37bf4f54b06bc79d340eb38d1bbbaebb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37bf4f54b06bc79d340eb38d1bbbaebb_JaffaCakes118
Size

504KB
MD5

37bf4f54b06bc79d340eb38d1bbbaebb
SHA1

38b078e7ace290a9ac1a5b924e8b12d91898f7ca
SHA256

1ddede614fcdf313092e39f62e865439a2ba212ca95a85a57538a48518933760
SHA512

e667da1ad115836cd1080a73fa3f55effdb2a42415f472e5d7bdd157582a8c4f82d4e7e143de9d45db563de4ca63eb154edadcfa6cc8f64a77d6f0f7dffa664a
SSDEEP

12288:Xf77quA2tQB63rdRu6azgUejoufEmqe3u0v:T9A2uBMdat7uG+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37bf4f54b06bc79d340eb38d1bbbaebb_JaffaCakes118

Files

37bf4f54b06bc79d340eb38d1bbbaebb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

260eacf63687a7fb8035f72f51df3d61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\eve.pdb

Imports

kernel32

IsValidLocale
VirtualFree
GetStartupInfoA
GetModuleFileNameA
GetSystemTimeAdjustment
TerminateProcess
SetFilePointer
GetOEMCP
SetEnvironmentVariableA
CreateFileA
TlsFree
GetConsoleCP
GetCurrentProcessId
FlushFileBuffers
ReadFile
QueryPerformanceCounter
GetStringTypeA
SetUnhandledExceptionFilter
MultiByteToWideChar
LoadLibraryA
FreeLibrary
DeleteCriticalSection
TlsGetValue
ExitProcess
WideCharToMultiByte
GetModuleHandleA
GetCommandLineA
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
FreeEnvironmentStringsW
EnterCriticalSection
LCMapStringA
TlsSetValue
GetSystemTimeAsFileTime
GetStdHandle
GetStringTypeW
InterlockedExchange
GetLocaleInfoA
IsDebuggerPresent
GetCurrentProcess
CloseHandle
SetHandleCount
WriteConsoleA
GetLocaleInfoW
IsValidCodePage
CompareStringA
InterlockedIncrement
InterlockedDecrement
WriteFile
GetModuleHandleW
WriteConsoleW
LocalLock
EnumSystemLocalesA
GetTimeZoneInformation
OpenMutexA
HeapCreate
VirtualQuery
HeapReAlloc
UnhandledExceptionFilter
GetDateFormatA
GetCPInfo
GetACP
GetFileType
SetConsoleCtrlHandler
CreateMutexA
GetLastError
GetCurrentThread
TlsAlloc
SetStdHandle
GetEnvironmentStrings
VirtualAlloc
HeapAlloc
CompareStringW
GetCurrentThreadId
HeapSize
GetConsoleOutputCP
Sleep
LCMapStringW
HeapFree
LeaveCriticalSection
GetConsoleMode
GetTickCount
SetLastError
GetProcAddress
FreeEnvironmentStringsA
lstrcpynW
RtlUnwind
GetSystemDirectoryW
GetTimeFormatA
HeapDestroy
GetEnvironmentStringsW

user32

GetOpenClipboardWindow
EnumDesktopWindows
MessageBoxW
IsWindowVisible
ShowWindow
RegisterClipboardFormatW
GetComboBoxInfo
DefWindowProcA
LoadImageA
SetWindowLongW
AttachThreadInput
CloseWindow
GetUserObjectSecurity
EnumThreadWindows
InflateRect
DestroyWindow
GetCapture
PostMessageW
GetClassNameA
EndDialog
DdeQueryStringW
GetPriorityClipboardFormat
GetWindowDC
RegisterClassA
DefFrameProcW
FindWindowA
RegisterClassExA
CharNextExA
DlgDirListA
RegisterHotKey
CreateWindowExA
EnableWindow
GetDlgItemInt
GetClassLongA
SwapMouseButton
OpenDesktopA
DefMDIChildProcA
CreateWindowStationW
SetDoubleClickTime
DdeAbandonTransaction
GetScrollPos
LoadMenuW
ShowOwnedPopups
UnloadKeyboardLayout

advapi32

RegQueryInfoKeyA
LookupAccountSidW
CryptDestroyKey
LookupSecurityDescriptorPartsA
CryptCreateHash
CryptGetDefaultProviderA
RegCreateKeyExW
CryptAcquireContextA
RegFlushKey
RegQueryMultipleValuesW
RegQueryInfoKeyW
RegRestoreKeyA
RegEnumKeyExA
RegRestoreKeyW
LookupPrivilegeDisplayNameW
RegDeleteValueA
CreateServiceA
ReportEventW
RegSetValueW
LookupAccountSidA
InitiateSystemShutdownA
RegEnumValueA
RegSaveKeyW
CryptDecrypt
CryptGetDefaultProviderW

wininet

GopherFindFirstFileA
FindFirstUrlCacheEntryExA
GopherGetAttributeW
FindNextUrlCacheEntryExA
IsHostInProxyBypassList
FtpSetCurrentDirectoryW

comctl32

ImageList_Draw
InitMUILanguage
ImageList_SetDragCursorImage
DrawStatusTextW
ImageList_GetBkColor
CreateToolbarEx
InitCommonControlsEx
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_SetFlags
ImageList_GetFlags
ImageList_Add
ImageList_GetImageCount
ImageList_GetImageRect
ImageList_DrawEx
CreateStatusWindowW
ImageList_ReplaceIcon

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

260eacf63687a7fb8035f72f51df3d61

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

wininet

comctl32

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 260KB - Virtual size: 257KB

.data Size: 108KB - Virtual size: 122KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 260KB - Virtual size: 257KB

.data
Size: 108KB - Virtual size: 122KB

.rsrc
Size: 32KB - Virtual size: 30KB