4be8ed86e17763d30115400b9bfdb325_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4be8ed86e17763d30115400b9bfdb325_JaffaCakes118
Size

298KB
MD5

4be8ed86e17763d30115400b9bfdb325
SHA1

e838fb964812f7185a0d4d11373f63cc55b98e05
SHA256

70888da1e4742ba9c39375af1a929736f519e4b7d85ffe5595404f067dcea399
SHA512

da69abf8d9412a1b6c8367c5e6e7fe9fe7edf86439996c9f6cf049d6f0d9a239ab6ea95e305d9ef5c95a70240ee2af2945d992c2a2a4ab12cf8955cbdcb71ceb
SSDEEP

6144:yRHUlXZmcUtyKNVwWJcsf3r1qfw9EYjOUt6f8H0p1SpaFqed:ZmcUtHbcsPpCw+LUkqA1D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4be8ed86e17763d30115400b9bfdb325_JaffaCakes118

Files

4be8ed86e17763d30115400b9bfdb325_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cb782db7e26f7a19608da0ddd7b22cc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_time64
_localtime64
iswctype
wcsncpy
memset
memcpy
_wtol
wcsncmp
_except_handler3

kernel32

ExpandEnvironmentStringsA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
ExitProcess
CreateFileA
lstrcmpA
lstrlenA
WaitForSingleObject
WriteFile
OpenProcess
lstrcatA
GetLastError
GetProcAddress
GetTempFileNameA
GetModuleHandleA
GetCurrentThreadId
CloseHandle
GetTempPathA
lstrcpyA
GetThreadContext
FreeLibrary
VirtualFree
VirtualQueryEx
GlobalAlloc
CreateProcessA
TerminateProcess
VirtualAlloc
GlobalFree
LoadLibraryA
ResumeThread
GetCommandLineW
LocalUnlock
FindFirstFileW
GetLocaleInfoW
lstrcpynW
MulDiv
CreateFileW
CompareStringW
lstrcmpW
lstrlenW
LocalLock
FindClose
LocalAlloc
FoldStringW
lstrcatW
LocalFree
lstrcpyW
GetDateFormatW
GetUserDefaultLCID
GetTimeFormatW
GetLocalTime
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
GetUserDefaultLangID
WideCharToMultiByte
FormatMessageW
LocalReAlloc
GetACP
MultiByteToWideChar
SetLastError
CreateFileMappingW
DeleteFileW
GetFileInformationByHandle
lstrcmpiW
LocalSize
GlobalLock
GlobalUnlock
GetCPInfo
IsDBCSLeadByte

user32

LoadStringW
DrawTextExW
GetWindowTextW
PeekMessageW
GetWindowThreadProcessId
FindWindowA
IsWindowVisible
EqualRect
SetThreadDesktop
GetCursorPos
InflateRect
CloseDesktop
wsprintfA
OpenInputDesktop
GetFocus
GetThreadDesktop
ClientToScreen
DispatchMessageW
MoveWindow
CheckMenuItem
DefWindowProcW
WinHelpW
SetWindowTextW
GetDlgCtrlID
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
MessageBoxW
OpenClipboard
GetDesktopWindow
SendDlgItemMessageW
EndDialog
GetMenuState
EnableMenuItem
ReleaseDC
InvalidateRect
GetKeyboardLayout
LoadIconW
IsDialogMessageW
GetMenu
GetForegroundWindow
ChildWindowFromPoint
TranslateMessage
GetDC
wsprintfW
SetFocus
MessageBeep
IsClipboardFormatAvailable
DialogBoxParamW
GetSubMenu
PostMessageW
IsIconic
CharNextW
PostQuitMessage
GetMessageW
SetActiveWindow
ScreenToClient
TranslateAcceleratorW
CloseClipboard
SetCursor
DestroyWindow
GetWindowLongW
UpdateWindow
SetScrollPos
CreateWindowExW
ShowWindow
CreateDialogParamW
SetWindowLongW
CharUpperW
GetWindowPlacement
RegisterClassExW
LoadAcceleratorsW
GetClientRect
LoadCursorW
LoadImageW
RegisterWindowMessageW
GetSystemMenu
SetWindowPlacement
CharLowerW
EnableWindow

shell32

DragAcceptFiles
ShellAboutW
DragQueryFileW
ShellExecuteA
DragFinish

shlwapi

SHGetValueA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyW
RegQueryValueExW
RegCloseKey
RegSetValueExW
IsTextUnicode
CreateProcessAsUserA

gdi32

StartPage
DeleteDC
SetAbortProc
CreateDCW
SetWindowExtEx
SetMapMode
StartDocW
LPtoDP
TextOutW
EndDoc
EnumFontsW
SelectObject
GetObjectW
GetTextFaceW
GetStockObject
CreateFontIndirectW
GetDeviceCaps
DeleteObject
GetBkMode
GetBkColor
GetTextMetricsW
GetTextExtentPoint32W
EndPage
SetViewportExtEx
SetBkMode

comdlg32

ReplaceTextW
GetOpenFileNameW
PageSetupDlgW
ChooseFontW
PrintDlgExW
CommDlgExtendedError
GetFileTitleW
FindTextW
GetSaveFileNameW

winspool.drv

ClosePrinter
GetPrinterDriverW
OpenPrinterW

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb782db7e26f7a19608da0ddd7b22cc7

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

shell32

shlwapi

advapi32

gdi32

comdlg32

winspool.drv

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 228KB - Virtual size: 234KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 228KB - Virtual size: 234KB

.rsrc
Size: 18KB - Virtual size: 17KB