448ec9c38690ce618473fed0eb431280_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

448ec9c38690ce618473fed0eb431280_JaffaCakes118
Size

73KB
MD5

448ec9c38690ce618473fed0eb431280
SHA1

61038b25e848b28efe8bd5190711588b97446139
SHA256

e6f282a0d1fb2313d9810852224e5828b537f40455a7f2c13479f8be2394d97b
SHA512

1713a0d689deb4e2f6f7981c7819013736697e4411deb3cb1952fe938b92e1fe0c223f0835bf4013278339b8490a7378bb03ae89899631adfa68a8e70bd4b080
SSDEEP

1536:kkE2qsRSSkJ5oFq8Dm+Q3WAoxnrPgd+qJdQGWUFo7c:kkE2qsRSSkoHmmn7lqPr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
448ec9c38690ce618473fed0eb431280_JaffaCakes118

Files

448ec9c38690ce618473fed0eb431280_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0b40e394d783d6d7db8743b4c89a3780

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMessageW
GetSystemMetrics
PeekMessageW
ShowWindow
GetClientRect
GetMenuState
SetScrollPos
TranslateMessage
LoadIconW
GetDC
LoadCursorW
CharLowerW
IntersectRect
GetForegroundWindow
GetFocus
CheckMenuItem
IsDialogMessageW
PostQuitMessage
RegisterClassExW
OpenClipboard
LoadImageW
GetParent
GetWindowLongW
SetWinEventHook
EqualRect
EnableMenuItem
GetCursorPos
GetDlgCtrlID
InvalidateRect
GetWindowTextLengthW
SetActiveWindow
LoadAcceleratorsW
DestroyWindow
SetCursor
wsprintfW
GetMenu
DrawTextExW
CharNextW
WinHelpW
RegisterWindowMessageW
CharUpperW
PostMessageW
GetMenuItemID
SetFocus
GetSystemMenu
CloseClipboard
IsIconic
KillTimer
GetMenuItemCount
EnableWindow
LoadStringW
UpdateWindow
ValidateRect
DeleteMenu
GetDlgItemTextW
UnhookWinEvent
CreateDialogParamW
CopyRect
SetDlgItemTextW
GetDesktopWindow
CreateWindowExW
GetLastActivePopup
GetKeyboardLayout
GetWindowTextW
SetWindowTextW
DialogBoxParamW
DestroyMenu
DestroyIcon
ScreenToClient
ChildWindowFromPoint
GetDlgItem
SetWindowPlacement
ReleaseDC
IsClipboardFormatAvailable
MessageBeep
RegisterWindowMessageA
IsWindowVisible
MessageBoxW
MessageBoxA
GetCapture
TranslateAcceleratorW
SendMessageW
SendDlgItemMessageW
EndDialog
DefWindowProcW
MoveWindow
GetWindowPlacement
DispatchMessageW
GetSubMenu
GetActiveWindow
SetWindowLongW

msvcrt

wcsncpy
__p__fmode
isdigit
memset
malloc
_acmdln
wcsncmp
_controlfp
exit
__p__commode
_adjust_fdiv
??0exception@@QAE@XZ
_snwprintf
wcsstr
__setusermatherr
time
iswctype
_c_exit
__set_app_type
_exit
_wtol
_lock
__getmainargs
localtime
_cexit
_initterm
_XcptFilter

kernel32

lstrcpynW
InterlockedIncrement
FreeEnvironmentStringsA
MulDiv
HeapAlloc
LockResource
LoadLibraryA
TlsAlloc
FormatMessageA
FreeLibrary
VirtualFree
CreateEventA
GetTempPathA
ExitProcess
GetSystemInfo
WriteFile
CloseHandle
GetDateFormatW
UnmapViewOfFile
SetEndOfFile
TlsSetValue
GetCPInfo
GetLocaleInfoA
GetLocalTime
CreateFileW
SetLastError
lstrcatW
LocalReAlloc
VirtualProtect
LoadLibraryExA
TlsGetValue
GetStringTypeW
GlobalLock
IsDebuggerPresent
IsBadReadPtr
LocalSize
LCMapStringW
GetProcessHeap
WaitForMultipleObjects
InterlockedExchange
GetLastError
InitializeCriticalSection
GetUserDefaultLCID
TerminateProcess
GetFileType
WideCharToMultiByte
GetVersionExW
lstrcpyW
QueryPerformanceCounter
GlobalFree
LocalAlloc
GetCommandLineA
HeapCreate
SetFilePointer
FoldStringW
lstrlenW
ResumeThread
GetCurrentProcessId
GetUserDefaultUILanguage
GetModuleFileNameA
CreateFileA
GetEnvironmentVariableA
RtlUnwind
GetModuleHandleA
InterlockedCompareExchange
GlobalUnlock
GetACP
OpenMutexA
UnhandledExceptionFilter
ReadFile
GetModuleFileNameW
SetErrorMode
IsValidLocale
QueryPerformanceFrequency
MultiByteToWideChar
IsDBCSLeadByte
GetExitCodeProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
lstrcmpW
FindClose
InterlockedDecrement
MapViewOfFile
FindFirstFileW
GetTimeFormatW
GetSystemTimeAsFileTime
DeleteCriticalSection
FormatMessageW
GetLocaleInfoW
GetFileInformationByHandle
GetFullPathNameW
Sleep
LocalFree
HeapFree
GetProcAddress
CopyFileA
LoadResource
CompareStringW
GetStartupInfoA
EnterCriticalSection
FindFirstFileA
GetFileAttributesW
GetCurrentProcess
CreateThread
GetCommandLineW
OutputDebugStringW
VirtualAlloc
SetEvent
LocalLock
LeaveCriticalSection
SetCurrentDirectoryA
DeleteFileW
CreateFileMappingW
GetDriveTypeW
LocalUnlock
GetVersionExA
GetFileSize
GetStdHandle
GetTickCount
lstrcmpiW
FindResourceW
GetOEMCP
SetHandleCount

winspool.drv

OpenPrinterW
GetPrinterDriverW
ClosePrinter

comdlg32

FindTextW
GetSaveFileNameW
CommDlgExtendedError
ChooseFontW
GetOpenFileNameW
PrintDlgExW
PageSetupDlgW
ReplaceTextW
GetFileTitleW

advapi32

IsTextUnicode
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

gdi32

GetTextFaceW
StartPage
SetMapMode
AbortDoc
GetTextExtentPoint32W
GetDeviceCaps
GetStockObject
EnumFontsW
SelectObject
CreateDCW
TextOutW
SetWindowExtEx
SetViewportExtEx
DeleteDC
LPtoDP
EndDoc
SetAbortProc
GetObjectW
DeleteObject
CreateFontIndirectW
SetBkMode
EndPage
StartDocW
GetTextMetricsW

shell32

ShellAboutW
DragFinish
DragQueryFileW
DragAcceptFiles

comctl32

CreateStatusWindowW

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b40e394d783d6d7db8743b4c89a3780

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

kernel32

winspool.drv

comdlg32

advapi32

gdi32

shell32

comctl32

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 50KB - Virtual size: 51KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 50KB - Virtual size: 51KB

.rsrc
Size: 2KB - Virtual size: 2KB