3787cf6fa215b6c246d50ef57e3e291c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3787cf6fa215b6c246d50ef57e3e291c_JaffaCakes118
Size

432KB
MD5

3787cf6fa215b6c246d50ef57e3e291c
SHA1

f705170798142735bdc876c010dc8e8faa520f9b
SHA256

6ac104b7c0ed88af810cb42f56b7152cf5c8169804a3db73419ca678b3f4e730
SHA512

db33a47d13329ae72c54ee6b99aa7c64435115b8efefe4f2406aaf5c25926ed50336c724f44c46fdbc64cda7abb5eb4a2089529d3d171d120ccc62f1389cddae
SSDEEP

12288:KOjMz8yoIbM5XCFJYFy3GUwdeOuuGYEfJbeG:KOjM0ZCl3V2uuGYGV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3787cf6fa215b6c246d50ef57e3e291c_JaffaCakes118

Files

3787cf6fa215b6c246d50ef57e3e291c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2c1fe644f4f8c41a55f9758c0c4d6698

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\empqlwue\vlvcik\flequvsky\nopo\gleegpys.pdb

Imports

gdi32

RectVisible
GetArcDirection
AnimatePalette
GetDeviceCaps
UpdateICMRegKeyW
CreateDCA
AddFontResourceW
LineDDA
GetCharABCWidthsA
Escape
SetDeviceGammaRamp
GetCharWidth32A
CreateDIBPatternBrush
CreateScalableFontResourceA
SetDIBits
PolyBezier
DeleteDC
GetCharWidthW
Ellipse
StartDocW
SetTextAlign
GetTextCharsetInfo
DeleteObject
GetObjectA
GetMetaFileW
CreateEllipticRgnIndirect
StartDocA

comdlg32

ChooseFontW
PrintDlgA
GetOpenFileNameW
ReplaceTextA

comctl32

ImageList_SetFilter
ImageList_Write
ImageList_GetImageInfo
CreateToolbarEx
CreatePropertySheetPageA
DrawInsert
ImageList_LoadImageA
ImageList_Merge
InitCommonControlsEx
DrawStatusTextW
ImageList_Copy
MakeDragList
ImageList_DragEnter
ImageList_Create
CreateUpDownControl
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Add
ImageList_DrawEx
DrawStatusTextA
ImageList_SetDragCursorImage
GetEffectiveClientRect
ImageList_SetFlags
ImageList_Destroy
CreateMappedBitmap
ImageList_LoadImage

kernel32

FreeEnvironmentStringsW
WriteFile
CreateFileA
GetCurrentProcess
HeapAlloc
SetHandleCount
TlsSetValue
GetTimeFormatA
WaitForSingleObject
HeapReAlloc
GetProcAddress
GetProcessHeap
GetCPInfo
GetPrivateProfileIntW
WriteConsoleW
CreateMutexA
FindResourceA
GetConsoleOutputCP
SetLastError
FlushFileBuffers
HeapCreate
CreateNamedPipeW
IsBadReadPtr
IsDebuggerPresent
InterlockedDecrement
RtlUnwind
TlsAlloc
GetStdHandle
VirtualFree
GetDateFormatA
OpenWaitableTimerW
ReadFile
SetUnhandledExceptionFilter
GetFileType
LCMapStringA
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsA
InitializeCriticalSection
FindAtomA
SetConsoleCtrlHandler
GetModuleFileNameA
GetLastError
GetCommandLineA
SetStdHandle
OpenFile
GetOEMCP
ExitProcess
GetCommandLineW
HeapValidate
GetSystemTimeAsFileTime
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStrings
SetFilePointer
OutputDebugStringA
GetModuleFileNameW
VirtualQuery
CreateDirectoryExW
LeaveCriticalSection
UnhandledExceptionFilter
GetCurrentThreadId
GetSystemDefaultLCID
GetPrivateProfileSectionNamesW
EnterCriticalSection
GetLocaleInfoW
RtlZeroMemory
GetConsoleMode
LCMapStringW
IsValidCodePage
TerminateProcess
DeleteCriticalSection
GetVersionExA
GetACP
OpenMutexA
InterlockedIncrement
HeapDestroy
MultiByteToWideChar
IsValidLocale
GetLocaleInfoA
HeapFree
VirtualAlloc
GetModuleHandleA
SetEnvironmentVariableA
SetFileTime
LoadLibraryW
CloseHandle
GetStringTypeW
GetCurrentProcessId
GetTickCount
SetVolumeLabelW
WideCharToMultiByte
CompareStringW
GetStartupInfoW
RaiseException
InterlockedExchange
TlsFree
GetCurrentThread
GetStringTypeA
CompareStringA
lstrlenA
GetStartupInfoA
DebugBreak
OutputDebugStringW
WriteConsoleA
GetVersionExW
FreeLibrary
GetUserDefaultLCID
EnumSystemLocalesA
LoadLibraryA
TlsGetValue

shell32

SHGetMalloc

advapi32

LookupPrivilegeNameA
RegCreateKeyExA
GetUserNameA
CryptSetProviderA
RegSetValueA
InitiateSystemShutdownA
InitiateSystemShutdownW
RegQueryValueExA
CryptGetDefaultProviderW
RegEnumValueA
RegDeleteValueA
ReportEventA
StartServiceA
CryptDestroyHash
RegSetValueExW
RegOpenKeyW
RegSetKeySecurity
CryptGenKey
RegReplaceKeyA
CreateServiceW
RegDeleteKeyA
ReportEventW
CryptSetKeyParam
LookupSecurityDescriptorPartsA
RegConnectRegistryW

user32

RedrawWindow
GetMenuInfo
DestroyWindow
GetGuiResources
EnumDisplaySettingsW
DefWindowProcA
SetMessageExtraInfo
RegisterClassA
GetWindow
MessageBoxA
LoadMenuW
SetLastErrorEx
PostQuitMessage
ShowWindow
SetMenuItemBitmaps
GetKeyboardLayoutList
BroadcastSystemMessage
RegisterClassExA
EndTask
CreateMDIWindowW
ToAscii
CreateWindowExW
GetParent
TranslateMessage
EnumPropsExW

Sections

.text
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c1fe644f4f8c41a55f9758c0c4d6698

Headers

File Characteristics

PDB Paths

Imports

gdi32

comdlg32

comctl32

kernel32

shell32

advapi32

user32

Sections

.text Size: 216KB - Virtual size: 213KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 88KB - Virtual size: 110KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 216KB - Virtual size: 213KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 88KB - Virtual size: 110KB

.rsrc
Size: 16KB - Virtual size: 15KB