361096bb68c3e37515169aa1084d65cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

361096bb68c3e37515169aa1084d65cb_JaffaCakes118
Size

212KB
MD5

361096bb68c3e37515169aa1084d65cb
SHA1

dbd10e75153e3c6aa258cbd8279ac031b6e15760
SHA256

43cfe89546e455b6b51bb0947d7ec864af6a96cbf6e5311cd1c2b5b99e968f2b
SHA512

16c669057585fafcb8ed974b9e3a9de3d1dcc44bcf76b6ae35d0330e20f2e164ba37c9d7dbe17e197beeb6ecbb5b2993cb2976d90e092f2d78f78015739e2b3d
SSDEEP

3072:gE8HV1KweD4PTW+LwKRcsW2q15Lir1fTd+g9wZylhZY0nxp:kH6D4PS+8sca0Fafh+guZoYa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
361096bb68c3e37515169aa1084d65cb_JaffaCakes118

Files

361096bb68c3e37515169aa1084d65cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b94cf4c168e72a1d38843fccb8846702

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hookdll

?UninstallHook@@YAHXZ
?InstallHook@@YAHPAUHWND__@@0@Z
?SetCallerId@@YAXPAG@Z
?SetIniFilePath@@YAXPAG@Z

kernel32

GetStartupInfoW
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
TerminateProcess
RaiseException
HeapSize
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetModuleFileNameA
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetStringTypeA
GetStringTypeW
GetCPInfo
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetPrivateProfileIntW
GetCurrentThreadId
Sleep
GetModuleFileNameW
DeleteFileW
CopyFileW
WritePrivateProfileStringW
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
CloseHandle
UnmapViewOfFile
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
GetVersion
lstrcpyW
InterlockedIncrement
InterlockedDecrement
lstrlenW
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FormatMessageW
GetCurrentThread
GetFileTime
GetFileSize
GetFileAttributesW
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalDeleteAtom
GlobalAlloc
lstrcmpW
GlobalLock
CreateFileW
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetProcessVersion
GlobalFlags
lstrcmpiW
MulDiv
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcpynW
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetThreadLocale
GetModuleHandleA
LoadLibraryA
FreeLibrary
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
GetModuleHandleW
GetProcAddress
GlobalUnlock
GlobalFree
LockResource
FindResourceW
LoadResource

user32

GetNextDlgGroupItem
MessageBeep
CharUpperW
RegisterClipboardFormatW
PostThreadMessageW
GetWindowDC
PtInRect
GetClassNameW
ClientToScreen
GetDesktopWindow
LoadCursorW
GetDC
ReleaseDC
DestroyMenu
LoadStringW
CharNextW
MoveWindow
SetWindowTextW
IsDialogMessageW
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
SetRect
GetClientRect
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetWindowTextW
GetDlgCtrlID
DefWindowProcW
CreateWindowExW
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
GetForegroundWindow
GetWindow
SetWindowLongW
RegisterWindowMessageW
OffsetRect
SystemParametersInfoW
GetWindowPlacement
GetWindowRect
EndDialog
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
SetMenuItemBitmaps
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
CopyAcceleratorTableW
GetSysColorBrush
GrayStringW
DrawTextW
TabbedTextOutW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageW
SetWindowsHookExW
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongW
MessageBoxW
SetCursor
EnableWindow
PostQuitMessage
LoadMenuW
GetSubMenu
GetMenuState
CheckMenuItem
GetCursorPos
GetSystemMenu
AppendMenuW
SetWindowPos
LoadIconW
FindWindowW
ShowWindow
UpdateWindow
IsIconic
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
SetActiveWindow
SendMessageW
PostMessageW
keybd_event
IsWindow
KillTimer
SetTimer
UnregisterClassW

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
DPtoLP
LPtoDP
GetMapMode
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetStockObject
GetDeviceCaps
GetBkColor
GetTextColor
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

Shell_NotifyIconW

comctl32

ord17

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemAlloc

olepro32

ord253

oleaut32

SysStringLen
VariantCopy
SysAllocString
VariantChangeType
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString

winmm

mixerGetDevCapsW
mixerOpen
mixerGetLineInfoW
mixerGetLineControlsW
mixerSetControlDetails
mixerClose
mixerGetControlDetailsW
mixerGetNumDevs

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b94cf4c168e72a1d38843fccb8846702

Headers

File Characteristics

Imports

hookdll

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

winmm

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 16KB - Virtual size: 13KB