35f17e76631686f4e4a5d5474125b472_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35f17e76631686f4e4a5d5474125b472_JaffaCakes118
Size

647KB
MD5

35f17e76631686f4e4a5d5474125b472
SHA1

e1ca7119b97967ff93f68951be8955d539bb7583
SHA256

95dc273e2d87c66558f48d3eaf96af18ec38195958e7e7b72d06fde3ce4be076
SHA512

bbe9cb00d2b728649532f737eacaa87821e7333c68d7bafb141232fe84a84bd930046f1d7e0842f0a7a55d13a6c116702d1df0f7f287bec9cef7572484de0b48
SSDEEP

12288:4iG7nGBjyrQgRhhPniZfJwOfKkKOljBpPCHGKdJid2gHyExXKrocjd4HSMFOtNSC:VG7NXtn4wO3jB4nd67lX26H5OtNSIH1f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35f17e76631686f4e4a5d5474125b472_JaffaCakes118

Files

35f17e76631686f4e4a5d5474125b472_JaffaCakes118
.exe windows:4 windows x86 arch:x86

accf2a7e61beaf28ce436e69e1d437c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\bpj\dlcen\jsfs

Imports

comctl32

ImageList_GetIcon
ImageList_EndDrag
ImageList_Create
ImageList_LoadImageA
InitCommonControlsEx
DrawStatusTextA
CreatePropertySheetPageA
ImageList_DrawIndirect
ImageList_DragShowNolock
DrawInsert

user32

DestroyWindow
DdeQueryStringA
GetClassWord
EnableWindow
RegisterClassExA
SetDlgItemTextA
GetMenuInfo
RealGetWindowClass
CreateAcceleratorTableW
SendNotifyMessageA
ReplyMessage
ImpersonateDdeClientWindow
InsertMenuW
RegisterClassExW
CheckDlgButton
LookupIconIdFromDirectoryEx
TrackPopupMenuEx
SendIMEMessageExW
DefWindowProcW
DefFrameProcW
DdeUnaccessData
DrawMenuBar
SetLastErrorEx
EnumDisplaySettingsA
EnumDisplaySettingsExW
EnumDisplayDevicesA
MoveWindow
ShowCursor
GetUpdateRect
BeginPaint
CharLowerW
LoadMenuIndirectA
CharPrevA
GetClipboardViewer
GetClipboardSequenceNumber
ToUnicode
CreateWindowExA
DdeCreateStringHandleW
SetSystemCursor
DestroyAcceleratorTable
GetParent
GetWindowTextW
GetKeyboardLayoutList
OemToCharW
GetWindowInfo
ShowWindow
AttachThreadInput
GetClassNameW
GrayStringA
DlgDirListComboBoxW
MessageBoxA
GetKeyboardLayoutNameA
WaitForInputIdle
SwitchToThisWindow
LoadImageA
PtInRect
GetMonitorInfoA
GetClipboardOwner
GetQueueStatus
GetMessageA
RegisterClassA
GetMessagePos

kernel32

TransmitCommChar
SetWaitableTimer
GetCPInfo
SetFilePointer
WriteFile
GetProcAddress
GetModuleFileNameA
VirtualAlloc
SetComputerNameA
InitializeCriticalSectionAndSpinCount
TlsAlloc
InitializeCriticalSection
GetCurrentProcess
GetLocalTime
GetPrivateProfileIntA
GetModuleHandleA
GetOEMCP
GetProcessAffinityMask
TlsFree
WriteConsoleInputA
GetStringTypeA
OpenMutexA
GlobalHandle
LeaveCriticalSection
LoadLibraryA
LCMapStringW
GetThreadContext
GetCurrentThreadId
HeapFree
DebugBreak
RtlUnwind
LCMapStringA
GetLongPathNameA
VirtualProtectEx
HeapReAlloc
VirtualFree
GetEnvironmentStrings
GetStringTypeW
RtlZeroMemory
GetTickCount
GetNamedPipeHandleStateA
GetFileType
SetConsoleTitleW
ReadConsoleOutputAttribute
MultiByteToWideChar
InterlockedDecrement
GlobalGetAtomNameA
WritePrivateProfileStringA
GetTempFileNameW
QueryPerformanceCounter
GetComputerNameA
HeapCreate
GlobalAlloc
WideCharToMultiByte
FreeEnvironmentStringsW
HeapAlloc
ReadConsoleOutputW
IsBadWritePtr
MoveFileA
GetSystemTime
FreeEnvironmentStringsA
UnhandledExceptionFilter
EnterCriticalSection
CompareStringW
GetSystemTimeAsFileTime
GetStringTypeExW
GetCommandLineA
TerminateProcess
GetCompressedFileSizeW
SetFileAttributesW
GetCurrentThread
GetUserDefaultLCID
PulseEvent
EnumResourceLanguagesA
GetCurrentProcessId
EnumSystemLocalesW
ReleaseSemaphore
ReadFile
LockFile
GetStringTypeExA
SetStdHandle
InterlockedCompareExchange
GetStartupInfoA
GetAtomNameW
HeapDestroy
FileTimeToSystemTime
CreateSemaphoreA
InterlockedIncrement
SetHandleCount
GetWindowsDirectoryA
FindFirstFileExW
GetTimeZoneInformation
GetVersion
CreateDirectoryA
GetFileTime
GetCalendarInfoA
UnmapViewOfFile
FileTimeToLocalFileTime
ExitProcess
VirtualLock
ReleaseMutex
TryEnterCriticalSection
SetLastError
GetStdHandle
LocalShrink
GetSystemDirectoryW
WritePrivateProfileSectionA
InterlockedExchange
GetDiskFreeSpaceW
TlsSetValue
FlushFileBuffers
SetEnvironmentVariableA
CloseHandle
GetLastError
CreateToolhelp32Snapshot
GetStartupInfoW
CreateMutexA
EnumResourceNamesA
GlobalCompact
GlobalFlags
TransactNamedPipe
GetEnvironmentStringsW
TlsGetValue
GetACP
SetThreadContext
CompareFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
GetTempPathA
SetEvent
VirtualQuery
CompareStringA
SetConsoleActiveScreenBuffer

gdi32

SetAbortProc
ResetDCA
CopyEnhMetaFileW
GetOutlineTextMetricsW
StartDocW
CombineTransform
SetMiterLimit
PtInRegion
RestoreDC

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

accf2a7e61beaf28ce436e69e1d437c0

Headers

File Characteristics

PDB Paths

Imports

comctl32

user32

kernel32

gdi32

Sections

.text Size: 170KB - Virtual size: 169KB

.rdata Size: 244KB - Virtual size: 244KB

.data Size: 112KB - Virtual size: 136KB

.rsrc Size: 119KB - Virtual size: 119KB

.text
Size: 170KB - Virtual size: 169KB

.rdata
Size: 244KB - Virtual size: 244KB

.data
Size: 112KB - Virtual size: 136KB

.rsrc
Size: 119KB - Virtual size: 119KB