43bd23a8403ee47decc412d2b5cfacd2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

43bd23a8403ee47decc412d2b5cfacd2_JaffaCakes118
Size

592KB
MD5

43bd23a8403ee47decc412d2b5cfacd2
SHA1

b444ab507e9d90fc60a6a65cab41efedded815e0
SHA256

f8e3aa1d0ec4f8c3dcc2db7c257a064120c87df0ff603d4621c5549ab1e4c9eb
SHA512

c71a70eb020d8673e945b6a973c89b20ff3969d45f69dd66a2fd0ea0c03e03e95b9fd3161403c2275688f5769c45bde2a555baa3a808800753fef9bd188a06ba
SSDEEP

12288:z/MJcNW853s1auWkaj56eG7oTYK6tuoKGEfuRPW5:zkyYwuW9nG7oTYK6kBAPY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43bd23a8403ee47decc412d2b5cfacd2_JaffaCakes118

Files

43bd23a8403ee47decc412d2b5cfacd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aa4ed8a995c87c502d7de42c3c771b83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptSetProviderW
AbortSystemShutdownA
CryptDestroyHash
ReportEventA
RegLoadKeyW
RegCloseKey
RegLoadKeyA
RegEnumValueA
CryptHashData
RegSetValueW
LookupAccountNameA
InitiateSystemShutdownA
LookupPrivilegeDisplayNameA
CryptSetProvParam
RegDeleteValueA
RegConnectRegistryW
CryptGetHashParam
CryptHashSessionKey
LookupAccountSidA
InitializeSecurityDescriptor
RegCreateKeyA

kernel32

InterlockedDecrement
MultiByteToWideChar
LockResource
GetTimeZoneInformation
SetFilePointer
SetEnvironmentVariableA
GetTimeFormatA
GetLastError
SetConsoleCtrlHandler
GlobalUnlock
SetFileAttributesA
WriteProfileStringW
VirtualQuery
FlushFileBuffers
TlsFree
GetStartupInfoA
IsValidCodePage
SetThreadContext
LeaveCriticalSection
FreeEnvironmentStringsW
WriteProfileSectionA
GetStdHandle
FreeResource
GetLocaleInfoA
VirtualProtectEx
CompareStringW
WideCharToMultiByte
VirtualAllocEx
HeapAlloc
FreeLibrary
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProfileSectionA
GetModuleHandleA
WriteConsoleW
GetOEMCP
InterlockedExchange
EnumSystemCodePagesA
GetCurrentProcessId
GetUserDefaultLCID
TlsGetValue
GetProcAddress
HeapCreate
HeapDestroy
TlsAlloc
GetLocaleInfoW
ReadFile
RtlMoveMemory
GetEnvironmentVariableA
GetCommandLineA
GetACP
LCMapStringA
FindFirstFileExA
GetVersionExA
VirtualAlloc
GetConsoleOutputCP
GetTickCount
GetFileType
TlsSetValue
EnumResourceLanguagesA
IsValidLocale
CreateFileMappingA
CreateWaitableTimerW
GetCurrentThread
EnumCalendarInfoExA
CreateFileA
SetHandleCount
SetSystemTime
GetStringTypeA
GetStringTypeW
IsDebuggerPresent
VirtualLock
GetDateFormatA
FreeEnvironmentStringsA
GetCommandLineW
GetProcessHeap
SetStdHandle
GetCPInfo
WriteConsoleA
HeapReAlloc
InitializeCriticalSection
CreateMutexA
CompareStringA
EnumDateFormatsW
lstrcmpiW
HeapSize
GetModuleFileNameW
InterlockedIncrement
VirtualFree
Sleep
WriteFile
CloseHandle
CompareFileTime
HeapFree
WaitForMultipleObjects
EnterCriticalSection
WaitNamedPipeW
LCMapStringW
OpenMutexA
GetModuleFileNameA
EnumSystemLocalesA
SetComputerNameA
QueryPerformanceCounter
GetStartupInfoW
GetMailslotInfo
GetCurrentProcess
GetSystemDirectoryA
RtlUnwind
TerminateProcess
LoadLibraryA
GetEnvironmentStrings
GetCurrentThreadId
DeleteCriticalSection
GetTempPathA
FlushInstructionCache
GetConsoleMode
GetEnvironmentStringsW
LocalCompact
EnumResourceNamesA
GetPrivateProfileSectionNamesA
SetLastError
GetConsoleCP
ExitProcess

comctl32

InitCommonControlsEx
ImageList_GetFlags
CreateStatusWindowA
ImageList_LoadImageW
DrawInsert
CreatePropertySheetPageA
ImageList_ReplaceIcon
DrawStatusText
ImageList_GetImageRect
ImageList_GetImageInfo
ImageList_AddIcon
ImageList_BeginDrag

user32

ReplyMessage
DestroyCursor
CreateWindowExA
SetDlgItemInt
ValidateRgn
TranslateMessage
UnregisterHotKey
FlashWindow
DdeDisconnectList
LoadCursorFromFileA
EnumPropsExW
GetClassNameW
OpenWindowStationW
DefWindowProcW
SetShellWindow
SetForegroundWindow
GetMenuItemInfoW
GetAncestor
ShowWindow
SetDlgItemTextA
IsZoomed
DdeSetUserHandle
RegisterClassExW
MessageBoxW
SetDebugErrorLevel
RegisterClassExA
ActivateKeyboardLayout
DrawTextExA
RegisterClassA
SendNotifyMessageA
GetDC
DestroyWindow
CallMsgFilter

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa4ed8a995c87c502d7de42c3c771b83

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

user32

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 264KB - Virtual size: 262KB

.data Size: 116KB - Virtual size: 132KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 264KB - Virtual size: 262KB

.data
Size: 116KB - Virtual size: 132KB

.rsrc
Size: 16KB - Virtual size: 12KB