3fa8e78e839c4c1a713b56b25ca47bcc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3fa8e78e839c4c1a713b56b25ca47bcc_JaffaCakes118
Size

173KB
MD5

3fa8e78e839c4c1a713b56b25ca47bcc
SHA1

7d6de3cd8a07a52e1dea1341ddce2086a54f1547
SHA256

92e2b9bbc6f834afe5971d3bcce63694c04b73de7f4856769ce0a929f56cfcea
SHA512

4025600a75cd91e0dee6e15816c34dbfe48936f717bb636b142e1ad9a176be9ba4175db95c28a1720c98a4422a23cd340f9b3aa37e3955d69e94f0e51d2a4b20
SSDEEP

3072:jQyZqmildJ6p77Y/MthPjZTKfHbJk/OlJtS2Kd/SPXm1Bz5gcW9Eds9jYvSiP:MywxldUp7c0thP9ubJk/cM6PXm/Q+s9i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fa8e78e839c4c1a713b56b25ca47bcc_JaffaCakes118

Files

3fa8e78e839c4c1a713b56b25ca47bcc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0e9574fc497ca43904159075b42ffabc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVIClearClipboard

user32

GetWindow
SendMessageTimeoutW
DispatchMessageW
GetMessageW
MsgWaitForMultipleObjects
SendDlgItemMessageW
SetTimer
PostMessageW
GetClassNameA
LoadStringW
GetTopWindow
KillTimer
CharLowerW
LoadCursorW
PeekMessageW
CharNextW
GetSystemMetrics
SetCursor
LoadImageW
DestroyIcon
GetDesktopWindow
EndDialog
DialogBoxParamW
TranslateMessage

advapi32

LookupPrivilegeValueW
RegCreateKeyExW
GetTokenInformation
RegQueryInfoKeyW
ConvertStringSidToSidW
RegCloseKey
RegEnumKeyExW
RegEnumKeyW
InitializeSecurityDescriptor
GetLengthSid
CreateProcessAsUserW
RegOpenKeyExW
RegQueryValueExA
CopySid
DuplicateTokenEx
OpenSCManagerW
RevertToSelf
RegEnumValueW
SetFileSecurityW
RegSetValueExW
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExA
RegSaveKeyW
OpenProcessToken
EnumServicesStatusExW
FreeSid
SetSecurityDescriptorOwner
ImpersonateLoggedOnUser
RegDeleteValueW
AdjustTokenPrivileges
CloseServiceHandle
LookupPrivilegeNameW

ole32

CoCreateGuid
CoGetComCatalog
CoInitializeEx
CreateBindCtx
StringFromGUID2
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc

setupapi

SetupGetLineTextW
SetupGetBinaryField
SetupFindFirstLineW
SetupFindNextLine
SetupGetIntField
SetupGetStringFieldW
SetupOpenInfFileW
SetupCloseInfFile

kernel32

SearchPathW
WideCharToMultiByte
GetFileAttributesW
GetModuleHandleW
GetFileSize
CopyFileW
GetComputerNameW
FreeLibrary
OpenEventW
GetPrivateProfileStringW
CreateThread
HeapAlloc
GetFileAttributesExW
InitializeCriticalSectionAndSpinCount
GetVersion
InterlockedExchange
IsDBCSLeadByte
GetLastError
EnterCriticalSection
GetProcessHeap
GlobalFree
GetWindowsDirectoryW
lstrlenA
Sleep
SetLastError
GetSystemDirectoryW
FindClose
GetVersionExA
DisableThreadLibraryCalls
LeaveCriticalSection
WriteFile
WaitForSingleObject
LoadLibraryW
UnhandledExceptionFilter
LoadResource
FlushFileBuffers
FindResourceExW
CompareStringA
ReadFile
GetLocaleInfoW
LocalAlloc
GetLocalTime
SetFilePointer
CloseHandle
GetPrivateProfileSectionW
LockResource
MoveFileExW
GetVersionExW
GetPrivateProfileStringA
DecodePointer
CreateFileW
MapViewOfFile
GetPrivateProfileIntW
ResumeThread
SetUnhandledExceptionFilter
CreateFileMappingW
LocalReAlloc
FindNextFileW
CreateDirectoryW
SetFileAttributesW
LoadLibraryA
SizeofResource
ExpandEnvironmentStringsW
TerminateProcess
FindResourceW
lstrcmpiA
LocalFree
OutputDebugStringA
HeapFree
GetSystemInfo
OutputDebugStringW
lstrlenW
GetCurrentThreadId
LoadLibraryExW
InterlockedCompareExchange
InterlockedDecrement
GetProcAddress
GetModuleFileNameW
EnumUILanguagesW
GetCurrentProcess
GetCurrentProcessId
DeleteFileW
GetTickCount
RtlUnwind
CompareStringW
MultiByteToWideChar
DelayLoadFailureHook
WritePrivateProfileStringW
UnmapViewOfFile
QueryPerformanceCounter
MoveFileW
GetExitCodeThread
GetSystemTimeAsFileTime
RemoveDirectoryW
GetSystemDefaultUILanguage
lstrcmpW
FileTimeToSystemTime
FindFirstFileW
GetUserDefaultUILanguage
VirtualAlloc

Sections

.text
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e9574fc497ca43904159075b42ffabc

Headers

DLL Characteristics

File Characteristics

Imports

avifil32

user32

advapi32

ole32

setupapi

kernel32

Sections

.text Size: 512B - Virtual size: 388B

.data Size: 52KB - Virtual size: 848KB

.reloc Size: 512B - Virtual size: 24B

.rsrc Size: 91KB - Virtual size: 91KB

.rdata Size: 22KB - Virtual size: 21KB

.idata Size: 5KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 388B

.data
Size: 52KB - Virtual size: 848KB

.reloc
Size: 512B - Virtual size: 24B

.rsrc
Size: 91KB - Virtual size: 91KB

.rdata
Size: 22KB - Virtual size: 21KB

.idata
Size: 5KB - Virtual size: 4KB