43948b201efc0cb0ae2f185284d47a3d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

43948b201efc0cb0ae2f185284d47a3d_JaffaCakes118
Size

862KB
MD5

43948b201efc0cb0ae2f185284d47a3d
SHA1

3c17d0c8521a799ba8fa154825cc3e0616967f65
SHA256

a79ee306a9a78cd6efe1afbbf8b575270c970f130daf25f25b86acb9afcf164b
SHA512

375f7a88b92df72267a6aca9d770c6d93be1fa4ec5e5034b59266363baa4badbe31b2146524dd893eb427ff9e86f8707a66aeaf1a0d654b8b2d805a757146a1d
SSDEEP

12288:Ml9DXKqpRDxHxQv0mOhr2KTF4NCxFdOyQZJ3n+h191h30VGhHKkyK3cmQHpq+eBp:JqpRDxR+CjcyQjE1u4ZKkysp1Vc+gE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43948b201efc0cb0ae2f185284d47a3d_JaffaCakes118

Files

43948b201efc0cb0ae2f185284d47a3d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7bd44b474b2e2b83f40e8e9be16365fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

TextOutW
PolyDraw
GetMetaFileW
GdiEntry1
GdiComment
PATHOBJ_bEnum
GdiStartDocEMF
GetStringBitmapA
GetBitmapDimensionEx
GetLayout
GetBkMode
GdiGetPageHandle
GdiCleanCacheDC
GetTextExtentPoint32W
PolyPolyline
StartDocW
CreateFontW
ExtEscape
GdiEntry16
FONTOBJ_cGetAllGlyphHandles
CreateDiscardableBitmap
GetICMProfileA
SetEnhMetaFileBits
EngTextOut
GetCharWidthA
DdEntry31
GdiIsPlayMetafileDC
DdEntry39
DdEntry26
SetRelAbs
ClearBrushAttributes
EnumFontFamiliesExA
GdiRealizationInfo
CreatePalette
CloseEnhMetaFile
DdEntry29
GetTextFaceW
GetCharWidthInfo
InvertRgn
ExtTextOutA
CreatePolygonRgn

shlwapi

PathIsDirectoryEmptyW
UrlGetLocationW
UrlCanonicalizeA
SHAutoComplete
PathRemoveBackslashW
PathBuildRootA
PathAppendW
StrRetToBufW
StrChrA
AssocQueryKeyA
HashData
SHRegCreateUSKeyA
StrCpyNW
StrStrIA
PathRelativePathToW
SHSetValueW
PathIsNetworkPathW
SHDeleteOrphanKeyW
StrFormatByteSizeW
wvnsprintfA
PathRemoveArgsA
SHRegSetPathA
PathMakeSystemFolderW
UrlCanonicalizeW
UrlGetPartA
UrlCompareW
SHSkipJunction
SHDeleteValueW
PathRemoveBlanksA
SHRegQueryUSValueA
PathFindSuffixArrayA
AssocQueryStringByKeyW
SHQueryInfoKeyA
IntlStrEqWorkerA
UrlApplySchemeA
StrChrNW
SHCreateShellPalette
wnsprintfA
PathFindNextComponentW
SHEnumValueA

advapi32

LogonUserExA
SaferCloseLevel
RegQueryValueExW
OpenEventLogA
SystemFunction012
OpenSCManagerA
ConvertSDToStringSDRootDomainW
CreatePrivateObjectSecurityEx
I_ScSetServiceBitsW
ConvertSecurityDescriptorToAccessW
LookupAccountSidA
CreatePrivateObjectSecurity
GetSidSubAuthorityCount
IsValidSecurityDescriptor
LookupSecurityDescriptorPartsA
CryptSignHashA
RegisterServiceCtrlHandlerExA
OpenBackupEventLogA
AddAccessAllowedAce
AdjustTokenPrivileges
TraceEvent
GetFileSecurityW
GetSidSubAuthority
EnumDependentServicesA
ReadEncryptedFileRaw
SetSecurityDescriptorSacl
CryptSignHashW

user32

GetClipboardFormatNameA
EnumChildWindows
CheckMenuItem
PeekMessageW
SetDlgItemTextA
EnableScrollBar
UnregisterHotKey
EnumPropsW
WindowFromPoint
MessageBoxExA
DrawCaptionTempA
GetWindowInfo
MonitorFromPoint
GetClipboardViewer
GetGUIThreadInfo
GetCursorPos
ExcludeUpdateRgn
SetKeyboardState
GetClipboardSequenceNumber
SetWindowWord
EnterReaderModeHelper
CheckMenuRadioItem
RegisterClassW
GetWindowTextW
UnhookWinEvent
LoadCursorFromFileA
EndTask
FrameRect
DlgDirListW
GetProcessDefaultLayout
EndDeferWindowPos
GetActiveWindow
DestroyAcceleratorTable
CreateWindowExA
LoadMenuIndirectW

kernel32

LoadLibraryA
FindAtomW
InterlockedIncrement
GetSystemTimeAsFileTime
GetDriveTypeW
GlobalUnlock
SetConsoleCursorInfo
lstrcpyW
EnumResourceLanguagesW
WritePrivateProfileStructA
GetNextVDMCommand
WriteConsoleInputVDMW
GetComputerNameA
MapViewOfFile
SetComputerNameA
GlobalHandle
WriteConsoleOutputW
SetCalendarInfoW
HeapQueryInformation
SetClientTimeZoneInformation
SetThreadPriority
RemoveVectoredExceptionHandler
ReadConsoleW
GetModuleFileNameW
FindNextVolumeMountPointA
SetCommConfig
HeapReAlloc
Toolhelp32ReadProcessMemory
IsValidLocale
GetAtomNameW
GetVolumePathNamesForVolumeNameW
IsBadHugeReadPtr
GetExitCodeProcess
GetVolumeInformationA
VirtualAlloc
RtlFillMemory
CallNamedPipeW
UTRegister
lstrcpy

opengl32

glVertex3f
glColor3ub
glDeleteLists
glColor4b
glTexImage2D
glScissor
glArrayElement
glRecti
glTexCoord2i
glGetTexEnvfv
glVertex4s
glColor4ubv
glColor4iv
glFrontFace
glCullFace
glTexCoord3sv
glClearIndex
glMaterialiv
glBindTexture
glVertex4d
glBlendFunc
glGetMapdv
glEvalPoint2
glEdgeFlag
glClearAccum
glNormal3d

sqlwid

OpenFile_
GetProcAddress_
wstrlen
_lcreat_
strerror_
_lwrite_
_ttof
_lopen_
_hwrite_
GetEnvironmentStrings_

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 214KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bd44b474b2e2b83f40e8e9be16365fd

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

shlwapi

advapi32

user32

kernel32

opengl32

sqlwid

Sections

.text Size: 334KB - Virtual size: 334KB

.rdata Size: 311KB - Virtual size: 311KB

.data Size: 214KB - Virtual size: 1.6MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 334KB - Virtual size: 334KB

.rdata
Size: 311KB - Virtual size: 311KB

.data
Size: 214KB - Virtual size: 1.6MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B