484650946d8491ff895a63f3083df680_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

484650946d8491ff895a63f3083df680_JaffaCakes118
Size

500KB
MD5

484650946d8491ff895a63f3083df680
SHA1

d06e695fef042ffacb18945bb07da2f1c88b3e81
SHA256

9721205c64a2ff27d698b236a36c98e729e45749834229ed8be90660d3586522
SHA512

e14b858e70e1afc0b8c1924314132444886801c71f6b902ec7b6091482b8cf1d327b8b7035b2038f0bbff62732f32624ccc1c1f6072e4dc356317ebca4031011
SSDEEP

12288:WHviZ8eFx7TCIPuU8ZGlQurBXi0jLLH6WHB36:yvC8yxKi8wWuE8DfK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
484650946d8491ff895a63f3083df680_JaffaCakes118

Files

484650946d8491ff895a63f3083df680_JaffaCakes118
.exe windows:4 windows x86 arch:x86

74013ae3ad1b824f4bae2eacd09bb428

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

m:\ptzdwabki\vsuekxe\kwefq.pdb

Imports

kernel32

InterlockedExchange
GetCompressedFileSizeA
GetCurrentProcessId
TlsAlloc
SetTimeZoneInformation
GetSystemDirectoryW
GetFileAttributesA
GetStdHandle
GetStringTypeA
OpenMutexA
UnhandledExceptionFilter
CompareStringW
AddAtomW
WaitNamedPipeW
GlobalFindAtomW
TlsSetValue
GetPrivateProfileIntA
OpenFileMappingW
lstrcmpW
ExitProcess
OpenFile
GetModuleFileNameW
VirtualFree
HeapCreate
DeleteCriticalSection
GetEnvironmentStringsW
SetCurrentDirectoryW
LeaveCriticalSection
LocalFlags
GetVersion
CreateMutexA
HeapReAlloc
GetLocalTime
GetTempPathW
GetTimeFormatA
GetLocaleInfoA
GetPrivateProfileStructA
GlobalGetAtomNameW
InterlockedDecrement
GetProfileStringA
FormatMessageW
VirtualLock
SetEnvironmentVariableA
GetCPInfo
GlobalCompact
GetACP
SetConsoleTitleW
GetVolumeInformationA
InitializeCriticalSection
GetFileType
SetLastError
WritePrivateProfileStringW
VirtualQuery
GetEnvironmentStrings
GetFileSize
GetSystemTimeAsFileTime
GetLogicalDriveStringsW
FoldStringW
MoveFileExW
IsBadWritePtr
TlsFree
FindFirstFileW
GetStringTypeW
QueryPerformanceCounter
VirtualAlloc
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetOEMCP
TlsGetValue
ReadFile
GetLastError
LCMapStringA
GetVersionExW
GetWindowsDirectoryA
WaitCommEvent
GetProcAddress
WriteFile
SetFilePointer
GetCurrentThreadId
GetThreadPriority
GetTickCount
GetSystemInfo
FlushFileBuffers
GetModuleHandleA
SetCurrentDirectoryA
SetHandleCount
FreeEnvironmentStringsW
MultiByteToWideChar
GetDateFormatW
GetCommandLineA
CloseHandle
FileTimeToDosDateTime
CreateDirectoryExW
HeapAlloc
LoadLibraryA
ReadConsoleInputA
TerminateProcess
FreeEnvironmentStringsA
OpenFileMappingA
GetStringTypeExW
MoveFileExA
RtlUnwind
InterlockedIncrement
EnterCriticalSection
GetStartupInfoA
WriteConsoleOutputCharacterW
GetCurrentThread
GetModuleFileNameA
SetStdHandle
GetCurrentProcess
WideCharToMultiByte
LockResource
lstrcatW
LCMapStringW
HeapDestroy
HeapFree
HeapSize
GetSystemTime

comctl32

DrawInsert
ImageList_SetFilter
ImageList_Draw
ImageList_SetIconSize
ImageList_GetImageRect
DrawStatusTextA
CreatePropertySheetPageA
CreateStatusWindow
CreatePropertySheetPage
ImageList_DragMove
ImageList_DragEnter
ImageList_Write
CreateUpDownControl
ImageList_SetDragCursorImage
InitCommonControlsEx

advapi32

CryptGenRandom
RegEnumKeyExW
CryptDeriveKey
RegQueryMultipleValuesW
CryptReleaseContext
RegQueryMultipleValuesA
RegNotifyChangeKeyValue
RegQueryValueExW

wininet

UnlockUrlCacheEntryFileA
DetectAutoProxyUrl
HttpAddRequestHeadersA

user32

LockWindowUpdate
CharNextExA
GetNextDlgTabItem
GetOpenClipboardWindow
ExcludeUpdateRgn
RegisterClassExA
ExitWindowsEx
GetTabbedTextExtentW
DestroyWindow
UnhookWindowsHookEx
MessageBoxA
CreateIconFromResource
SetDlgItemTextW
ShowWindow
LoadBitmapA
DefWindowProcA
ChangeMenuA
SwitchToThisWindow
GetUserObjectInformationW
CreateWindowExA
ReuseDDElParam
wvsprintfW
RegisterClassA
CascadeWindows

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74013ae3ad1b824f4bae2eacd09bb428

Headers

File Characteristics

PDB Paths

Imports

kernel32

comctl32

advapi32

wininet

user32

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 252KB - Virtual size: 250KB

.data Size: 104KB - Virtual size: 129KB

.rsrc Size: 68KB - Virtual size: 66KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 252KB - Virtual size: 250KB

.data
Size: 104KB - Virtual size: 129KB

.rsrc
Size: 68KB - Virtual size: 66KB