46a75504d51215eab9c906b1d9432c6f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

46a75504d51215eab9c906b1d9432c6f_JaffaCakes118
Size

354KB
MD5

46a75504d51215eab9c906b1d9432c6f
SHA1

6cf0270484473b2fd3d51de040598ad0b9eff28c
SHA256

e709bfbfd7f2db6edc9f28886ee2418a850f61e5792a7634f83ff0c53ccf64a3
SHA512

f0431adae771cd33408ec9f31dd3f6be75489a871b22c5a5454bef784c022dec0f6684b7032200189938ee9ace84a0e1a7666b6ece92fa3e9dce26c2937b27de
SSDEEP

6144:ir33fSQViy9/YuyClUR7UwsJpNwn2FEwzLheEBrd/vWWO+G9BItpGLGl:833fxViw/YublUxsAn2WwBlcB4cL+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46a75504d51215eab9c906b1d9432c6f_JaffaCakes118

Files

46a75504d51215eab9c906b1d9432c6f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9153aa16a34a359c1c1dc03fb5ddbd31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

aclui.pdb

Imports

msvcrt

_wtol
wcsstr
wcslen
memcmp
_snprintf
memset
_adjust_fdiv
free
_CxxThrowException
_except_handler3
??3@YAXPAX@Z
_purecall
??1type_info@@UAE@XZ
memmove
__CxxFrameHandler
realloc
??2@YAPAXI@Z
wcsncpy
_ftol
_vsnwprintf
_onexit
__dllonexit
wcscpy
malloc
?terminate@@YAXXZ
_initterm

kernel32

CompareStringW
InterlockedCompareExchange
GetUserDefaultUILanguage
LocalFree
FormatMessageW
GetNumberFormatW
CloseHandle
WaitForSingleObject
SetEvent
CreateTimerQueueTimer
DeleteTimerQueueTimer
LoadLibraryA
ResetEvent
OpenEventW
CreateEventW
GetPrivateProfileStringW
LoadLibraryW
FileTimeToSystemTime
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileAttributesW
GetVersionExA
WideCharToMultiByte
lstrlenA
GetModuleFileNameA
UnmapViewOfFile
VirtualAlloc
IsBadReadPtr
FreeLibrary
MapViewOfFile
CreateFileMappingA
GetSystemDirectoryW
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
lstrcpynW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
GetVersionExW
GetThreadLocale
GetModuleHandleA
GetLocaleInfoA
GetACP
InterlockedExchange
CreateProcessW
GetProcAddress
Sleep
CreateDirectoryW
SetLastError
CreateFileW
WriteFile
FlushFileBuffers
GetSystemTime
GetFileSize
CreateFileMappingW
SetFilePointer
SetEndOfFile
ReleaseMutex
CreateMutexW
ExpandEnvironmentStringsW
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
lstrcatW
lstrcpyW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetCurrentThread
MultiByteToWideChar
VerifyVersionInfoW
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapAlloc
HeapFree
GetSystemInfo

comctl32

InitCommonControlsEx

advapi32

RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
InitiateSystemShutdownExW
RegQueryValueExW
ImpersonateSelf
CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetUserNameW
OpenThreadToken
RevertToSelf
SetThreadToken
GetTokenInformation
DuplicateTokenEx
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

user32

SetCapture
ScreenToClient
ReleaseCapture
InvalidateRect
EndPaint
BeginPaint
SetCursor
LoadCursorW
FillRect
PtInRect
DrawFocusRect
GetFocus
GetSysColor
ExitWindowsEx
GetDlgItemTextW
IsWindow
IsDlgButtonChecked
KillTimer
EnableWindow
ShowScrollBar
EndDialog
SetWindowTextW
IsWindowVisible
GetWindowTextLengthW
LockWindowUpdate
RedrawWindow
SetTimer
ShowWindow
SetWindowPos
SendMessageW
LoadStringW
DestroyWindow
GetWindowLongW
SetWindowLongW
SetFocus
GetDlgItem
GetParent
PostMessageW
CharNextW
SetDlgItemTextW
DialogBoxParamW
CreateDialogParamW
DefWindowProcW
CreateWindowExW
MapWindowPoints
GetWindowRect
ReleaseDC
DrawTextW
CopyRect
GetDC
GetClientRect
SystemParametersInfoW
GetWindow
GetWindowTextW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoCreateInstance
CoDisconnectObject
CoQueryProxyBlanket
CoInitializeEx
CoUninitialize
CoWaitForMultipleHandles
CoSetProxyBlanket

rpcrt4

UuidCreateNil
UuidCompare
UuidFromStringW
UuidToStringW
UuidCreate
RpcStringFreeW

crypt32

CryptProtectData
CryptUnprotectData

ntdll

VerSetConditionMask

gdi32

GetTextExtentPoint32W
GetTextMetricsW
GetObjectW
CreateFontIndirectW
SetBkMode
DeleteObject
SetTextColor
SelectObject

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 231KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9153aa16a34a359c1c1dc03fb5ddbd31

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

comctl32

advapi32

user32

ole32

rpcrt4

crypt32

ntdll

gdi32

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 231KB - Virtual size: 235KB

.bss Size: - Virtual size: 16KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 231KB - Virtual size: 235KB

.bss
Size: - Virtual size: 16KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB