386cb1944fe739494f2aa82e5125de57_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

386cb1944fe739494f2aa82e5125de57_JaffaCakes118
Size

208KB
MD5

386cb1944fe739494f2aa82e5125de57
SHA1

072fa5f4346dd1f0638bb481c314dfecc61f3421
SHA256

5071daca41f495a827f0a0d66405b57a20b8a1111f91ea774666b9432db90bdb
SHA512

3d8e8ffb1e3763d1d16ee0a914ddea59528aa6dbe9d39bd39c19c63b007372d97d170c7a5572dd6b269631ab303652434f3e74de9f827d2e770d7665168f7024
SSDEEP

6144:moZDADgltMYJjxdnAEjH2OyJtWKj8Wn0iWvd:mwbme/A0WaKT0v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
386cb1944fe739494f2aa82e5125de57_JaffaCakes118

Files

386cb1944fe739494f2aa82e5125de57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5750774d8dcf511bff26f78453992065

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
FileTimeToDosDateTime
GetShortPathNameA
lstrcpyA
FileTimeToSystemTime
LocalFree
CreateEventA
lstrcpyn
WaitForMultipleObjects
IsDebuggerPresent
IsBadReadPtr
GetStringTypeA
CreateMutexA
GetCurrentProcessId
SetLocaleInfoA
GetLongPathNameW
FreeLibrary
IsBadCodePtr
lstrcpynW
GetFileAttributesW
ExitProcess
CompareStringA
GetLogicalDrives
GetCurrentThread
FindAtomA
OpenEventA
CreateSemaphoreW
CopyFileA
CreateDirectoryW
CreateMutexW
OpenWaitableTimerA
GetOEMCP
GetSystemDirectoryW
GetDiskFreeSpaceW
LoadLibraryA
GetProcAddress
lstrcmpiA
GetCommandLineW
CreateEventW
DisconnectNamedPipe

user32

SetActiveWindow
WaitMessage
FrameRect
EnumDesktopsW
GetScrollPos
GetClassNameA
InvalidateRgn
EnumWindows
SetWindowLongW
SetCursorPos
DialogBoxParamA
CreateDesktopW
GetMessageA
DefWindowProcW
CreateDesktopA
CharUpperA
InsertMenuItemW
LoadCursorW
GetKeyboardType
LoadMenuA
GetWindowLongW
PostMessageA
SendMessageW
GetDC
GetDC
DrawTextW

gdi32

Pie
GetMetaFileBitsEx
GetGraphicsMode
GetStretchBltMode
CreateCompatibleBitmap
SetTextJustification
ExtEscape
ScaleViewportExtEx
AngleArc
CreateEnhMetaFileA
GetTextExtentPointI
CreateDCW
FontIsLinked
UnrealizeObject

advapi32

RegEnumValueA
RegOpenKeyExW
RegCloseKey
RegSaveKeyA
RegOpenKeyExA
RegReplaceKeyA
RegQueryValueW
RegDeleteKeyW
RegDeleteValueA

shell32

SHGetDataFromIDListA
SHGetFileInfoA

shlwapi

PathIsURLW
PathCompactPathExW
StrToInt64ExW
PathQuoteSpacesW
PathCombineW
SHGetInverseCMAP
PathAppendW
PathFindOnPathA
StrToIntA

comctl32

ImageList_DragMove
CreatePropertySheetPageW
ImageList_DrawEx
ImageList_Add
FlatSB_SetScrollPos

opengl32

glVertex3dv
glLineWidth

wininet

GopherFindFirstFileA
InternetSetDialState
InternetDial
InternetSetCookieA
HttpEndRequestA
InternetGetConnectedStateExA
FindCloseUrlCache
FindNextUrlCacheEntryA
UnlockUrlCacheEntryFileW
FtpDeleteFileA
InternetGoOnlineW
InternetTimeToSystemTime
FtpPutFileA
InternetEnumPerSiteCookieDecisionW
InternetGetCookieW
FtpPutFileW
UpdateUrlCacheContentPath

crypt32

CryptMemFree
CryptMemRealloc
CertOIDToAlgId
CertCreateCertificateContext
CertAddStoreToCollection
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CryptSignHashU
I_CryptAddRefLruEntry
I_CryptEnableLruOfEntries
CertAddEnhancedKeyUsageIdentifier

Sections

.UVJ
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.T
Size: 3KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l
Size: 4KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.goXnz
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.QEce
Size: 2KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uy
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OS
Size: 3KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gjM
Size: 2KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5750774d8dcf511bff26f78453992065

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

opengl32

wininet

crypt32

Sections

.UVJ Size: 4KB - Virtual size: 4KB

.T Size: 3KB - Virtual size: 374KB

.l Size: 4KB - Virtual size: 206KB

.goXnz Size: 9KB - Virtual size: 9KB

.QEce Size: 2KB - Virtual size: 179KB

.uy Size: 4KB - Virtual size: 19KB

.OS Size: 3KB - Virtual size: 29KB

.data Size: 90KB - Virtual size: 438KB

.gjM Size: 2KB - Virtual size: 295KB

.rsrc Size: 82KB - Virtual size: 82KB

.reloc Size: 1024B - Virtual size: 702B

.UVJ
Size: 4KB - Virtual size: 4KB

.T
Size: 3KB - Virtual size: 374KB

.l
Size: 4KB - Virtual size: 206KB

.goXnz
Size: 9KB - Virtual size: 9KB

.QEce
Size: 2KB - Virtual size: 179KB

.uy
Size: 4KB - Virtual size: 19KB

.OS
Size: 3KB - Virtual size: 29KB

.data
Size: 90KB - Virtual size: 438KB

.gjM
Size: 2KB - Virtual size: 295KB

.rsrc
Size: 82KB - Virtual size: 82KB

.reloc
Size: 1024B - Virtual size: 702B