39b4f414bc32be18f3572d52e51b55e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39b4f414bc32be18f3572d52e51b55e3_JaffaCakes118
Size

1.6MB
MD5

39b4f414bc32be18f3572d52e51b55e3
SHA1

3dac193ec0063f9725eb0b8addad8dcf8c8fa514
SHA256

88e5c4637e9e8cb205a1327ee3a4a1ce87494f78c290e2d08d10d99f3db24168
SHA512

53b53f21e50b05de08fd2ac28be92f73dacd9d82078d9b2ecf1914c1e704d9d1d541d26551363160716da4d11355e37431a15d1c92c680fa241c126a0f70cbd7
SSDEEP

49152:wPhw2KUAqg5JRyCETD2ejGdYyes33QZBh:wPhw2K/JHEXE4lBh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39b4f414bc32be18f3572d52e51b55e3_JaffaCakes118

Files

39b4f414bc32be18f3572d52e51b55e3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ef051cc4316d023c1c6b49539ba17b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceExA
GetModuleFileNameW
CompareStringW
SetNamedPipeHandleState
OutputDebugStringW
GetStringTypeExW
CreateDirectoryW
CreateProcessA
SetEvent
RaiseException
GetTempFileNameA
GetBinaryTypeA
GetModuleHandleA
VirtualLock
TlsGetValue
GetPrivateProfileSectionW
WriteProcessMemory
GetCommConfig
_lclose
GetSystemDirectoryW
VirtualUnlock
SetProcessWorkingSetSize
GetLongPathNameA
GlobalReAlloc
GetUserDefaultLCID
EnumResourceNamesA
LocalReAlloc
CreateDirectoryExA
SetCommTimeouts
GetVolumeInformationW
SetConsoleActiveScreenBuffer
GetDriveTypeW
GlobalFindAtomW
AllocConsole
GetACP
GetWindowsDirectoryA
GetCPInfo
LoadResource
SetConsoleOutputCP
VirtualQuery
SetConsoleTitleA
GenerateConsoleCtrlEvent
GetCurrentDirectoryW
EndUpdateResourceA
WritePrivateProfileStringW
IsDBCSLeadByteEx
GetTapeParameters
CreateMutexW
DeleteFiber
GetDateFormatA
GetSystemDefaultLangID
GetTimeZoneInformation
GlobalAddAtomA
GetEnvironmentStringsW
SetStdHandle
CreateIoCompletionPort
GetConsoleCursorInfo
GetHandleInformation
QueryDosDeviceW
SetEnvironmentVariableA
GetBinaryTypeW
LocalFileTimeToFileTime
LoadLibraryExW
EraseTape
LeaveCriticalSection
GetCommModemStatus
_lopen
OpenMutexA
FlushConsoleInputBuffer
DebugBreak
IsProcessorFeaturePresent
GetSystemTime
GetProcessTimes
lstrcmpiA
CreateNamedPipeW
MoveFileW
WriteConsoleOutputCharacterA
lstrcpynA
FreeEnvironmentStringsA
WritePrivateProfileSectionA
CreateWaitableTimerA
AreFileApisANSI
GlobalDeleteAtom
ExitProcess

user32

SetCursorPos
RegisterWindowMessageA
GetWindowLongA
WaitForInputIdle
DrawCaption
IsCharAlphaA
GetDesktopWindow
wsprintfA
CharToOemBuffA
GetWindowWord
CloseClipboard
RegisterHotKey
GetClassInfoExA
GetClipboardFormatNameW
EndDeferWindowPos
GetMenuItemInfoA
GetKeyboardLayoutNameW
DrawIcon
BeginDeferWindowPos
DialogBoxParamA
OemToCharA
InsertMenuA
ActivateKeyboardLayout
GetUserObjectSecurity
SetMessageQueue
GetMessageExtraInfo
OemToCharBuffA
MonitorFromRect
RegisterClassA
CreateWindowExA
MsgWaitForMultipleObjectsEx
GetKeyboardLayoutList
TranslateMDISysAccel
DestroyIcon
CharLowerBuffW
RegisterClassW
ShowWindow
GetClassInfoExW
CreateMenu
UnregisterClassW

gdi32

SetMetaFileBitsEx
CreateHatchBrush
SetStretchBltMode
StartPage
SwapBuffers
GetTextExtentPoint32A
SetGraphicsMode

comdlg32

CommDlgExtendedError
ReplaceTextW

advapi32

ImpersonateNamedPipeClient
RegLoadKeyW
BuildTrusteeWithSidW
IsValidSecurityDescriptor
OpenThreadToken
DuplicateTokenEx
RegEnumKeyA
CryptVerifySignatureW
CryptDeriveKey
GetSecurityDescriptorGroup
RegDeleteValueW
AllocateAndInitializeSid
LookupAccountNameA
BuildSecurityDescriptorW
GetAce
SetServiceObjectSecurity
GetSidSubAuthorityCount
AccessCheck
RegQueryInfoKeyA
StartServiceCtrlDispatcherA
QueryServiceStatus
LookupPrivilegeDisplayNameA
PrivilegeCheck
StartServiceCtrlDispatcherW
StartServiceA
RegisterEventSourceA
CryptDestroyHash
DeregisterEventSource
RegQueryValueExW
CryptHashData
CloseServiceHandle
LogonUserW
RegDeleteValueA
EqualSid

shell32

ExtractIconA
SHGetDesktopFolder
DragAcceptFiles
SHFileOperationW

ole32

CoSwitchCallContext
CoRegisterClassObject
CoDisconnectObject
StgSetTimes
CoLockObjectExternal
CoTreatAsClass
OleRegGetUserType
OleFlushClipboard

comctl32

_TrackMouseEvent
ImageList_SetImageCount
CreatePropertySheetPageW
ImageList_DragEnter

shlwapi

UrlGetPartW
PathFileExistsA
SHRegCreateUSKeyW
PathCommonPrefixW
SHRegOpenUSKeyW
PathStripPathA
StrCmpW

Sections

.text
Size: 5KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ef051cc4316d023c1c6b49539ba17b0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

comctl32

shlwapi

Sections

.text Size: 5KB - Virtual size: 221KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 5KB - Virtual size: 221KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 17KB - Virtual size: 16KB