40662cd569c230159bb63decb7da0f7a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

40662cd569c230159bb63decb7da0f7a_JaffaCakes118
Size

728KB
MD5

40662cd569c230159bb63decb7da0f7a
SHA1

2f43e57f2a228ee38f8442f068c6037bdfafa741
SHA256

2987216ef45db24f4c609df33693ba40221a93c3c8acb2bc42e000f3de08db03
SHA512

16be241ead7d0b6901ac99171d76e4ffdd30b43bd7fdea3a1d423aa0b60d99f7d969775a30bd7491a5fac266fc34c7f06f32b057b88b6fda17727b8c62d836cc
SSDEEP

12288:Hk1OPMwCX+o37hKzMCgFVOXMjkGwTQoBgsvXoCQQtOSMyHN:HkRZ+ShmHQF9wTfFvXWQkyHN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40662cd569c230159bb63decb7da0f7a_JaffaCakes118

Files

40662cd569c230159bb63decb7da0f7a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

95841dea4e82a0c58e9af4859ec4058b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\arq\oeuoqdee\gdw

Imports

advapi32

RegRestoreKeyA
CryptSignHashW
RegOpenKeyExA
RegEnumKeyExA
AbortSystemShutdownW
RegConnectRegistryW
RegQueryValueA
StartServiceW
RevertToSelf

gdi32

EnumICMProfilesA
SetGraphicsMode
SetBoundsRect
PolyTextOutA
GetPixel

comdlg32

ChooseColorA
PageSetupDlgW
GetFileTitleA

user32

EnumPropsExW
RegisterClassExA
ScrollWindowEx
SetWindowPos
OpenDesktopA
GetDialogBaseUnits
EnumChildWindows
OemToCharA
DdeClientTransaction
CreateWindowExA
IsDialogMessage
LookupIconIdFromDirectoryEx
TileWindows
RegisterClassA
GetWindowThreadProcessId
VkKeyScanA
SetWindowRgn
CheckDlgButton
ShowWindow
PeekMessageA
WindowFromPoint
EnumPropsA
DefWindowProcW
SetProcessDefaultLayout
DestroyWindow
GetSubMenu
ClientToScreen
PackDDElParam
DdeDisconnect
DefDlgProcW
CreateDialogIndirectParamA
MessageBoxW
SetDebugErrorLevel
CountClipboardFormats
DefFrameProcA
IsChild
MessageBoxExW

comctl32

CreatePropertySheetPage
ImageList_Draw
ImageList_GetImageRect
InitCommonControlsEx
ImageList_EndDrag
ImageList_LoadImageA

kernel32

GetLocaleInfoW
GetStartupInfoA
WriteFile
ExitThread
GetProcAddress
CompareStringW
SetUnhandledExceptionFilter
SetFilePointer
GetUserDefaultLCID
TlsFree
lstrcpynW
WriteConsoleA
InitializeCriticalSectionAndSpinCount
CompareStringA
VirtualQueryEx
FreeEnvironmentStringsA
RtlZeroMemory
VirtualFree
FlushFileBuffers
GetConsoleCP
HeapCreate
SetHandleCount
DeleteCriticalSection
GetThreadPriorityBoost
CreateNamedPipeW
GetLocaleInfoA
GetSystemTimeAsFileTime
CreateMutexA
GetExitCodeProcess
SetThreadContext
GlobalFree
GetConsoleOutputCP
InterlockedIncrement
TerminateProcess
CreateFileA
GetEnvironmentStrings
TlsSetValue
HeapFree
IsValidCodePage
EnumResourceLanguagesW
LoadLibraryA
GetACP
RtlUnwind
SetStdHandle
GetDiskFreeSpaceExA
LCMapStringW
ExitProcess
GlobalHandle
HeapDestroy
GetCPInfo
TlsAlloc
LCMapStringA
GetTimeFormatA
SetConsoleCursorPosition
GetCurrentProcess
FormatMessageW
GetLastError
CreateDirectoryW
FindResourceA
FreeLibrary
HeapAlloc
CloseHandle
SetLastError
GetStringTypeA
EnterCriticalSection
HeapSize
SetComputerNameW
FreeEnvironmentStringsW
GetTickCount
GetFileType
GetStringTypeW
GetStdHandle
IsValidLocale
GetModuleHandleW
GetModuleHandleA
WriteConsoleW
VirtualAlloc
LocalAlloc
LeaveCriticalSection
CreateFileW
GetCurrentThread
MapViewOfFileEx
GlobalDeleteAtom
WriteFileEx
Sleep
EnumCalendarInfoA
IsDebuggerPresent
SetEnvironmentVariableA
HeapReAlloc
GetTimeZoneInformation
TlsGetValue
GetCurrentProcessId
GetConsoleMode
QueryPerformanceCounter
InterlockedDecrement
GetCommandLineA
GetThreadPriority
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GetEnvironmentStringsW
ReadFile
GetNamedPipeInfo
EnumSystemLocalesA
OpenMutexA
GetProcessAffinityMask
GetDateFormatA
MultiByteToWideChar
InterlockedExchange
GetPrivateProfileSectionNamesW
SetConsoleCtrlHandler
WideCharToMultiByte
EnumDateFormatsW
GetModuleFileNameA
GetOEMCP

wininet

InternetHangUp
InternetReadFileExW
InternetConfirmZoneCrossingA
InternetWriteFileExA
FreeUrlCacheSpaceW
UnlockUrlCacheEntryFileA
ShowSecurityInfo
FtpRenameFileW
FtpGetCurrentDirectoryA

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95841dea4e82a0c58e9af4859ec4058b

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

comdlg32

user32

comctl32

kernel32

wininet

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 456KB - Virtual size: 453KB

.data Size: 136KB - Virtual size: 152KB

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 456KB - Virtual size: 453KB

.data
Size: 136KB - Virtual size: 152KB

.rsrc
Size: 32KB - Virtual size: 28KB