3840dd98f303f4894fa38114791022b1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3840dd98f303f4894fa38114791022b1_JaffaCakes118
Size

560KB
MD5

3840dd98f303f4894fa38114791022b1
SHA1

5f4d938eb3edd1a0a50c0ae8ee7ed3accc0ec4b5
SHA256

97dc10f99d95b0fe4c203a3a75745e8c493af61ba37e7004780d03b3aacaa3ea
SHA512

a19e2c6f4c83bb0444e4eb209a9b657b5b1867957647d09c89aba752ae2df07630a83afe2fedf649afa2fd0d492d288aa426c8de04a58e86a8b3398aee04fed7
SSDEEP

12288:TFUNqz//5zNs2cx9E9ZKQHS+hQgchFS1u+3iei36F09SD4Oiv:RUi35zNsxwKQHYW133U9XOE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3840dd98f303f4894fa38114791022b1_JaffaCakes118

Files

3840dd98f303f4894fa38114791022b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3a80dce5156145c3513aa3f7233d79f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\pmar

Imports

comdlg32

ChooseFontW
PageSetupDlgW

shell32

SHBrowseForFolderA

kernel32

FreeEnvironmentStringsW
EnumSystemCodePagesA
FindNextFileA
VirtualQuery
EnterCriticalSection
FindFirstFileExA
GetEnvironmentStringsW
GetVolumeInformationA
GetCommandLineW
GlobalAddAtomW
EnumDateFormatsA
RtlMoveMemory
OpenWaitableTimerA
GetFileType
EnumResourceNamesA
WriteFile
SetFilePointer
InitializeCriticalSection
GetSystemTimeAsFileTime
GetProcAddress
CreateRemoteThread
ExitProcess
FlushFileBuffers
GetTimeZoneInformation
WideCharToMultiByte
TlsFree
GetStartupInfoA
TlsGetValue
GetLastError
lstrcpy
GlobalGetAtomNameW
TerminateProcess
GetModuleFileNameA
MoveFileW
GetLocalTime
VirtualAlloc
GetStartupInfoW
InterlockedIncrement
SetLastError
GetCalendarInfoW
OpenWaitableTimerW
HeapAlloc
GetCurrentProcess
GetVersion
GetSystemTime
GetStringTypeA
CloseHandle
UnhandledExceptionFilter
GlobalLock
GetCurrentProcessId
GlobalFlags
GetCPInfo
lstrcpyn
TlsSetValue
RtlUnwind
HeapReAlloc
RemoveDirectoryW
GetModuleFileNameW
GetLogicalDrives
OpenSemaphoreW
FoldStringW
CompareStringA
EnumResourceLanguagesA
QueryPerformanceCounter
GetTimeFormatA
HeapDestroy
SetEvent
GetEnvironmentVariableA
GetComputerNameW
InterlockedExchange
GetThreadPriorityBoost
SetHandleCount
LoadLibraryA
GetFileSize
SetEnvironmentVariableA
GetProcAddress
GetStringTypeW
ReleaseMutex
FlushViewOfFile
WaitCommEvent
OpenMutexA
DeleteCriticalSection
CompareStringW
ExpandEnvironmentStringsA
LCMapStringA
CreateMutexA
GetTickCount
SetConsoleTitleW
VirtualQueryEx
WriteConsoleW
LeaveCriticalSection
CreateProcessA
GetTempPathW
SetThreadAffinityMask
lstrcatA
GetStdHandle
SetThreadLocale
GetVersionExW
SetConsoleCursorPosition
SetCurrentDirectoryW
DeleteFiber
SetStdHandle
IsBadWritePtr
EnumResourceLanguagesW
TlsAlloc
CreateFileA
HeapCreate
InterlockedDecrement
CreateFileW
FreeEnvironmentStringsA
VirtualFreeEx
GetNamedPipeInfo
ReadFile
LCMapStringW
MultiByteToWideChar
GetShortPathNameA
GetDateFormatW
GetCurrentThread
VirtualFree
LocalFileTimeToFileTime
GetOEMCP
GetEnvironmentStrings
FoldStringA
HeapFree
EnumSystemLocalesA
GetModuleHandleA
FindFirstFileA
SetComputerNameA
MapViewOfFileEx
LocalReAlloc
GetCurrentThreadId
FindResourceA
GetCommandLineA
LocalCompact

gdi32

GetEnhMetaFilePaletteEntries
CreateColorSpaceW
CreateDCA
GetObjectW
CreateRoundRectRgn
GetGraphicsMode
SetViewportExtEx
DeleteDC
EnumFontsW
SelectObject
GetDeviceCaps
DeleteMetaFile

comctl32

ImageList_SetFilter
ImageList_ReplaceIcon
CreateToolbar
ImageList_Add
GetEffectiveClientRect
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_GetImageRect
ImageList_Copy
ImageList_AddIcon
ImageList_LoadImageA
ImageList_Create
ImageList_Duplicate
ImageList_GetIcon
CreatePropertySheetPageW

user32

MessageBeep
IsChild
UpdateWindow
InSendMessageEx
RegisterClassA
GetWindowRect
ClientToScreen
LoadAcceleratorsW
DrawMenuBar
DdeReconnect
DdeConnect
SetMenuItemInfoW
SetWindowsHookW
RegisterClassExA
DispatchMessageW
DragDetect
IsZoomed
OemKeyScan
GetScrollPos
LoadCursorA
InvertRect
EndPaint
CheckRadioButton
GetGuiResources
CharNextA
SetLastErrorEx
DrawAnimatedRects
WINNLSGetIMEHotkey
ReuseDDElParam
GetShellWindow
LoadBitmapW
LoadAcceleratorsA
GetMenuItemRect
IsDialogMessage
DefWindowProcA
PostThreadMessageA
DrawTextW
IsCharLowerA
CallMsgFilter
GetClipboardOwner
GetCaretBlinkTime
MessageBoxExA
DdeGetLastError
SetRect
IsWindow
GetWindowModuleFileNameW
GetClipboardFormatNameW
CharUpperBuffW
SystemParametersInfoW
IsDlgButtonChecked
SetClassLongW
GetWindowLongA
ShowOwnedPopups
GetAncestor
DrawCaption
SetShellWindow

advapi32

InitiateSystemShutdownW
RegDeleteKeyW
RegEnumKeyA
CryptContextAddRef
CreateServiceA
CryptDeriveKey
CryptCreateHash
RegRestoreKeyA
RegDeleteValueW
CryptSignHashA
RegSetKeySecurity
RegQueryValueA
AbortSystemShutdownA
CryptGetUserKey
RegQueryMultipleValuesA
CryptEnumProviderTypesW
CryptGetProvParam
LookupSecurityDescriptorPartsA
GetUserNameW
ReportEventW
LogonUserW
CryptGetHashParam
RegQueryValueExA

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3a80dce5156145c3513aa3f7233d79f

Headers

File Characteristics

PDB Paths

Imports

comdlg32

shell32

kernel32

gdi32

comctl32

user32

advapi32

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 264KB - Virtual size: 261KB

.data Size: 108KB - Virtual size: 115KB

.rsrc Size: 44KB - Virtual size: 41KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 264KB - Virtual size: 261KB

.data
Size: 108KB - Virtual size: 115KB

.rsrc
Size: 44KB - Virtual size: 41KB