3fe0f1a2caef34ffbfad0ba500f2cf73_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3fe0f1a2caef34ffbfad0ba500f2cf73_JaffaCakes118
Size

368KB
MD5

3fe0f1a2caef34ffbfad0ba500f2cf73
SHA1

4e7128921c0859edb996b210037191889d15dcd4
SHA256

761edc5466afdc07cddb6cc6d261095207f2284f5ff9acd7e1e1dd23e2c45cd8
SHA512

6275c26d8eb7bd0c329b5516db744f435e5875456a3aee9f4d285c0f5c79217efda0205bd328ee5ff9b36d991a91f4814a793523770dfbaeb33571ee4932f659
SSDEEP

6144:gtBbfepfywkLZCmyuF88mWq2rnMMjAYiKciRVk7afwUp7hT567w/t8knbh:gbgyvtyuW8mr2rMMjTw6Z67A82h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fe0f1a2caef34ffbfad0ba500f2cf73_JaffaCakes118

Files

3fe0f1a2caef34ffbfad0ba500f2cf73_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bddc5db0ad9aaca471f8e73d924ab981

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
LocalHandle
QueryPerformanceCounter
GetModuleHandleA
GetMailslotInfo
GetVersionExA
GetLargestConsoleWindowSize
GetVolumeInformationW
OpenEventW
SetLocaleInfoA
CompareFileTime
GlobalAddAtomA
LoadLibraryExW
lstrcmpiA
GetThreadSelectorEntry
ExpandEnvironmentStringsA
GetProcessWorkingSetSize
GlobalAlloc
CreateFileW
GetCommModemStatus
CompareStringA
FindCloseChangeNotification
SetConsoleTextAttribute
EnumSystemCodePagesW
PurgeComm
GetDiskFreeSpaceExW
SetThreadAffinityMask
FillConsoleOutputAttribute
SetHandleInformation
GetFileAttributesExW
TerminateThread
GetCommProperties
GetCPInfoExA
EraseTape
WriteProfileSectionA
GetPrivateProfileStructW
SetStdHandle
GetFullPathNameA
FindFirstChangeNotificationA
WriteFileGather
GetVolumeInformationA
GetStartupInfoA
GetProcAddress
CreatePipe
CreateWaitableTimerW
GetThreadContext
CreateNamedPipeA
VirtualAlloc
GetProcessTimes
CreateFiber
GetAtomNameW
FindResourceExA
SetupComm
VerLanguageNameA
CommConfigDialogW
WriteConsoleOutputA
SetCurrentDirectoryW
Module32First
ConvertThreadToFiber
VirtualProtect
GetSystemPowerStatus
GetEnvironmentStrings
OpenMutexA
WriteConsoleA
GetThreadPriority
lstrcpynA
HeapDestroy
BeginUpdateResourceW
GetUserDefaultLCID
EnumCalendarInfoW
MoveFileExW

user32

EnableMenuItem
GetPropW
SetWindowPos
EnableWindow
LoadStringA
IsCharAlphaNumericA
MapDialogRect
DispatchMessageA
MessageBoxExA
CharLowerBuffA
EnumChildWindows
MapVirtualKeyExA
mouse_event
SetPropW
SetWindowTextA
GetWindowContextHelpId
GetKeyNameTextW
MessageBoxIndirectA
MapWindowPoints
GetDlgItemTextW
CreateCursor
LoadAcceleratorsA
CharUpperBuffA
GetKeyboardLayoutNameA
GetSubMenu
WinHelpW
EnumClipboardFormats
GetClassInfoExW
ModifyMenuA
GetMessageTime
UnhookWindowsHook
GetSysColorBrush
DrawIcon
SetClipboardViewer
GetWindowTextW
SwitchDesktop
GetClassLongW
GetQueueStatus
IsWindowUnicode
CloseDesktop
TranslateMDISysAccel
ActivateKeyboardLayout
ModifyMenuW
GetInputState
CreateDesktopA
ClipCursor
SendNotifyMessageW
ShowScrollBar
GetTabbedTextExtentW
GetNextDlgGroupItem
DrawIconEx
LockWindowUpdate
FillRect
DeferWindowPos

gdi32

SetICMProfileW
CopyEnhMetaFileW
EndPage
GetTextFaceW
DeleteMetaFile
CreatePatternBrush
GetCharABCWidthsFloatW
GetRasterizerCaps
GetPolyFillMode
CopyEnhMetaFileA
DrawEscape
GetCharABCWidthsW
FillRgn
GetAspectRatioFilterEx
PolyTextOutW
CreateFontW
StrokeAndFillPath
OffsetRgn
StartDocW
GetArcDirection
PlayEnhMetaFile
GetICMProfileW
SetTextCharacterExtra
SetTextAlign
GetStockObject
GetCharacterPlacementA
GetTextColor
CopyMetaFileA
EnumFontsA
SetICMProfileA
GetEnhMetaFileW
RectVisible
CreateCompatibleBitmap

comdlg32

ChooseFontA

advapi32

BuildImpersonateExplicitAccessWithNameA
ControlService
RegOpenKeyExW
IsValidSecurityDescriptor
CryptExportKey
CryptCreateHash
CryptDuplicateKey
NotifyChangeEventLog
RegLoadKeyA
RegFlushKey
LookupSecurityDescriptorPartsW
PrivilegedServiceAuditAlarmA
CryptContextAddRef
GetServiceKeyNameW
CryptDestroyHash
GetServiceKeyNameA
CryptSetProviderA
AreAnyAccessesGranted
GetSidSubAuthorityCount
AdjustTokenGroups
CreateProcessAsUserW
OpenBackupEventLogW
CryptSignHashA
AccessCheckAndAuditAlarmW
GetAuditedPermissionsFromAclW
GetMultipleTrusteeW
RegQueryMultipleValuesW
CloseServiceHandle
SetThreadToken
CryptImportKey
CreatePrivateObjectSecurity
CryptHashSessionKey

shell32

SHFileOperationA
SHLoadInProc
ExtractAssociatedIconW
SHChangeNotify

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit

Sections

.text
Size: 290KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mw2gfpxd
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qrdrl.wk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bddc5db0ad9aaca471f8e73d924ab981

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

msvcrt

Sections

.text Size: 290KB - Virtual size: 292KB

.rdata Size: 6KB - Virtual size: 8KB

.data Size: 20KB - Virtual size: 20KB

mw2gfpxd Size: 46KB - Virtual size: 48KB

qrdrl.wk Size: 4KB - Virtual size: 4KB

.text
Size: 290KB - Virtual size: 292KB

.rdata
Size: 6KB - Virtual size: 8KB

.data
Size: 20KB - Virtual size: 20KB

mw2gfpxd
Size: 46KB - Virtual size: 48KB

qrdrl.wk
Size: 4KB - Virtual size: 4KB