3ba7bca13f7c9d26741b0a52e03fb690_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ba7bca13f7c9d26741b0a52e03fb690_JaffaCakes118
Size

100KB
MD5

3ba7bca13f7c9d26741b0a52e03fb690
SHA1

902dc404224313bd538097dad2507223d57cfe3f
SHA256

c655491bf2d166a8c5ad3d38714c8d7938d5e922301d7d753d40b54a785e5282
SHA512

d824ca1c112c79a1a9edfd99356185865ca527332c1e1cfabe486ef8345c0785191beb1d6b093e5392d9acababa28795b1c8194d72cac29fa02867de6cdbaa4b
SSDEEP

1536:6ECEiVehL98YJk7nlfCTHGZ0JyIm54Z9Oq/Wc:67Ven8YJkpCHNJyI64jOPc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ba7bca13f7c9d26741b0a52e03fb690_JaffaCakes118

Files

3ba7bca13f7c9d26741b0a52e03fb690_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d67a47f5a24b521d0c3ec768f66fd42f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cscript.pdb

Imports

msvcrt

??2@YAPAXI@Z
_vsnprintf
malloc
free
_ftol
_itow
??3@YAXPAX@Z
_except_handler3
wcsrchr

kernel32

GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
GetPrivateProfileIntA
GetTickCount
GetPrivateProfileStringW
GetPrivateProfileStringA
GetFullPathNameW
GetFullPathNameA
GetLocaleInfoA
lstrlenA
GetPrivateProfileIntW
GetCurrentThreadId
lstrcpyA
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
GetSystemDirectoryA
QueryPerformanceCounter
GetModuleHandleA
GetCommandLineW
GetCommandLineA
MultiByteToWideChar
ExitProcess
GetStdHandle
lstrlenW
WideCharToMultiByte
GetLastError
WriteConsoleW
WriteFile
GetFileType
GetFileSize
CreateFileW
CreateEventA
GetCPInfo
GetACP
FindClose
FindFirstFileA
GetFileAttributesA
FindFirstFileW
GetFileAttributesW
LocalFree
FormatMessageA
LocalAlloc
FormatMessageW
GetProcAddress
LoadLibraryA
InitializeCriticalSection
GetModuleFileNameA
GetModuleFileNameW
DeleteCriticalSection
SetEvent
CloseHandle
CreateThread
GetTempPathA
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InterlockedIncrement
InterlockedDecrement
GetUserDefaultLCID
FlushFileBuffers
CreateFileA
GetTempFileNameA

oleaut32

SysFreeString
SafeArrayCopy
LoadRegTypeLi
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
VariantChangeType
LoadTypeLi
VariantInit
VariantCopy
VariantClear
SysAllocStringByteLen
SysAllocStringLen
CreateErrorInfo
SetErrorInfo
SysAllocString
SysStringLen
SafeArrayGetLBound

ole32

CreateFileMoniker
CoCreateInstance
CoInitializeSecurity
CreateBindCtx
CoRegisterMessageFilter
CLSIDFromString
CoInitialize
CoUninitialize
CoGetClassObject
MkParseDisplayName
CLSIDFromProgID

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW

imm32

ImmGetDefaultIMEWnd

advapi32

RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExW
RegCreateKeyExA
RegOpenKeyExW
RegOpenKeyExA
ImpersonateLoggedOnUser
IsTextUnicode
RegisterEventSourceW
GetUserNameW
LookupAccountNameW
ReportEventW
DeregisterEventSource
RegCloseKey
RegSetValueExW

user32

LoadStringA
LoadStringW
CharNextA
GetActiveWindow
GetClassInfoA
RegisterClassA
CreateWindowExA
GetMessageA
GetWindowLongA
SetWindowLongA
SetTimer
DefWindowProcA
PostQuitMessage
KillTimer
EnumThreadWindows
IsWindowVisible
PostMessageA
SendMessageA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
GetParent
wsprintfW
wsprintfA

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hhqg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d67a47f5a24b521d0c3ec768f66fd42f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

oleaut32

ole32

version

imm32

advapi32

user32

Sections

.text Size: 56KB - Virtual size: 52KB

.data Size: 4KB - Virtual size: 492B

.rsrc Size: 32KB - Virtual size: 31KB

.hhqg Size: 4KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 52KB

.data
Size: 4KB - Virtual size: 492B

.rsrc
Size: 32KB - Virtual size: 31KB

.hhqg
Size: 4KB - Virtual size: 4KB