
MsgWaitForMultipleObjects
CharNextW
GetSystemMetrics
GetDC
SystemParametersInfoW
ExitWindowsEx
TranslateMessage
PeekMessageW
MessageBoxW
DispatchMessageW
ReleaseDC
MessageBoxA
LoadStringA

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString
VarBstrCmp

ole32

StringFromCLSID
CoCreateInstance
CoTaskMemRealloc
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoLoadLibrary
CoFreeUnusedLibraries
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
CoUninitialize
CoRegisterClassObject

shell32

ShellExecuteW

setupapi

SetupIterateCabinetW

wintrust

WinVerifyTrust

shlwapi

PathFileExistsW

gdi32

DeleteObject
CreateFontIndirectW
GetDeviceCaps

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb11f82b447bcf469f7163d6005c2af5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

dlmgr

user32

oleaut32

ole32

shell32

setupapi

wintrust

shlwapi

gdi32

Sections

.text Size: 204KB - Virtual size: 203KB

.data Size: 10KB - Virtual size: 25KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 204KB - Virtual size: 203KB

.data
Size: 10KB - Virtual size: 25KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 32KB - Virtual size: 32KB