42b945056eeaee04e49265f2418efa19_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42b945056eeaee04e49265f2418efa19_JaffaCakes118
Size

276KB
MD5

42b945056eeaee04e49265f2418efa19
SHA1

ab528ce062ad563246913823a935b54223ff278b
SHA256

a5979414a501b1ddac9255264b88a76316a2877e49c7463e503c4fd43c149d8d
SHA512

863a83f5a968dfe125d1870179da71e5e19ad64da8f8a978b0fde6e6897ad2d3c8d537c44d8948369c14c6995331f571464df71831dae900400c7482e4a7c4ce
SSDEEP

3072:P+7WF4nRd6R29RiE/U6lMXbX+6LtKfte7NkTTgWqFghP6vMuG4stHtUYIrl2AMS7:P+jdl9076mauoteOvOgdDWrlln

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42b945056eeaee04e49265f2418efa19_JaffaCakes118

Files

42b945056eeaee04e49265f2418efa19_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d38d2bfe959830b597ca3c8eb0767f35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\ntraekg\wctpe\euf\bgo\jbehrooe.pdb

Imports

kernel32

GetProcAddress
LoadResource
ResumeThread
GetSystemInfo
SetStdHandle
GetCommandLineA
HeapCreate
GetUserDefaultLangID
GetFileSize
WideCharToMultiByte
GetStringTypeW
LoadLibraryW
QueryPerformanceCounter
TerminateProcess
GetStringTypeA
UnhandledExceptionFilter
FormatMessageW
lstrcpyW
GetOEMCP
GetEnvironmentStrings
EnterCriticalSection
GetCurrentThreadId
GetEnvironmentStringsW
GetStartupInfoW
DeleteCriticalSection
FlushFileBuffers
VirtualFree
SetErrorMode
GetLocaleInfoA
RemoveDirectoryW
ReleaseMutex
FindResourceW
GetStringTypeExW
SetHandleCount
HeapDestroy
LCMapStringW
SetEnvironmentVariableA
GetModuleHandleA
GetModuleHandleW
SetFilePointer
GetModuleFileNameA
TlsGetValue
GetEnvironmentVariableW
GetVersionExA
RaiseException
LCMapStringA
HeapReAlloc
CreateThread
CreateMutexW
GetCurrentProcess
GetModuleFileNameW
LeaveCriticalSection
GetTickCount
ReadFile
VirtualQuery
GetSystemTimeAsFileTime
WaitForSingleObject
CloseHandle
TlsSetValue
GetStartupInfoA
VirtualAlloc
SetUnhandledExceptionFilter
HeapFree
FileTimeToSystemTime
MultiByteToWideChar
VirtualProtect
TlsAlloc
GetLastError
FreeEnvironmentStringsA
SetLastError
GetCommandLineW
TlsFree
CompareStringA
GetCPInfo
GlobalFlags
LocalFileTimeToFileTime
FindNextFileW
GetTimeFormatA
lstrcmpiW
InterlockedExchange
ConvertDefaultLocale
GetProcessHeap
GetFileType
FreeEnvironmentStringsW
GetCurrentThread
HeapAlloc
ExpandEnvironmentStringsW
DeleteFileW
InitializeCriticalSection
GetStdHandle
GetACP
IsBadCodePtr
CompareStringW
WriteFile
LoadLibraryA
GetTimeZoneInformation
HeapSize
GetCurrentProcessId
RtlUnwind
GetDateFormatA
ExitProcess
GetVolumeInformationW

oleaut32

LoadTypeLi

user32

ReleaseCapture
GetWindowRect
GetMenuItemInfoW
GetMenu
IsIconic
GetSystemMetrics
LoadImageW
PeekMessageW
RegisterClassExW
LoadBitmapW
CreateWindowExW
GetMenuCheckMarkDimensions
PtInRect
IsWindowVisible
SetWindowLongW
GetUpdateRect
DefWindowProcW
LoadIconW
WindowFromPoint
SetMenuDefaultItem
RegisterWindowMessageW
ShowWindow
IsRectEmpty
DrawIcon
GetDlgCtrlID
GetCursorPos
DrawTextW
EmptyClipboard
GetWindowThreadProcessId
GetDCEx
LoadCursorW
GetSysColor
MessageBoxW
LoadMenuW
GetSystemMenu
GetAncestor
DrawFocusRect
RemoveMenu
GetSysColorBrush
ScreenToClient
GetMessageW
GetForegroundWindow
IsWindowEnabled
GetCapture
SetScrollPos
SetCursor
IntersectRect
ScrollWindow
GetScrollPos
InvalidateRect
SetWindowTextW
SetCapture
EnumWindows
RegisterClassW
CheckMenuItem
SetMenuItemInfoW
LoadAcceleratorsW
LoadStringW
DestroyWindow
UnhookWindowsHookEx
GetKeyState
TranslateAcceleratorW

advapi32

RegEnumKeyExA
RegCreateKeyExA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA

gdi32

CombineRgn
DeleteObject
CreateHalftonePalette
SetTextColor
SetWindowExtEx
GetStockObject
MaskBlt
SetAbortProc
EndDoc
TextOutA
EndPage
StartDocA
SetRectRgn
StartPage
FillRgn
StrokePath
StretchDIBits
SetViewportOrgEx
SelectClipRgn
CreateEllipticRgnIndirect
DeleteDC

shell32

ShellExecuteA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d38d2bfe959830b597ca3c8eb0767f35

Headers

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

user32

advapi32

gdi32

shell32

Sections

.text Size: 80KB - Virtual size: 78KB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 64KB - Virtual size: 66KB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 80KB - Virtual size: 78KB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 64KB - Virtual size: 66KB

.rsrc
Size: 28KB - Virtual size: 27KB