3f86e5a48c42be357212880d7c406b07_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3f86e5a48c42be357212880d7c406b07_JaffaCakes118
Size

584KB
MD5

3f86e5a48c42be357212880d7c406b07
SHA1

f7f40b57259f1bdce57a032a85783203acd89776
SHA256

dfe47e3f3df7e9a45d4f810d3a8bb823e5617705b4d0e20b3bde539d7b3a7313
SHA512

da4f03c6996057197b43e0717c5f42c28a70106821ed8e7b532d61a3038a75a4a71cb0cd12adeb4266e07a6883e7a19b5d6933d047fe21504796f57b53f3307b
SSDEEP

12288:0lbkb8CyqkZWEcD+zh5yeQz3wWKCa50jzxu:0lbd9hZWAv6Za5i9u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f86e5a48c42be357212880d7c406b07_JaffaCakes118

Files

3f86e5a48c42be357212880d7c406b07_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7eb8665907f3e69763d237fef031746b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryMultipleValuesA
ReportEventW
RegQueryValueA
CryptSetProvParam
RegRestoreKeyA
RegEnumValueW
CryptImportKey
RevertToSelf
RegConnectRegistryA
CryptGenRandom
RegSaveKeyW
RegReplaceKeyW
CryptSignHashW
CryptAcquireContextA
RegCloseKey
AbortSystemShutdownA
CryptHashSessionKey
RegCreateKeyW
GetUserNameA
LogonUserA

comdlg32

GetOpenFileNameW
ChooseFontW
FindTextA
PageSetupDlgA

shell32

ExtractIconExW

user32

GetWindowLongW
RegisterClassExA
CreateDialogParamA
CharToOemBuffA
MessageBoxIndirectA
DefWindowProcW
CloseWindowStation
ShowWindow
ShowOwnedPopups
SetDlgItemTextW
ShowWindowAsync
VkKeyScanExA
AttachThreadInput
SetWindowsHookExA
SwitchToThisWindow
DrawEdge
InSendMessageEx
MessageBoxA
PeekMessageW
ScrollWindow
MapDialogRect
CharToOemBuffW
GetCaretPos
MoveWindow
DdeAddData
ActivateKeyboardLayout
GetClassLongW
IsMenu
OpenIcon
GetMessagePos
CreateWindowExW
RegisterClassA
DestroyWindow

gdi32

GetObjectW
UnrealizeObject
GetTextColor
GetMapMode
SetMetaFileBitsEx
DPtoLP
SetEnhMetaFileBits
GetCharWidthW
CreateDiscardableBitmap
CreateDCA
CheckColorsInGamut
DeleteEnhMetaFile
DeleteDC
DeleteMetaFile
TextOutW
GetDeviceCaps

kernel32

GetConsoleScreenBufferInfo
CreateFileA
HeapFree
GetEnvironmentStrings
GetProcessHeaps
GetProcAddress
VirtualProtect
QueryPerformanceCounter
SetEnvironmentVariableA
HeapReAlloc
GetTimeFormatA
TerminateProcess
EnumDateFormatsW
CreateMutexA
FreeLibrary
InterlockedExchange
SetConsoleCtrlHandler
GetPrivateProfileStructW
GetNamedPipeHandleStateW
HeapSize
GetTimeZoneInformation
UnhandledExceptionFilter
FoldStringA
InterlockedIncrement
WriteFile
GetCPInfo
FlushFileBuffers
TlsSetValue
CompareStringA
GetFileType
FillConsoleOutputCharacterA
GetStartupInfoA
GetStringTypeExA
SetUnhandledExceptionFilter
GetLocalTime
GetConsoleOutputCP
FillConsoleOutputCharacterW
GetUserDefaultLCID
VirtualQuery
WritePrivateProfileStructW
GetLastError
GetTempPathA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetUserDefaultLangID
LCMapStringA
VirtualAlloc
GetOEMCP
FileTimeToDosDateTime
GetModuleHandleA
EnumCalendarInfoW
RtlUnwind
HeapAlloc
DeleteCriticalSection
HeapCreate
VirtualFree
GetCurrentThreadId
OpenMutexA
LocalCompact
GetStringTypeA
lstrcatW
IsValidCodePage
GetSystemDefaultLCID
SetLastError
CompareStringW
MultiByteToWideChar
LoadLibraryA
SetHandleCount
GlobalLock
GlobalGetAtomNameA
FormatMessageW
CreateNamedPipeA
GetLocaleInfoW
LCMapStringW
LocalReAlloc
SetStdHandle
GetCommandLineA
CloseHandle
GetProfileSectionW
InitializeCriticalSection
GetStringTypeW
GetShortPathNameW
EnumDateFormatsExW
GetExitCodeThread
GetACP
TlsFree
GetNamedPipeInfo
TerminateThread
FreeEnvironmentStringsW
UnlockFile
GetLocaleInfoA
CreateThread
IsDebuggerPresent
GetConsoleCP
TlsGetValue
LeaveCriticalSection
IsValidLocale
GetModuleFileNameA
GetCalendarInfoA
WideCharToMultiByte
WriteConsoleA
GlobalHandle
SetFilePointer
OutputDebugStringA
SetLocalTime
GetCurrentDirectoryW
GetPrivateProfileSectionA
TlsAlloc
GetConsoleMode
CreateFileW
FreeEnvironmentStringsA
GetFileAttributesExA
CommConfigDialogW
GetCurrentProcess
CreateWaitableTimerA
SetLocaleInfoW
GetVersionExA
WriteConsoleOutputAttribute
EnterCriticalSection
HeapDestroy
ExitProcess
GetStdHandle
GetDiskFreeSpaceExA
GetDateFormatA
ReadFile
GetProcessHeap
CreateToolhelp32Snapshot
GetTickCount
InterlockedDecrement
Sleep
GetCurrentThread
GetEnvironmentStringsW
WriteConsoleW
EnumSystemLocalesA

comctl32

CreateStatusWindow
DrawStatusTextA
DrawInsert
InitCommonControlsEx
ImageList_SetImageCount
ImageList_Destroy
ImageList_LoadImageW
ImageList_GetBkColor
ImageList_SetOverlayImage
ImageList_BeginDrag
CreateStatusWindowW
ImageList_GetImageRect
ImageList_Duplicate
CreatePropertySheetPageW
ImageList_LoadImageA
ImageList_Create
ImageList_LoadImage
CreateStatusWindowA
ImageList_DragLeave
CreateToolbar
ImageList_Remove
CreatePropertySheetPageA
CreateToolbarEx
ImageList_AddIcon
ImageList_GetDragImage
DrawStatusText

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7eb8665907f3e69763d237fef031746b

Headers

File Characteristics

Imports

advapi32

comdlg32

shell32

user32

gdi32

kernel32

comctl32

Sections

.text Size: 156KB - Virtual size: 154KB

.rdata Size: 264KB - Virtual size: 260KB

.data Size: 108KB - Virtual size: 135KB

.rsrc Size: 52KB - Virtual size: 48KB

.text
Size: 156KB - Virtual size: 154KB

.rdata
Size: 264KB - Virtual size: 260KB

.data
Size: 108KB - Virtual size: 135KB

.rsrc
Size: 52KB - Virtual size: 48KB