37a5cb4df341b193473b1f89e9349f1c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37a5cb4df341b193473b1f89e9349f1c_JaffaCakes118
Size

501KB
MD5

37a5cb4df341b193473b1f89e9349f1c
SHA1

c8bc876ee841af71110773d10b3a4b5cfb8b14e3
SHA256

2f1a946b5be4b27115fedb140e8c047539440be1bdd095b484dc5aa251ed5d35
SHA512

a557cce3db56c2284d9a5848ceca3fb1f97381751163c0e17f61df443e572354e108e45d72ddf5c9e38d45b1e152b8dbcdf8f1b28e6ed90d7ad98e1bb3f9d42a
SSDEEP

12288:mjYs0QrRRrVeH/vvx0+rYPcn+k/gPIX/kMMnMMMMMFuZhJSnyo:mjKYRrVevylc1bkMMnMMMMMFY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37a5cb4df341b193473b1f89e9349f1c_JaffaCakes118

Files

37a5cb4df341b193473b1f89e9349f1c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2cd3aead606cb6d4c8d5625148fb2c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateA

kernel32

GlobalSize
GlobalReAlloc
GetExitCodeProcess
GlobalUnlock
GlobalLock
GetSystemDefaultLCID
GetSystemTime
GetFileTime
FileTimeToSystemTime
VirtualAlloc
GetModuleHandleA
GetStringTypeW
IsBadReadPtr
FlushInstructionCache
RemoveDirectoryA
_llseek
CreateSemaphoreA
WriteFile
HeapSize
GetSystemDirectoryA
lstrcpynA
WaitForSingleObject
GetVersionExA
SetCurrentDirectoryA
FlushFileBuffers
lstrlenA
VirtualQuery
GetSystemInfo
LoadLibraryA
SetFileAttributesA
FreeResource
GetCommandLineA
GetEnvironmentStringsW
LockResource
ResumeThread
GetVersion
SetErrorMode
CreateDirectoryA
SizeofResource
SetLastError
SetEndOfFile
LCMapStringA
HeapDestroy
lstrcpyA
GetACP
HeapFree
CloseHandle
GetUserDefaultLCID
_lclose
SetFilePointer
GetLastError
CreateThread
GetShortPathNameA
_lwrite
lstrcmpA
HeapAlloc
SetLocalTime
FreeEnvironmentStringsW
GlobalDeleteAtom
CompareStringW
FormatMessageA
GetFullPathNameA
UnhandledExceptionFilter
OpenProcess
GetProfileStringA
GetCurrentThreadId
GetCurrentDirectoryA
GetSystemDefaultLangID
LeaveCriticalSection
GetCurrentProcess
CreateProcessW
ExitThread
MoveFileA
FindClose
HeapReAlloc
LCMapStringW
InterlockedIncrement
GetFileAttributesA
ExitProcess
GetUserDefaultLangID
GetDriveTypeA
FormatMessageW
SetEvent
Sleep
GetEnvironmentStrings
GetStartupInfoA
HeapCreate
DuplicateHandle
GlobalAddAtomA
FreeEnvironmentStringsA
TlsSetValue
WideCharToMultiByte
LockFile
GetCPInfo
LoadResource
RtlUnwind
SystemTimeToFileTime
DeleteFileA
GetModuleFileNameW
MulDiv
CreateEventA
GetStringTypeExA
SetEnvironmentVariableA
GetWindowsDirectoryA
WinExec
GetTempFileNameA
SearchPathA
GetTickCount
GetCurrentProcessId
ReleaseSemaphore
TlsFree
RaiseException
GetStringTypeA
GlobalHandle
FindNextFileA
VirtualFree
CreateFileA
ResetEvent
GetOEMCP
GetFileType
lstrcatA
UnlockFile
ReadFile
GetLocalTime
lstrcmpiW
SetFileTime
GlobalAlloc
IsBadCodePtr
GetProcAddress
InitializeCriticalSection
SetStdHandle
MultiByteToWideChar
CreateProcessA
GetModuleFileNameA
VirtualProtect
lstrcmpiA
GetLocaleInfoA
CompareStringA
DeleteCriticalSection
TlsGetValue
FreeLibrary
GetDateFormatA
GlobalFree
TlsAlloc
InterlockedDecrement
FileTimeToLocalFileTime
GetStdHandle
TerminateProcess
SetHandleCount
_lread
FindFirstFileA
GetTimeZoneInformation
GetTempPathA
EnterCriticalSection
LoadLibraryExA
GetVolumeInformationA
FindResourceA

ws2_32

setsockopt
WSAConnect

samlib

SamConnectWithCreds
SamRemoveMultipleMembersFromAlias

user32

GetMessagePos
GetDlgItem
FindWindowA
GetCapture
MoveWindow
DdeDisconnect
EqualRect
GetMenuItemCount
GetCursor
GetWindowLongA
GetWindow
SetMenuDefaultItem
GetKeyboardState
LoadCursorA
ScreenToClient
ReleaseDC
SetScrollInfo
AdjustWindowRect
DdeFreeDataHandle
SetWindowContextHelpId
DdePostAdvise
MsgWaitForMultipleObjects
ModifyMenuA
SetScrollRange
GetLastActivePopup
IsClipboardFormatAvailable
CreateCursor
LoadImageA
DdeQueryStringA
GetDC
BeginPaint
DdeNameService
SendDlgItemMessageA
GetScrollPos
IsIconic

advapi32

LookupPrivilegeValueA
DeregisterEventSource
RegQueryValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyW
AdjustTokenPrivileges
RegSetValueExW
RegSetValueExA
RegDeleteValueA
SetSecurityDescriptorDacl
RegEnumKeyA
RegCreateKeyA
RegOpenKeyW
RegQueryValueExW
RegEnumValueA
RegisterEventSourceA
OpenProcessToken
RegQueryValueExA
RegOpenKeyA
RegSetValueA
RegCreateKeyW
InitializeSecurityDescriptor
ReportEventA
RegDeleteKeyW
RegDeleteKeyA
RegCloseKey
RegDeleteValueW
RegEnumValueW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2cd3aead606cb6d4c8d5625148fb2c9

Headers

File Characteristics

Imports

ddraw

kernel32

ws2_32

samlib

user32

advapi32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 155KB - Virtual size: 1024KB

.rsrc Size: 131KB - Virtual size: 131KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 155KB - Virtual size: 1024KB

.rsrc
Size: 131KB - Virtual size: 131KB