484482e95ef4f52172a594d571294fc7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

484482e95ef4f52172a594d571294fc7_JaffaCakes118
Size

288KB
MD5

484482e95ef4f52172a594d571294fc7
SHA1

89e9f0dc2a397fc0e712ff6616081f68e3cea391
SHA256

77e6af7851622a7b6b90038e477e1cc5e3858e913687bcb0223fd778c44a6216
SHA512

df80ffa3fa6369dccfbf68c13d42c95c38beda790272d3efb0de568e5634df89555548debde76d61d712afab057707d61b0c17390b5960ca7bf4ad6f379ea0cd
SSDEEP

6144:NU7EJi06euBysdrj2Rrh4Qki2U3YSQZ/X:pJDYBjrj2RrhPYR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
484482e95ef4f52172a594d571294fc7_JaffaCakes118

Files

484482e95ef4f52172a594d571294fc7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6db00246395810c3fcd2d073cc477c2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ossoa\fcedamti\wjllj\vlpaee\e

Imports

user32

SetDlgItemInt
UnregisterClassA
CallWindowProcA
TranslateMessage
SetClipboardViewer
MoveWindow
GetListBoxInfo
RegisterClassA
GetClipboardData
CallNextHookEx
RegisterClassExA
TabbedTextOutW
GetKeyState
BeginPaint
SendMessageTimeoutW
UnhookWindowsHookEx
DestroyIcon
DestroyAcceleratorTable
GetComboBoxInfo
GetMonitorInfoW
NotifyWinEvent
OffsetRect
UnregisterDeviceNotification
GetSysColor
CreatePopupMenu

kernel32

GetProcAddress
RtlUnwind
GetCPInfo
EnumResourceTypesW
DeleteCriticalSection
VirtualProtect
HeapAlloc
CloseHandle
UnhandledExceptionFilter
ReadConsoleOutputA
VirtualAlloc
HeapFree
HeapReAlloc
LoadLibraryA
SetLastError
GetLastError
VirtualFree
GetFileType
HeapCreate
TlsFree
LCMapStringA
RtlMoveMemory
IsBadWritePtr
GetProcessHeap
WideCharToMultiByte
GetStdHandle
WritePrivateProfileStringW
InterlockedExchange
GetCurrentThreadId
InterlockedIncrement
GetTimeZoneInformation
GetStartupInfoA
GetModuleHandleA
MultiByteToWideChar
LeaveCriticalSection
AddAtomA
GetCompressedFileSizeW
TlsAlloc
GetTickCount
OpenMutexA
QueryPerformanceCounter
EnterCriticalSection
InterlockedDecrement
FindResourceExW
GetCurrentProcess
WriteProfileStringA
GetCommandLineW
LCMapStringW
GetProcAddress
SetEnvironmentVariableA
lstrlen
ExitProcess
GetModuleFileNameA
CreateMutexA
HeapDestroy
GetCurrentProcessId
FindFirstFileW
InitializeCriticalSection
TlsGetValue
GetProfileStringA
SetStdHandle
SetHandleCount
GetEnvironmentStringsW
SetFilePointer
GetSystemTime
CompareStringW
FreeEnvironmentStringsA
GetLocalTime
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetFileTime
WriteConsoleOutputA
GetVersion
SetComputerNameW
ReadFile
CompareStringA
GetCommandLineA
FreeEnvironmentStringsW
LocalLock
GetCurrentThread
WriteConsoleInputW
SetConsoleMode
FlushFileBuffers
GetEnvironmentStrings
TerminateProcess
TlsSetValue
VirtualQuery
MoveFileW
GetModuleFileNameW
GetStartupInfoW
WriteFile

comctl32

MakeDragList
ImageList_GetDragImage
ImageList_AddIcon
DestroyPropertySheetPage
InitMUILanguage
ImageList_Remove
ImageList_Write
DrawStatusTextW
CreateStatusWindowA
ImageList_DragShowNolock
ImageList_LoadImage
ImageList_DragLeave
CreateUpDownControl
InitCommonControlsEx
CreatePropertySheetPageA
ImageList_ReplaceIcon
GetEffectiveClientRect
CreatePropertySheetPageW
ImageList_Duplicate
ImageList_Draw
CreateStatusWindow
ImageList_GetImageCount
ImageList_Read
ImageList_SetDragCursorImage
ImageList_GetIcon
CreateToolbar

advapi32

CryptContextAddRef
RegEnumValueW
RegQueryValueA
CreateServiceW
RegEnumValueA
RegSetValueExA
CryptSetProviderExA
CryptSetProvParam
CryptGenRandom
ReportEventW
RegSetValueExW
CryptGetUserKey
CryptVerifySignatureW
CryptExportKey
RegEnumKeyA
RegRestoreKeyW
RegConnectRegistryW
CryptSetProviderW
CryptEncrypt
InitializeSecurityDescriptor
CryptGenKey

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6db00246395810c3fcd2d073cc477c2b

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

advapi32

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 88KB - Virtual size: 109KB

.rsrc Size: 40KB - Virtual size: 39KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 88KB - Virtual size: 109KB

.rsrc
Size: 40KB - Virtual size: 39KB