3c20091a55ca493dcedf11228074bbf6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c20091a55ca493dcedf11228074bbf6_JaffaCakes118
Size

308KB
MD5

3c20091a55ca493dcedf11228074bbf6
SHA1

20a746ad83ea288388b7de716e718fe6bd4723aa
SHA256

404dc344413b37dd0618d6b3331f704c6b1cb5fc945cdfb68073a8e00d3431c9
SHA512

f4886146ffdedd319b3c4a09e3e0e35d3a326fa6e8e96ce85ef79c438153c1a8f97f8409fc4021142709ef0e855a58271c48498efa460ff400595c5b4ac6ffeb
SSDEEP

6144:8ZJvzZJTgpMs4UaqUzAS+GXMirQB/4X8hoDMhOJ1LiPopY/Ef5g:MZVgas4SUzA0XBsAbMc1xp/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c20091a55ca493dcedf11228074bbf6_JaffaCakes118

Files

3c20091a55ca493dcedf11228074bbf6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

732c25865c339f81e36efd7c9de6e522

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
VirtualProtect
GetCommConfig
_hread
OpenMutexA
LocalLock
GlobalDeleteAtom
GetStartupInfoA
GlobalFree
EnumSystemCodePagesW
SetVolumeLabelA
FillConsoleOutputCharacterA
GetPrivateProfileStringW
FreeEnvironmentStringsA
IsDBCSLeadByteEx
GetPrivateProfileStringA
RemoveDirectoryW
GetVersion
CreateDirectoryW
InitializeCriticalSection
GetUserDefaultLangID
GlobalFindAtomW
GetCommandLineA
lstrlenA
ExitProcess

user32

ReleaseCapture
SetUserObjectInformationW
SystemParametersInfoW
CheckMenuRadioItem
GetKeyboardLayoutNameW
PostMessageW
EnumWindowStationsA
SetWindowTextA
IsWindowEnabled
SendMessageTimeoutA
GetWindowInfo
InsertMenuW
SendMessageTimeoutW
GetClassNameA
GetParent
GetProcessWindowStation
SetCapture
SetMenuItemInfoA
MessageBeep
ChangeDisplaySettingsW
EnableMenuItem
DrawTextExW
TranslateMDISysAccel
SetDlgItemInt
IsCharAlphaA
CreateDialogIndirectParamW
GetCursorPos
CharLowerBuffW
MapWindowPoints
GetCaretBlinkTime
ArrangeIconicWindows
SendDlgItemMessageA
LoadBitmapA
GetMenuCheckMarkDimensions
LoadCursorFromFileW
PostThreadMessageA
CreateDialogIndirectParamA

gdi32

GetTextMetricsW
CreateHatchBrush
TextOutW
GetRegionData
RectVisible

comdlg32

GetFileTitleW
GetSaveFileNameW
ChooseFontA
PageSetupDlgA

advapi32

StartServiceCtrlDispatcherW
MapGenericMask
AddAce
DuplicateTokenEx
StartServiceA
RegisterServiceCtrlHandlerA
StartServiceW
CreateProcessAsUserW
RegSaveKeyW
CryptGetProvParam
RegReplaceKeyW
LogonUserW
RegDeleteKeyW
CryptGenRandom
GetSidSubAuthority
LookupPrivilegeNameA

ole32

CoResumeClassObjects
OleCreateLink
CoQueryProxyBlanket
CreateStreamOnHGlobal
OleFlushClipboard
CoReleaseServerProcess
WriteClassStg
CLSIDFromString

oleaut32

SysStringLen
SafeArrayCreate
LoadTypeLibEx
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPutElement
SafeArrayGetLBound

comctl32

ImageList_DrawEx

shlwapi

StrRChrW
PathCanonicalizeW
PathIsFileSpecW
SHRegQueryUSValueW
PathCompactPathW
SHCopyKeyA
SHQueryValueExW
StrCmpW
StrTrimW
StrDupA
StrStrIA
PathRemoveExtensionW
SHOpenRegStream2W
SHSetThreadRef

setupapi

SetupDiSetDeviceInstallParamsW
SetupTermDefaultQueueCallback
SetupOpenInfFileA
SetupDiOpenDeviceInfoW

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

732c25865c339f81e36efd7c9de6e522

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

comctl32

shlwapi

setupapi

Sections

.text Size: 280KB - Virtual size: 279KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 20KB - Virtual size: 19KB

.text
Size: 280KB - Virtual size: 279KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 20KB - Virtual size: 19KB