3daa97d820844336d4e8d54930e3873b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3daa97d820844336d4e8d54930e3873b_JaffaCakes118
Size

587KB
MD5

3daa97d820844336d4e8d54930e3873b
SHA1

3a8851d1d5e93cbacb7bf30119879158acef9222
SHA256

40d4a4b40b166a32269ceacc1f28870ba5aca0913b5df540e3d77db8830d82ea
SHA512

eea1c7080ff54da72fc7d53f64017efe9502ba0ee1068d0b54971cff4160c5a09b2696cdf93fe8cca4304cedb2599792d17de54bb8cf5c9012c2b3bb2de9e050
SSDEEP

12288:dGJL4qXMc8kRUkqaSJe9P2Tvzd5anXPOZokv1CL:dGJL4qXMzkRUkq1e9P2TrdIOZLv1CL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3daa97d820844336d4e8d54930e3873b_JaffaCakes118

Files

3daa97d820844336d4e8d54930e3873b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ec1d0fb393f249da1365582dc19eaa1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
CloseHandle
WriteFile
SetFilePointer
CreateFileA
ReadFile
GetFileSize
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
GlobalLock
OpenProcess
LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrcmpiA
CreateMutexW
OpenMutexW
GetVersionExW
GetVolumeInformationA
GetComputerNameA
MoveFileExW
GetStartupInfoA
GlobalUnlock
VirtualAlloc
lstrlenA
GetTempPathA
ExitProcess
LoadLibraryA
GetProcAddress
GetLocaleInfoA
lstrcatA
lstrcpynA
VirtualFree
GetTickCount
GetTempFileNameW
GetShortPathNameW
Sleep
MultiByteToWideChar
GetModuleFileNameW
GetTempPathW
CopyFileW
GetModuleHandleA
VirtualAllocEx
lstrlenW

user32

SetActiveWindow
SendMessageW
LoadCursorW
GetClientRect
SetForegroundWindow
GetWindowRect
SetWindowPos
SystemParametersInfoW
LoadBitmapA
PostMessageA
EndDialog
EnableWindow
GetDlgItem
DialogBoxParamA

gdi32

GetObjectW
GetStockObject
SetBkMode

advapi32

RegCreateKeyW
RegSetValueExW
RegCreateKeyA
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegCloseKey
RegSetValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteW
ShellExecuteExW

ole32

CreateStreamOnHGlobal

shlwapi

StrCatW
StrStrIW
wnsprintfA
StrStrIA
PathAddBackslashA
StrCpyW
StrCpyNW
wvnsprintfA
StrStrW

gdiplus

GdipMeasureString
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateStringFormat
GdipSetStringFormatMeasurableCharacterRanges
GdipMeasureCharacterRanges
GdipGetRegionBoundsI
GdipDeleteStringFormat
GdiplusStartup
GdipCloneImage
GdipDrawImageRectI
GdipDrawLine
GdipCreateFont
GdipAlloc
GdipFree
GdipCreateSolidFill
GdipCreatePen1
GdipCreateLineBrushFromRectWithAngle
GdipFillRectangleI
GdipLoadImageFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteBrush
GdipDeleteGraphics
GdipDeletePen
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipCreateFontFamilyFromName
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDrawLineI
GdipDrawString
GdipCreateRegion
GdipDeleteRegion
GdipCloneBrush
GdipCreateFromHDC

msvcp60

?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z

msvcrt

__CxxFrameHandler
ceil
??2@YAPAXI@Z
_ftol
_wtoi
wcslen
atol
_except_handler3
free
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_controlfp
__set_app_type

psapi

GetModuleFileNameExA
EnumProcesses

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 541KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ec1d0fb393f249da1365582dc19eaa1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

gdiplus

msvcp60

msvcrt

psapi

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 14KB - Virtual size: 17KB

.rsrc Size: 541KB - Virtual size: 541KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 14KB - Virtual size: 17KB

.rsrc
Size: 541KB - Virtual size: 541KB