3927047050977743d412add552d31fec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3927047050977743d412add552d31fec_JaffaCakes118
Size

583KB
MD5

3927047050977743d412add552d31fec
SHA1

ac52a34ed6ce4d7404ab3f0851ba8a549e0480e9
SHA256

030715ab700d039f50ba8f6ea9a329e733480f928d2ee58b0b2d3e4555129a97
SHA512

8fd075fc015ed765ce3a1f8101a2fff60a99369925ab86711b3d9ac1e34d00ea4151373d318c6d5965cdb42f902a7b8901a4b68397c238b91911a5f31892bc9e
SSDEEP

12288:G9RhFE/7Srna4zcFfYBw/6HGr9taqKSYpFiSxC3QjFmUTh:G9RhV+4zcFfYBwI4YqVes33QZlTh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3927047050977743d412add552d31fec_JaffaCakes118

Files

3927047050977743d412add552d31fec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

03ea2a5735b7d26137d6878fec3c9196

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
_lclose
IsDBCSLeadByteEx
IsBadStringPtrA
GetConsoleMode
_hread
FreeLibraryAndExitThread
ReadConsoleInputW
OutputDebugStringA
GlobalUnlock
FindFirstFileExW
FindResourceExW
GetPrivateProfileSectionW
InitializeCriticalSection
WaitNamedPipeA
GetTempPathW
SetEnvironmentVariableA
ExitThread
ExpandEnvironmentStringsW
GetFileAttributesA
SetFileTime
CreateMutexW
GetUserDefaultLCID
SetLastError
VirtualAllocEx
GetCommConfig
VirtualFree
FindNextChangeNotification
GetShortPathNameW
FreeEnvironmentStringsA
lstrcatW
GlobalFindAtomW
VirtualQuery
WritePrivateProfileSectionW
ReadConsoleOutputA
FreeLibrary
IsValidLocale
GetThreadContext
FileTimeToLocalFileTime
GetCurrentProcessId
FindResourceExA
ExitProcess
GetDiskFreeSpaceW
SetThreadAffinityMask
EnumResourceNamesW

user32

DrawAnimatedRects
RegisterHotKey
CharUpperBuffA
DestroyIcon
wvsprintfA
ReleaseCapture
CreateMenu
GetMessageW
CharToOemW
GetShellWindow
GetWindowThreadProcessId
LoadImageW
TabbedTextOutW
PostMessageA
RedrawWindow
OemToCharA
GetDCEx
GetClientRect
DefWindowProcA
ChangeDisplaySettingsW
SendMessageCallbackW
InternalGetWindowText
BeginDeferWindowPos
CreateWindowExW
UnregisterDeviceNotification
ChildWindowFromPointEx
EnumChildWindows
FlashWindow
MapDialogRect
GetKeyState
GetPropW
GetKeyboardLayoutList
SetWindowsHookExA
DeferWindowPos
GetMenu
TileWindows
EnableMenuItem
SetProcessWindowStation
SetClassLongA
ExitWindowsEx
SendMessageTimeoutW
GetInputState
SetWindowsHookW
GetKeyboardLayout
GetClipCursor
PeekMessageA
FillRect
ChangeDisplaySettingsExA
GetDoubleClickTime
ShowScrollBar
IsCharLowerW
OpenClipboard
EnumDesktopsW
GetScrollInfo
CreateDialogParamW
SetMenuItemInfoW
GetForegroundWindow
TrackMouseEvent
RegisterClassW
GetCursorPos
MoveWindow
CountClipboardFormats
HiliteMenuItem
OpenDesktopA
RegisterClassA

gdi32

GetTextExtentPoint32W
EnumObjects

comdlg32

PrintDlgW
PrintDlgA

advapi32

InitiateSystemShutdownA
CryptDecrypt
RegQueryValueExW
SetTokenInformation
RegQueryValueW
CreateServiceW
GetPrivateObjectSecurity
GetSecurityDescriptorDacl
RegDeleteValueW
ImpersonateNamedPipeClient
DuplicateToken
IsValidSecurityDescriptor
EnumServicesStatusA
RegOpenKeyW
GetUserNameA
RegCreateKeyExW
GetServiceKeyNameW
GetSidIdentifierAuthority
OpenProcessToken
BuildTrusteeWithSidW
QueryServiceConfigA
RegSaveKeyW
RegDeleteKeyA
CryptSetKeyParam
RegUnLoadKeyW
AccessCheck
ObjectCloseAuditAlarmW
AccessCheckAndAuditAlarmW
InitiateSystemShutdownW
StartServiceCtrlDispatcherA
CryptExportKey
EnumServicesStatusW
SetNamedSecurityInfoW
BuildTrusteeWithNameW
RegOpenKeyExA
GetSecurityDescriptorControl
LogonUserW
AddAccessDeniedAce

shell32

Shell_NotifyIconA
ExtractIconExW
SHGetSpecialFolderPathW
SHFileOperationA
FindExecutableW

ole32

OleConvertIStorageToOLESTREAM
OleSave
IIDFromString
CoDisconnectObject

oleaut32

QueryPathOfRegTypeLi
SafeArrayRedim
VariantChangeType
SafeArrayCreate
SetErrorInfo
SysStringLen
SafeArrayUnaccessData
VariantCopy
SysAllocStringLen
SafeArrayPutElement
SafeArrayGetElement

comctl32

ImageList_AddMasked
ImageList_LoadImageW

shlwapi

PathStripPathW
StrDupW
PathIsDirectoryA
StrCmpW
SHRegWriteUSValueW
StrChrIW
StrChrIA
PathIsRootA
wvnsprintfW
PathRemoveArgsW

msvcrt

_c_exit
signal
_ultow
_wgetenv
_chmod
_ecvt
isalnum
_pctype
mbtowc
_wfsopen
_wsystem
_strdup
_mbsncmp
iswdigit
strerror
_getdcwd
_mbctoupper
localeconv
_wcsnset
strtok
_pipe
_flushall
difftime
putchar
strncpy
_lseeki64
_spawnv
wcsspn
vswprintf
_wopen
_wputenv
_access
isdigit
_execlp
isleadbyte
_chdir
_ismbblead
localtime
_sleep
_kbhit
_mbsnbcnt
srand
_wchmod
wcscpy

Sections

.text
Size: 3KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03ea2a5735b7d26137d6878fec3c9196

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

msvcrt

Sections

.text Size: 3KB - Virtual size: 219KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 270KB - Virtual size: 270KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 3KB - Virtual size: 219KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 270KB - Virtual size: 270KB

.rsrc
Size: 16KB - Virtual size: 16KB