4474a7972010b589ba0cb10545d980b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4474a7972010b589ba0cb10545d980b8_JaffaCakes118
Size

292KB
MD5

4474a7972010b589ba0cb10545d980b8
SHA1

0d6abe334b4fc2b6e7addfe6e374bdd7d114ca5c
SHA256

1f8d6d4f1f71aec38c2c8a1c567abf23e18969a72de08db816e83d6574294c0f
SHA512

328600b0e6f69dc8d10020b2bd632d1eda471f5c2b3aed15ecd151efa4f5007373ae9e5cb8c3f9c223151e08623a611ea35656489706e60c9d846486031f1ecf
SSDEEP

6144:Ku1p9ER41OSZG9Q7YAHBbA52HYVfRu1WlpYVeNq:Kup47SDVbADJa0p8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4474a7972010b589ba0cb10545d980b8_JaffaCakes118

Files

4474a7972010b589ba0cb10545d980b8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50a9a328d5cb3255587fd4b2663d1383

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegCreateKeyExA
AbortSystemShutdownW
RegLoadKeyW
CryptGetUserKey
CryptGetHashParam
RegDeleteValueW
CryptDuplicateKey
RegQueryMultipleValuesW
InitializeSecurityDescriptor
CryptAcquireContextA
CryptGetProvParam
RegConnectRegistryA
RegCloseKey
CryptHashData
RegFlushKey
RegEnumKeyA
CryptImportKey
RegRestoreKeyA
InitiateSystemShutdownA
CryptGenKey

comctl32

InitCommonControlsEx
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_SetIconSize
ImageList_GetBkColor
ImageList_SetOverlayImage
ImageList_Replace
ImageList_GetDragImage
ImageList_EndDrag
ImageList_AddMasked
ImageList_Read
MakeDragList
ImageList_GetIconSize
ImageList_BeginDrag
ImageList_Merge

kernel32

GetPrivateProfileSectionA
VirtualFree
SetEvent
GetCurrentProcess
FreeEnvironmentStringsW
GetLocaleInfoA
VirtualLock
GetStringTypeA
GetCurrentThreadId
SetEnvironmentVariableA
TlsSetValue
SetStdHandle
CreateMutexA
SetConsoleTitleA
GetSystemTimeAsFileTime
FindNextChangeNotification
lstrcpyA
LeaveCriticalSection
InterlockedExchange
TlsAlloc
WideCharToMultiByte
GetCPInfo
DeleteCriticalSection
GetEnvironmentStringsW
GetCommandLineA
GlobalReAlloc
OpenMutexA
WaitNamedPipeA
RtlUnwind
QueryPerformanceCounter
GetEnvironmentStrings
GetFileAttributesExW
GetProcAddress
GetDriveTypeA
ReadFile
GetComputerNameA
GetStartupInfoW
GetSystemTime
GetLastError
CompareStringA
CreateMailslotW
GetCommandLineW
GetCurrentDirectoryW
ResetEvent
LoadLibraryA
TerminateProcess
CompareStringW
GetLogicalDriveStringsW
SetFilePointer
InitializeCriticalSection
GetCompressedFileSizeA
ExitProcess
VirtualQuery
FoldStringW
GetVersion
GetStringTypeW
GetCurrentProcessId
HeapAlloc
FlushFileBuffers
FreeEnvironmentStringsA
GetModuleFileNameW
IsBadWritePtr
TlsFree
GetTimeZoneInformation
GetLocalTime
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
CloseHandle
ReadConsoleOutputAttribute
GetCurrentThread
InterlockedIncrement
InterlockedDecrement
VirtualAlloc
OpenFileMappingW
LCMapStringA
SetLastError
HeapDestroy
HeapFree
SetConsoleCtrlHandler
GetModuleHandleA
HeapCreate
WriteFile
TlsGetValue
GetModuleFileNameA
GetFileType
GetTickCount
LCMapStringW
MultiByteToWideChar
UnlockFileEx
GetStartupInfoA
EnterCriticalSection
HeapReAlloc

user32

RegisterClassExA
DestroyWindow
GetMenuItemID
BroadcastSystemMessageW
EndTask
TranslateMessage
IsCharAlphaNumericW
RegisterClassA
DefWindowProcW
SystemParametersInfoA
GetWindowModuleFileNameA
SetMenuContextHelpId
ShowWindow
UnregisterHotKey
GetClassLongW
GetTitleBarInfo
DdeQueryNextServer
InvalidateRgn
GetDCEx
GetWindowRgn
CreateWindowExA
GetUpdateRgn
GetTopWindow
MessageBoxW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50a9a328d5cb3255587fd4b2663d1383

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

user32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 84KB - Virtual size: 108KB

.rsrc Size: 64KB - Virtual size: 60KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 84KB - Virtual size: 108KB

.rsrc
Size: 64KB - Virtual size: 60KB