4b7f45f017ee358bc9e6aacc59383302_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4b7f45f017ee358bc9e6aacc59383302_JaffaCakes118
Size

69KB
MD5

4b7f45f017ee358bc9e6aacc59383302
SHA1

0a306ac02aedd3e599a35a05b73750198f25f118
SHA256

440287d72de04b38a0d69d2176f61376774f82fc6559241d2fc38c2fc56c0554
SHA512

2c3f9213501f47548c3bca70ed6872623b5062e1cf1f840807fd73ce9fa5bf5fbcb33c914b3e6be169c6a1cedde95ad5fc63d9e8704f9b931b44113778587989
SSDEEP

1536:tcjC81rWVU65I2TDOGf6QePOW63Xj+171rSKkzBzEa:tcjC81rWVU65I2TT6R++1Zub9oa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b7f45f017ee358bc9e6aacc59383302_JaffaCakes118

Files

4b7f45f017ee358bc9e6aacc59383302_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b2385a42b8c06eee277018265b0b55c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTraceEnableFlags
RegEnumValueW
AllocateAndInitializeSid
RegEnumValueA
RegEnumKeyExW
RegOpenKeyExW
LookupAccountSidW
GetSecurityDescriptorLength
LsaClose
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetFileSecurityW
GetUserNameA
MakeSelfRelativeSD
InitializeAcl
EqualSid
RegSetValueExA
RegSetValueA
RegSetValueExW
DeleteService
CloseServiceHandle
GetTraceLoggerHandle
RevertToSelf
GetTokenInformation
SetNamedSecurityInfoW
GetAce
LsaOpenPolicy
CheckTokenMembership
RegEnumKeyA
GetSecurityDescriptorDacl
ChangeServiceConfigW
CryptGetHashParam
OpenProcessToken
FreeSid
QueryServiceConfigW
LookupPrivilegeValueW
RegisterTraceGuidsW
LookupAccountNameW
ConvertSidToStringSidW
CryptHashData
SetSecurityDescriptorGroup
RegOpenKeyExA

user32

CheckRadioButton
GetParent
CharNextA
SetWindowPos
CopyRect
DestroyIcon
RegisterClassA
InflateRect
IsDlgButtonChecked
EnumChildWindows
MessageBeep
ClientToScreen
PostQuitMessage
LoadStringA
GetWindowTextLengthW
CreateDialogParamW
GetForegroundWindow
DialogBoxParamA
CharLowerW
GetMenuItemCount
ReleaseCapture
GetCapture
KillTimer
RegisterClassExW
PostMessageW
SetMenu
CreatePopupMenu
CallNextHookEx
InvalidateRect
UnhookWindowsHookEx
IsWindow
LoadCursorW
GetDlgCtrlID
MsgWaitForMultipleObjects
PeekMessageW
EnableWindow
GetClassNameW
SendDlgItemMessageW
CheckDlgButton
CallWindowProcW
CreateWindowExA
MessageBoxW

msvcrt

_itow
_cexit
_vsnwprintf
_wcsnicmp
_CIpow
iswctype
wcsspn
strtok
towupper
_local_unwind2
wcstoul
rand
_XcptFilter
strlen
mbstowcs
strchr
__getmainargs
__setusermatherr
_c_exit
_wfopen
sprintf
ctime
toupper
strrchr
_strlwr
__p__iob
srand
wcscat
_ltoa
wcschr
_acmdln
__pioinfo
memmove
strstr
fclose
_wtoi
_wcsupr
__p__osver
_iob
_controlfp
isalnum
qsort
towlower
wcslen
printf
fflush
_rotl
bsearch
calloc
atoi
_purecall
atol
_snwprintf
_tell
_lock
exit
__p__commode
_exit
_access
_itoa
_stat
tolower
__initenv
wcstombs
_ftol
_wcslwr
malloc
wcsncat
_chsize
__set_app_type
_CIacos
floor

version

GetFileVersionInfoW
VerFindFileW
GetFileVersionInfoA
VerLanguageNameA
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

LocalAlloc
GetModuleHandleW
GetOEMCP
GetEnvironmentStrings
FindResourceW
GetCurrentProcessId
OpenEventA
GetCommandLineW
lstrcatW
FindClose
GetProcessHeap
GetFileSize
InitializeCriticalSectionAndSpinCount
lstrcpyW
DisableThreadLibraryCalls
GetCPInfo
GetModuleHandleA
PurgeComm
CreateDirectoryA
GetComputerNameW
TlsFree
GetCurrentProcess
VirtualAlloc
CreateFileA
InterlockedIncrement
LoadLibraryExA
ReleaseMutex
GetStringTypeA
GetCurrentThreadId
GlobalLock
ResumeThread
GetVersion
GetTickCount
GetConsoleMode
GetLastError
GetExitCodeThread
OpenMutexA
IsDBCSLeadByte
UnhandledExceptionFilter
SetFileAttributesA
FindNextFileW
GetACP
GetSystemDirectoryW
lstrlenW
SetEndOfFile
SetFilePointer
GetFileType
OpenMutexW
CreateMutexA
GetStdHandle
Sleep
GetWindowsDirectoryW

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BSS
Size: - Virtual size: 18.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 18.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 1024B - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2385a42b8c06eee277018265b0b55c3

Headers

File Characteristics

Imports

advapi32

user32

msvcrt

version

kernel32

Sections

.text Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 18.8MB

.bss Size: - Virtual size: 18.8MB

BSS Size: - Virtual size: 1KB

.bss Size: - Virtual size: 426B

BSS Size: 1024B - Virtual size: 2.4MB

DATA Size: 3.5MB - Virtual size: 3.5MB

.tls Size: - Virtual size: 26KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 18.8MB

.bss
Size: - Virtual size: 18.8MB

BSS
Size: - Virtual size: 1KB

.bss
Size: - Virtual size: 426B

BSS
Size: 1024B - Virtual size: 2.4MB

DATA
Size: 3.5MB - Virtual size: 3.5MB

.tls
Size: - Virtual size: 26KB

.rsrc
Size: 17KB - Virtual size: 16KB