398baf7122962d2dd185019cedf10b9f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

398baf7122962d2dd185019cedf10b9f_JaffaCakes118
Size

720KB
MD5

398baf7122962d2dd185019cedf10b9f
SHA1

3b4a7f657cc6ec94cb309d2abce2b0b397c1408d
SHA256

ea1afd8d5636fda175f9bab0235851135c78251ff7e21aeac5bbda5abe2b94dc
SHA512

27d75abdff329f7b6f9a70f486d09f7d44561a8725eaa32a46e9ac7414acfed76ddefc8d63be530f95dbe4ee78a93319f98fb4589efcae95765fb901bc4d8b60
SSDEEP

12288:t2H2a4Lkl3An9a1eZ549aIRwQbncuJRq5b8HdkkPzRvFK3ZBkS4DBT:tc2QKy9b3kb8HC6AZIDBT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
398baf7122962d2dd185019cedf10b9f_JaffaCakes118

Files

398baf7122962d2dd185019cedf10b9f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c552b65aff29bf9f0841e230667e51f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetCertByURLA

comdlg32

PrintDlgW
ChooseFontW

advapi32

RegCreateKeyA
CryptEnumProvidersW
RegQueryInfoKeyA
LookupAccountSidW
LookupAccountNameW
RegConnectRegistryW
CryptSignHashW
CryptSetProviderExA
RegQueryValueW
CryptDuplicateKey
LogonUserW
RegCreateKeyW
CryptHashData
CryptGetKeyParam
LookupPrivilegeValueA
CryptGetUserKey
LookupSecurityDescriptorPartsA
RegEnumKeyA
LookupPrivilegeNameA

shell32

SHGetDataFromIDListA
InternalExtractIconListA
SHEmptyRecycleBinW

comctl32

ImageList_Remove
CreatePropertySheetPage
ImageList_DragLeave
ImageList_EndDrag
ImageList_AddIcon
ImageList_DragMove
ImageList_GetFlags
ImageList_BeginDrag
ImageList_GetImageCount
CreateStatusWindow
ImageList_Add
ImageList_LoadImageA
ImageList_SetBkColor
ImageList_Write
_TrackMouseEvent
CreatePropertySheetPageW
ImageList_GetIcon
InitCommonControlsEx
ImageList_Copy

kernel32

GetCommandLineW
VirtualAlloc
SetLocaleInfoW
GetTickCount
InterlockedDecrement
EnumResourceNamesA
EnumTimeFormatsA
GetStringTypeW
GetEnvironmentStringsW
InterlockedExchange
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetVersion
SetConsoleOutputCP
CreateMailslotA
HeapFree
GetStdHandle
CreateDirectoryExA
GetDiskFreeSpaceA
WriteConsoleOutputCharacterW
ExitProcess
IsValidLocale
GetModuleFileNameA
FormatMessageA
CreateToolhelp32Snapshot
HeapCreate
WaitCommEvent
FlushConsoleInputBuffer
GetSystemDefaultLangID
GetTimeZoneInformation
InterlockedIncrement
GetACP
GetUserDefaultLCID
Sleep
HeapReAlloc
SetStdHandle
GetProcAddress
GetModuleFileNameW
WaitForMultipleObjectsEx
WriteConsoleOutputAttribute
SetFileAttributesW
LoadLibraryA
GetCPInfo
ReadConsoleW
DeleteFileA
WriteFile
lstrcmpiA
WideCharToMultiByte
LCMapStringA
GetFileType
GetLocalTime
TerminateProcess
MoveFileExA
GetStringTypeA
lstrcpyn
GetModuleHandleW
MultiByteToWideChar
GetEnvironmentStrings
MoveFileW
RemoveDirectoryA
GetFullPathNameA
SetEnvironmentVariableA
CopyFileExA
GetProcessShutdownParameters
HeapAlloc
HeapDestroy
CreateFileMappingW
GetEnvironmentVariableW
ReadConsoleOutputCharacterA
GetCurrentThreadId
GetTimeFormatA
CompareStringA
RtlUnwind
LCMapStringW
TransmitCommChar
GetSystemTimeAsFileTime
SetLastError
VirtualFree
SetLocalTime
TlsFree
DeleteCriticalSection
GetLastError
CompareStringW
GetCommandLineA
WriteProfileSectionA
CreateMutexA
OpenWaitableTimerA
SetEnvironmentVariableW
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
ReadFile
FindFirstFileA
FreeEnvironmentStringsA
WriteConsoleOutputA
GlobalFix
GetCurrentThread
TlsGetValue
VirtualUnlock
GetCurrentProcess
FlushFileBuffers
CloseHandle
GetSystemTime
TlsAlloc
SetHandleCount
FindAtomA
VirtualProtect
IsBadWritePtr
VirtualQuery
WritePrivateProfileSectionA
EnumCalendarInfoW
MoveFileA
SetConsoleTitleW
InitializeCriticalSection
TlsSetValue
OpenMutexA
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoW
SetThreadIdealProcessor
SetVolumeLabelA
GetStartupInfoA
UnlockFile
FormatMessageW
GetModuleHandleA
CreateWaitableTimerA

user32

NotifyWinEvent
MessageBoxW
PostThreadMessageA
LoadStringA
GetMenuState
RegisterClassExA
GetDesktopWindow
RegisterClassA
DlgDirListW
DestroyWindow
SetProcessWindowStation
GetThreadDesktop
MsgWaitForMultipleObjectsEx
ShowWindow
GetClassWord
FindWindowExA
GetSysColor
RealGetWindowClass
OemToCharA
DefWindowProcW
EnableScrollBar
CreateWindowExW

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 396KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c552b65aff29bf9f0841e230667e51f

Headers

File Characteristics

Imports

wininet

comdlg32

advapi32

shell32

comctl32

kernel32

user32

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 396KB - Virtual size: 392KB

.data Size: 132KB - Virtual size: 149KB

.rsrc Size: 36KB - Virtual size: 34KB

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 396KB - Virtual size: 392KB

.data
Size: 132KB - Virtual size: 149KB

.rsrc
Size: 36KB - Virtual size: 34KB