4230892c9a8a71ca5c16cf9648a87862_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4230892c9a8a71ca5c16cf9648a87862_JaffaCakes118
Size

356KB
MD5

4230892c9a8a71ca5c16cf9648a87862
SHA1

3a5c41f8af3c10c5f63b601266b3539e62430d50
SHA256

46f0980e21c9995bd5357a4ca872c3d3ee965d3942d99c982270b85f382b3905
SHA512

1af30280f407b6c1563fbab888ca10cd2d077297f31c577090cae591d7560c7c12df91ee5787e96447004d74180a39d601d522340308aca403d23b9652d9865d
SSDEEP

6144:xKhIbUDRNAchOCPXaDUGp6JVOfOXiSfhddq+R8vz3kllQ:8hIb20cYCPXaDdw7EO3vdqhTkc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4230892c9a8a71ca5c16cf9648a87862_JaffaCakes118

Files

4230892c9a8a71ca5c16cf9648a87862_JaffaCakes118
.exe windows:6 windows x64 arch:x64

fdec033bcbebc6e34cb0c2629935169c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

msert_empty.pdb

Imports

kernel32

CreateDirectoryW
SwitchToThread
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
WideCharToMultiByte
GetSystemWindowsDirectoryW
SetFilePointerEx
SetEvent
GetSystemDirectoryW
GetExitCodeProcess
GetFileAttributesW
ReadFile
GetModuleFileNameW
GetStartupInfoW
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
OutputDebugStringA
RtlPcToFileHeader
SetUnhandledExceptionFilter
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
LocalAlloc
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
SetErrorMode
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
GetLastError
FormatMessageW
CreateThread
SuspendThread
ResumeThread
WaitForSingleObject
GetLocalTime
SystemTimeToFileTime
GetTimeFormatW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
SetLastError
MulDiv
lstrcmpW
GetTempPathW
GetTempFileNameW
DeleteFileW
CreateFileW
WriteFile
GetFileSizeEx
IsWow64Process
CreateEventW
RemoveDirectoryW
VirtualProtect
HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc
WaitForMultipleObjects
LockResource
GetVersionExW
SizeofResource
LoadResource
FindResourceW
ExpandEnvironmentStringsW
FileTimeToSystemTime
GetSystemTime
EncodePointer
DecodePointer
QueueUserWorkItem
EnumResourceNamesW
GetLogicalDrives
GetDriveTypeW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileSectionW
MoveFileW
SetFilePointer
FlushFileBuffers
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSection
TryEnterCriticalSection
SetEndOfFile
GlobalFree
GetFullPathNameW
LoadLibraryA
RaiseException
Sleep
GetCurrentThreadId
LoadLibraryExW
CreateProcessW

msvcrt

realloc
__pioinfo
__badioinfo
_read
wcstombs
iswctype
wctomb
__mb_cur_max
mbtowc
localeconv
calloc
_fileno
isleadbyte
isxdigit
isdigit
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_CxxThrowException
??1bad_cast@@UEAA@XZ
??1__non_rtti_object@@UEAA@XZ
??0bad_typeid@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@AEBV0@@Z
??0__non_rtti_object@@QEAA@AEBV0@@Z
??0__non_rtti_object@@QEAA@PEBD@Z
??0bad_cast@@QEAA@PEBD@Z
memmove
memset
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
memcmp
_wcsicmp
towlower
_vsnprintf
??0exception@@QEAA@XZ
wcschr
iswspace
_vscwprintf
_vscprintf
??0exception@@QEAA@AEBQEBD@Z
_wfopen
wcsrchr
feof
fgetws
fclose
time
qsort
bsearch
_waccess
_wctime
ungetc
wcsncmp
_vsnwprintf
_wcsupr
memcpy
_purecall
_amsg_exit
_XcptFilter
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
malloc
free
__CxxFrameHandler
_errno

comctl32

InitCommonControlsEx
PropertySheetW
CreatePropertySheetPageW
DestroyPropertySheetPage

shlwapi

PathRemoveFileSpecW
StrStrIW
StrStrW

shell32

ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW
SHGetFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

StringFromGUID2
CoCreateGuid
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyHash
RegCloseKey
RegSetValueExW
CopySid
AllocateAndInitializeSid
FreeSid
GetLengthSid
CheckTokenMembership
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW

gdi32

GetObjectW
SetBkMode
SetTextColor
SetBkColor
GetTextExtentExPointW
CreateFontIndirectW
GetTextColor
GetTextMetricsW
ExtTextOutW
GetBkColor
CreateSolidBrush
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject

user32

GetFocus
ReleaseDC
SetRect
GetClientRect
LoadStringW
GetWindowTextLengthW
CharNextW
UnregisterClassW
RegisterClassExW
LoadCursorW
DefWindowProcW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
MapWindowPoints
PtInRect
EnableWindow
SendDlgItemMessageW
GetSysColor
SetFocus
GetWindowLongPtrW
GetParent
OffsetRect
ScreenToClient
GetWindowRect
DrawTextExW
SetRectEmpty
GetDC
GetWindowTextW
SetWindowLongPtrW
PostMessageW
LoadImageW
DestroyIcon
DialogBoxParamW
EndDialog
GetDlgItem
LoadIconW
SendMessageW
SetWindowTextW
SetDlgItemTextW
ExitWindowsEx
MessageBoxW
IsWindowEnabled
InvalidateRect
UpdateWindow
SetCursor
SetCapture
ReleaseCapture
GetWindowLongW
FrameRect
DrawFocusRect
MoveWindow
GetKeyState
BeginPaint
EndPaint
ShowWindow

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

rpcrt4

UuidFromStringW
UuidToStringW
UuidCreate
RpcStringFreeW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

urlmon

IsValidURL

Sections

.text
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71.5MB - Virtual size: 71.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdec033bcbebc6e34cb0c2629935169c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

comctl32

shlwapi

shell32

ole32

advapi32

gdi32

user32

oleaut32

rpcrt4

version

urlmon

Sections

.text Size: 323KB - Virtual size: 322KB

.data Size: 6KB - Virtual size: 9KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 71.5MB - Virtual size: 71.5MB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 323KB - Virtual size: 322KB

.data
Size: 6KB - Virtual size: 9KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 71.5MB - Virtual size: 71.5MB

.reloc
Size: 4KB - Virtual size: 3KB