400ddae57d19046c4faab2e84ceb03d2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

400ddae57d19046c4faab2e84ceb03d2_JaffaCakes118
Size

443KB
MD5

400ddae57d19046c4faab2e84ceb03d2
SHA1

c62d208f1978a32c7308a7d91d4ba210b2689877
SHA256

10a42747880028101653be817eaa826792c5d3c8637e2de61ea1946dfaa35fd4
SHA512

07346f406d3f05340e67933557b8b619ede3354b06d4c548b93198485f0bc3c1510e05822bae8e9a006fbeabd0983b205f92b964307a8b4c615e27ef16754916
SSDEEP

12288:rXuCZT7jz7hkQcrtMdGjxFEv9PyLgp2Xh9JvPJoJ:bughv89kPvoXh90J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
400ddae57d19046c4faab2e84ceb03d2_JaffaCakes118

Files

400ddae57d19046c4faab2e84ceb03d2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6a8417cdf679934b100b30d832f3222c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdiplus

GdipCreateBitmapFromScan0
GdipRemovePropertyItem
GdipGetImageDecodersSize
GdipDrawImageI
GdipImageRotateFlip
GdiplusStartup
GdipLoadImageFromFile
GdipGetImageEncoders

advapi32

RegCloseKey
OpenSCManagerW
RegCreateKeyExW
RegEnumValueW

gdi32

Ellipse
StretchBlt
CreateHalftonePalette
MoveToEx
SelectObject
RealizePalette
CreatePen
GetStockObject
SelectPalette
DeleteObject
LineTo
GetTextExtentPoint32W
CreateSolidBrush
CreateFontIndirectW
GetObjectW
GetDeviceCaps
Rectangle
CreateCompatibleDC
SetROP2

msvcrt

wcstol
_vsnwprintf
wcscpy
?terminate@@YAXXZ
exit
_cexit
__p__fmode
_exit
_wcmdln

shell32

ord155
SHGetDesktopFolder
ord18
SHOpenFolderAndSelectItems
ord152
SHParseDisplayName
ord16

kernel32

lstrcmpW
CreateProcessW
lstrcpynW
FreeLibraryAndExitThread
FindResourceW
DuplicateHandle
MoveFileW
MulDiv
GetCommandLineW
ExitThread
UnhandledExceptionFilter
CreateEventA
DeleteCriticalSection
WaitForSingleObject
VirtualAllocEx
MultiByteToWideChar
GlobalUnlock
SetEvent
GetHandleInformation
WaitForSingleObject
TerminateProcess
OpenFileMappingW
ReleaseMutex
FormatMessageW
FindFirstFileW
GetProcAddress
FreeLibrary
GetLastError
EnterCriticalSection
GetTickCount
lstrlenA
FindClose
GetTempFileNameW
GlobalLock
GetTickCount
GetFileSize
InitializeCriticalSection
GetSystemTimeAsFileTime
CreateThread
GetSystemDirectoryW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoRevokeClassObject
CoUninitialize

shlwapi

ord437
PathRemoveExtensionW

user32

GetWindowRect
SetWindowLongW
MessageBoxIndirectW
FrameRect
MonitorFromRect
DialogBoxParamW
CreateWindowExW
GetWindowThreadProcessId
RegisterClassW
GetClassInfoW
EndDialog
EndPaint
DrawTextExW
SetTimer
SetForegroundWindow
SetFocus
OffsetRect
GetWindowLongW
EndDeferWindowPos
GetMessageW
SetDlgItemTextW
TranslateMessage
GetSysColor
CopyRect
DefWindowProcW
SendNotifyMessageW
GetLastActivePopup
PostMessageW
CharNextW
DrawIconEx
DrawFocusRect
GetClassNameW
GetDesktopWindow
LoadIconW
BeginDeferWindowPos
CopyIcon
GetKeyState
GetDlgItem
FindWindowExW

Sections

.text
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a8417cdf679934b100b30d832f3222c

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

advapi32

gdi32

msvcrt

shell32

kernel32

ole32

shlwapi

user32

Sections

.text Size: 405KB - Virtual size: 405KB

.data Size: 31KB - Virtual size: 30KB

.rsrc Size: 6KB - Virtual size: 332KB

.text
Size: 405KB - Virtual size: 405KB

.data
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 6KB - Virtual size: 332KB