342056d1c31392a9dbfa774952c43938_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

342056d1c31392a9dbfa774952c43938_JaffaCakes118
Size

568KB
MD5

342056d1c31392a9dbfa774952c43938
SHA1

37b170c4586042839ad3c1407a90da7fdeefb25c
SHA256

4fb73a134e3a5e7f9654e186239bd885481c4ddbb49e9056648e661f34c6260e
SHA512

2b11c8fda1e7e5d45a3271aa3c1e3846a22eb96511fa9998dd55c51a6282a5d07652d5166a3d99490ded5c4e3fa780ea835d970d24fd7279f0d9b234de83d9dc
SSDEEP

12288:YKDyUwm97uy4SXZmJwOAvxU34SUS/mdqlLh4xVZ0:YgyHO7urSM3wyUS/mdqlLY30

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
342056d1c31392a9dbfa774952c43938_JaffaCakes118

Files

342056d1c31392a9dbfa774952c43938_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3b5cc29f36ebddc9325ca0d34a68b57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\l

Imports

advapi32

RegQueryInfoKeyA
LookupPrivilegeValueA
LookupSecurityDescriptorPartsW
AbortSystemShutdownA
LookupAccountSidW
RegReplaceKeyW
CreateServiceW
RegLoadKeyW
RegEnumKeyExA
RegSetValueExW
CryptGetProvParam
LogonUserW
RegRestoreKeyW
CryptEnumProvidersW
CryptAcquireContextW
CryptExportKey
LookupAccountNameA
CryptEnumProviderTypesW
RegQueryMultipleValuesA
CryptGenRandom

user32

EnumDisplaySettingsExW
CountClipboardFormats
CreateDialogIndirectParamA
TrackMouseEvent
GetWindowThreadProcessId
GetClipboardData
GetClassNameA
VkKeyScanA
PostThreadMessageW
GetSysColorBrush
UnregisterDeviceNotification
UpdateWindow
DdeQueryStringW
CharUpperW
DestroyMenu
SetWindowWord
InsertMenuW
RegisterClassExA
CopyIcon
GetKeyboardLayoutNameA
DrawStateW
DrawFocusRect
GetDlgCtrlID
ReplyMessage
LoadBitmapA
GetGuiResources
DefMDIChildProcA
ActivateKeyboardLayout
GetDCEx
DefWindowProcW
DrawCaption
RegisterClassA
LoadMenuW
CreateMDIWindowA
SetWindowsHookW
InSendMessage
InsertMenuItemW
CheckMenuItem
IsDialogMessageW
IsWindowVisible
CallNextHookEx

kernel32

IsBadWritePtr
GetStartupInfoA
GetVersion
FreeEnvironmentStringsW
ReadFile
FlushFileBuffers
TlsFree
GetNamedPipeHandleStateA
SetConsoleCursorInfo
GetModuleHandleA
SetHandleCount
TlsAlloc
GetCommandLineA
LeaveCriticalSection
SetEnvironmentVariableA
InterlockedIncrement
TerminateProcess
InterlockedExchange
MultiByteToWideChar
LoadLibraryExA
WideCharToMultiByte
GetFileType
GetLastError
HeapReAlloc
GetStdHandle
VirtualQuery
GetProcAddress
GetStringTypeA
SetTimeZoneInformation
CloseHandle
UnhandledExceptionFilter
GetLocalTime
SetLastError
GetACP
GetProcessAffinityMask
GetModuleFileNameA
OpenMutexA
SetFilePointer
GetThreadPriorityBoost
LoadLibraryA
RtlUnwind
HeapFree
GetConsoleTitleW
GetCurrentProcess
LCMapStringW
InterlockedDecrement
WriteFile
CreateFileW
GetCurrentProcessId
ExitProcess
CompareStringW
GetTimeZoneInformation
GetThreadLocale
DeleteCriticalSection
HeapCreate
HeapAlloc
TlsSetValue
SetStdHandle
GetCurrentThread
GetSystemTimeAsFileTime
HeapDestroy
WritePrivateProfileSectionA
GetSystemTime
FindClose
LCMapStringA
GetCurrentThreadId
VirtualFree
WriteConsoleA
CompareStringA
CreateMutexA
lstrlenW
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
TlsGetValue
InitializeCriticalSection
GetOEMCP
GetCPInfo
GetConsoleCursorInfo
GetStartupInfoW
GetEnvironmentStrings
FreeEnvironmentStringsA
EnterCriticalSection
VirtualAlloc
GetTickCount

comctl32

ImageList_Copy
ImageList_DragMove
CreatePropertySheetPageA
ImageList_LoadImageA
ImageList_SetFlags
ImageList_GetImageCount
CreateToolbar
InitCommonControlsEx
ImageList_LoadImage
DrawStatusText
DrawStatusTextA
ImageList_Write
DrawStatusTextW
ImageList_GetIconSize
ImageList_Merge
ImageList_ReplaceIcon
ImageList_Destroy

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3b5cc29f36ebddc9325ca0d34a68b57

Headers

File Characteristics

PDB Paths

Imports

advapi32

user32

kernel32

comctl32

Sections

.text Size: 192KB - Virtual size: 189KB

.rdata Size: 252KB - Virtual size: 251KB

.data Size: 108KB - Virtual size: 119KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 192KB - Virtual size: 189KB

.rdata
Size: 252KB - Virtual size: 251KB

.data
Size: 108KB - Virtual size: 119KB

.rsrc
Size: 12KB - Virtual size: 11KB