397a9d3ae51311712a4340165e2365f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

397a9d3ae51311712a4340165e2365f8_JaffaCakes118
Size

308KB
MD5

397a9d3ae51311712a4340165e2365f8
SHA1

0e03b355cc7d921619c21487e2136f74a2101d6a
SHA256

8022ee2c9ed931cb945f1ef793b502d096acc44aa298c2bbbf4b779b3d119bc9
SHA512

51d571b6521867be410084e2108b724055855f91ed200b51e10a0bed7763332a010f644f170d5699d04d19cf2d3bf22254bbaef578778f46ef796e0151a7f25b
SSDEEP

6144:7QxRZRIFq1QIwC2zUwJjFs+2Gk/7VYNpR/qAdUUuhywwir:EZb4z+pq9rG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
397a9d3ae51311712a4340165e2365f8_JaffaCakes118

Files

397a9d3ae51311712a4340165e2365f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cac2c1f54c04b05c4df565b021bb4e70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameW
CreateMutexA
GlobalAddAtomA
GetThreadPriority
OpenFile
GlobalGetAtomNameA
GetDateFormatA
OutputDebugStringW
GetDateFormatW
GetSystemTimeAsFileTime
GetFileType
GetCurrentThread
GetDiskFreeSpaceW
SetEnvironmentVariableW
CreateFileW
CopyFileW
ExpandEnvironmentStringsA
CreateToolhelp32Snapshot
DeviceIoControl
GetStartupInfoA
DeleteTimerQueueEx
GetUserDefaultLangID
GetVersionExA
GetConsoleCP
ReadFile
GetTimeZoneInformation
FindResourceA
SetEndOfFile
LoadLibraryA
GetWindowsDirectoryW
SetEvent
DeleteFileW
GetFileSizeEx
WritePrivateProfileSectionA
GetFullPathNameA
_lread
GlobalMemoryStatus
GetPrivateProfileStringW
WaitForSingleObject
WriteFile
CompareStringA
GetFileAttributesA
IsBadWritePtr
GetDriveTypeA
DeleteFileA
GetStartupInfoW
VirtualAlloc
lstrcmpA
WriteConsoleW
CreateTimerQueue
OpenEventW
GetLastError
GetDriveTypeW
FormatMessageA
lstrlenA
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetProcAddress
HeapReAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
SetLastError
GetModuleHandleA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetCurrentThreadId
TlsSetValue
TlsAlloc

comctl32

ImageList_GetImageCount
ImageList_Add
ImageList_DragMove
ImageList_DrawEx

advapi32

RegOpenKeyExA
LookupPrivilegeValueA
CheckTokenMembership
ChangeServiceConfig2W
InitializeSecurityDescriptor
CopySid
CryptDestroyHash
RegOpenKeyExW
DeleteService
RegEnumValueA
LookupAccountSidW
RevertToSelf
RegEnumValueW
RegSetValueA
GetSecurityDescriptorDacl
GetAclInformation
SetFileSecurityA
AddAce
QueryServiceConfigA

gdi32

CreateFontA
BitBlt
SetBkMode
DeleteEnhMetaFile
SelectClipRgn
GetRgnBox
CreateBrushIndirect
SetStretchBltMode
StartDocW
RestoreDC
CreateEllipticRgn
SetBrushOrgEx
CreatePenIndirect
StartDocA
GetCurrentPositionEx
GetEnhMetaFileBits
TextOutA
GetPixel
DeleteObject
GetFontData
ExtEscape
GetObjectW
GdiFlush
SetDIBColorTable

user32

GetWindowTextA
OffsetRect
RegisterClipboardFormatW
GetSysColor
InvertRect
GetDlgItemTextW
TranslateAcceleratorW
BeginPaint
DdeConnectList
CheckDlgButton
DrawMenuBar
SetMenu
GetWindowRect
GetUserObjectInformationW
DefWindowProcW
ExcludeUpdateRgn
ScrollDC

ole32

CoUnmarshalInterface
StringFromCLSID
OleQueryLinkFromData
OleRegEnumFormatEtc
CoRegisterMessageFilter
OleCreateMenuDescriptor
CoIsOle1Class
CoTaskMemRealloc
IsAccelerator
CreateILockBytesOnHGlobal
CreateBindCtx
CoRevokeClassObject

oleaut32

RegisterTypeLi

Sections

.text
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

qumokgi
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

eoskysi
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cgeqc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cac2c1f54c04b05c4df565b021bb4e70

Headers

File Characteristics

Imports

kernel32

comctl32

advapi32

gdi32

user32

ole32

oleaut32

Sections

.text Size: 244KB - Virtual size: 242KB

qumokgi Size: 28KB - Virtual size: 26KB

eoskysi Size: 16KB - Virtual size: 17KB

cgeqc Size: 16KB - Virtual size: 15KB

.text
Size: 244KB - Virtual size: 242KB

qumokgi
Size: 28KB - Virtual size: 26KB

eoskysi
Size: 16KB - Virtual size: 17KB

cgeqc
Size: 16KB - Virtual size: 15KB