48d7b473d776f8d091aba91487e62971_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48d7b473d776f8d091aba91487e62971_JaffaCakes118
Size

500KB
MD5

48d7b473d776f8d091aba91487e62971
SHA1

61c7804b0aaa83823414fac7042686741b2c32bd
SHA256

d6cd69bd77196374d2ad5543acbe151d73d3250614abadd55ed9fa7275703b47
SHA512

207e7d0be808c96501a17174f43cb3cb94e156efa6675425e53aeb5bbd98578bb9b53b37e66999213b219954f321858ea4d248d427093de2d1e424c032fa9cf7
SSDEEP

12288:5pTRoJisYH8PVCKhavJVW+yqrrh2v4C6XS0/s8P5Resa:3TRoJis7VNEvJV5hJf/sG5Resa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48d7b473d776f8d091aba91487e62971_JaffaCakes118

Files

48d7b473d776f8d091aba91487e62971_JaffaCakes118
.exe windows:4 windows x86 arch:x86

873dfdf199fa6d0f27d8037f0698885c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\cwebeaob\lfzy\

Imports

kernel32

GetCurrentProcessId
GetCalendarInfoA
TlsFree
LCMapStringW
GetStringTypeW
CreateProcessW
QueryPerformanceCounter
SetConsoleScreenBufferSize
GetProcAddress
InterlockedDecrement
UnhandledExceptionFilter
DeleteCriticalSection
VirtualFree
GetLongPathNameA
GetStringTypeA
GetSystemTimeAsFileTime
LCMapStringA
FreeEnvironmentStringsW
GetExitCodeThread
HeapCreate
SetFileAttributesA
MultiByteToWideChar
lstrcatW
GetTickCount
EnumCalendarInfoExW
GetDiskFreeSpaceW
GetEnvironmentStringsW
FindAtomA
GetComputerNameW
LoadLibraryExW
GetVersionExA
OpenMutexA
DeleteFileW
GetCommandLineA
HeapAlloc
GlobalHandle
GetEnvironmentStrings
IsBadWritePtr
GetLocalTime
LeaveCriticalSection
HeapFree
EnumResourceNamesW
InterlockedExchange
GetSystemTime
ReadFile
GetCurrentThread
ConvertDefaultLocale
ReadConsoleOutputCharacterA
GetLocaleInfoW
GetACP
GetTimeZoneInformation
HeapReAlloc
FindFirstFileW
GetModuleHandleA
WideCharToMultiByte
GetFileType
LocalFree
ExitProcess
CloseHandle
SetLastError
EnterCriticalSection
SetEnvironmentVariableA
GetOEMCP
FindResourceA
TlsAlloc
SetStdHandle
FreeEnvironmentStringsA
VirtualAlloc
GetCurrentThreadId
RtlUnwind
GetShortPathNameW
GetThreadPriority
GetStartupInfoA
GetPrivateProfileSectionNamesA
GetCPInfo
WriteFile
GetPrivateProfileIntA
InitializeCriticalSection
LoadLibraryA
TlsSetValue
CreateDirectoryExA
GetStdHandle
HeapDestroy
GetModuleFileNameA
GetCurrentProcess
SetFilePointer
FindNextFileA
TerminateProcess
VirtualQuery
GetLastError
InterlockedIncrement
SetHandleCount
FlushFileBuffers
CompareStringA
TlsGetValue
ConnectNamedPipe
CompareStringW
CreateMutexA
WritePrivateProfileStructW
WritePrivateProfileStringW
GetFullPathNameA
GetVersion
ReadConsoleOutputCharacterW

comctl32

ImageList_Merge
ImageList_GetImageRect
CreateToolbar
CreateStatusWindowW
ImageList_DragEnter
DestroyPropertySheetPage
ImageList_GetFlags
ImageList_SetIconSize
ImageList_Write
ImageList_Draw
ImageList_LoadImage
ImageList_Destroy
DrawInsert
CreateStatusWindowA
InitCommonControlsEx
DrawStatusTextA
ImageList_DragShowNolock
ImageList_GetImageInfo
ImageList_SetBkColor
_TrackMouseEvent

user32

DdeConnect
SetWindowsHookExW
GetDCEx
InsertMenuItemA
DdeReconnect
DefMDIChildProcW
SetClassLongA
TileWindows
SetProcessWindowStation
BroadcastSystemMessage
RegisterDeviceNotificationW
GetClipCursor
EndMenu
ChangeDisplaySettingsExW
UnregisterHotKey
MonitorFromWindow
GetClassInfoExW
GetClassLongW
MonitorFromPoint
DlgDirSelectComboBoxExA
CreateCaret
OpenIcon
ChangeMenuW
GetGUIThreadInfo
GetWindowModuleFileNameA
TranslateMDISysAccel
GetClipboardOwner
EnumDesktopsA
DdePostAdvise
GetTitleBarInfo
RegisterClassA
EnableMenuItem
CloseDesktop
GetProcessDefaultLayout
GetWindowTextLengthW
CreateWindowExA
CallMsgFilter
SendNotifyMessageA
ToUnicode
BroadcastSystemMessageW
CascadeChildWindows
IsDialogMessageA
DrawMenuBar
BeginPaint
DefWindowProcA
RegisterClassExA
SetShellWindow
CloseWindow
SetCaretPos
GetParent
ShowWindow
DestroyWindow
OpenWindowStationA
MessageBeep
UnpackDDElParam
MessageBoxA
GetDlgItem
GetMenuStringA
SetWindowPlacement
ExitWindowsEx
MessageBoxIndirectA

advapi32

RegDeleteValueW
RegQueryValueW
RegQueryValueA
StartServiceA
InitializeSecurityDescriptor
RegQueryMultipleValuesW
LookupPrivilegeValueA
LookupAccountNameA
RegOpenKeyW
RegSetValueExA
CryptVerifySignatureA
RegSetValueExW
GetUserNameW
CryptAcquireContextA
CryptGetDefaultProviderA
CryptSignHashW

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

873dfdf199fa6d0f27d8037f0698885c

Headers

File Characteristics

PDB Paths

Imports

kernel32

comctl32

user32

advapi32

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 256KB - Virtual size: 252KB

.data Size: 104KB - Virtual size: 130KB

.rsrc Size: 60KB - Virtual size: 56KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 256KB - Virtual size: 252KB

.data
Size: 104KB - Virtual size: 130KB

.rsrc
Size: 60KB - Virtual size: 56KB