4916af064bdfdca4f8c43bc66f4a7379_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4916af064bdfdca4f8c43bc66f4a7379_JaffaCakes118
Size

377KB
MD5

4916af064bdfdca4f8c43bc66f4a7379
SHA1

e956868f9ac77c9b28721e7b75b31a61ca09a42e
SHA256

e486cc9fca890344e702dd18ebe29238fb8d06f6910fb5c01f02df231aa15d77
SHA512

ecfbda14112bd992896afbf12988aac72d58a8991ccb9e790030dcb7c7c26695f4728f6c78db8e2df55c927e2da660887fd616f6d939f5b3485ac2b49580a786
SSDEEP

6144:ESIm1t3gLf8relAqF+sqbzi52xTJiPzvwcH+1G8YyGp5dWKL4JHou8y5pxdEtouv:Ei1t3gr86lA5koTJurwXG6Gl4+y9dIqY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4916af064bdfdca4f8c43bc66f4a7379_JaffaCakes118

Files

4916af064bdfdca4f8c43bc66f4a7379_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d2a1e99f40045c0c7b70b16eea4604a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jueo\nhl\emxte\eth.pdb

Imports

user32

DestroyWindow
LoadIconA
DrawTextA
DdeInitializeW
MessageBoxA
IsIconic
ValidateRgn
SetRect
SendMessageTimeoutA
InSendMessage
CharPrevW
SendNotifyMessageA
IsCharLowerW
CreateWindowStationA
BlockInput
DefDlgProcA
EnumPropsExA
IsCharAlphaNumericA
GetDesktopWindow
TranslateAccelerator
GetPropW
CreateWindowExW
EnumDesktopsW
EnumThreadWindows
GetWindowDC
VkKeyScanExW
ScreenToClient
RegisterClassA
InflateRect
MsgWaitForMultipleObjectsEx
DdeQueryConvInfo
DdeInitializeA
MessageBoxExA
GetMonitorInfoW
IsWindowVisible
TileChildWindows
DrawTextExW
CallMsgFilterW
DefWindowProcA
DdeFreeDataHandle
ShowWindow
CreateDialogIndirectParamA
GetClassInfoA
CheckRadioButton
RegisterClassExA
CreateCursor
RegisterDeviceNotificationA
IsChild
DrawTextExA
SetPropW
TrackPopupMenuEx
SetTimer
DdeCreateDataHandle
CharNextExA
EndMenu
GetMenu
MessageBoxW
CopyRect
ToUnicode
GetKeyState
GetKeyboardLayout
BeginPaint

advapi32

DuplicateToken
CreateServiceA
RegReplaceKeyA
RegCreateKeyA
CryptDestroyKey
CryptGetHashParam
RegLoadKeyW
RegSetValueW
RegOpenKeyA
StartServiceW
CryptSetKeyParam
RegCreateKeyExW
CryptCreateHash
RegQueryValueA
LookupAccountSidW
LookupPrivilegeNameA
CryptReleaseContext
CryptGetUserKey
ReportEventA
CryptVerifySignatureA
LookupAccountSidA
CryptImportKey
InitializeSecurityDescriptor
LookupPrivilegeNameW
AbortSystemShutdownA

kernel32

GetProcAddress
HeapFree
GetDiskFreeSpaceA
MultiByteToWideChar
TlsSetValue
GetFileAttributesA
ExitProcess
GetDateFormatA
RemoveDirectoryW
GetTimeZoneInformation
SetConsoleCtrlHandler
GetDiskFreeSpaceW
GetTickCount
DebugBreak
GetStartupInfoW
FreeEnvironmentStringsW
VirtualQuery
CloseHandle
HeapReAlloc
WriteProfileStringA
GetLocaleInfoA
TerminateThread
IsValidCodePage
GetVersionExA
HeapAlloc
TlsFree
FileTimeToSystemTime
GetFileType
GetSystemTimeAdjustment
GetCurrentThreadId
GetCPInfo
VirtualUnlock
GetSystemInfo
GetStringTypeA
Sleep
GetModuleFileNameA
SetEvent
LeaveCriticalSection
GetEnvironmentStringsA
InterlockedDecrement
ContinueDebugEvent
OpenMutexA
GetSystemTimeAsFileTime
CreateMutexA
GetLocaleInfoW
GetStringTypeW
CompareStringW
ReadConsoleOutputA
GetTimeFormatA
CreateToolhelp32Snapshot
HeapCreate
GetCommandLineA
RtlUnwind
VirtualFree
IsBadReadPtr
EnterCriticalSection
GetModuleFileNameW
TerminateProcess
ReadFile
OpenSemaphoreA
FreeEnvironmentStringsA
GetOEMCP
EnumResourceLanguagesA
DeleteCriticalSection
GetCurrentThread
LCMapStringW
GetModuleHandleA
FileTimeToLocalFileTime
InterlockedIncrement
LCMapStringA
GetCurrentProcess
HeapSize
SetFilePointer
GetStdHandle
IsValidLocale
SetHandleCount
CompareStringA
IsBadWritePtr
lstrcatA
HeapValidate
lstrlen
GetLastError
InitializeCriticalSection
TlsAlloc
LocalAlloc
VirtualProtect
MapViewOfFile
lstrcmpi
VirtualAlloc
UnhandledExceptionFilter
GetACP
HeapDestroy
SetStdHandle
GetUserDefaultLCID
OutputDebugStringA
WideCharToMultiByte
WriteConsoleOutputW
GetStartupInfoA
EnumSystemLocalesA
TlsGetValue
GetProcAddress
InterlockedExchange
LocalReAlloc
LoadLibraryA
GetEnvironmentStringsW
GetCommandLineW
GetEnvironmentStrings
WriteFile
WritePrivateProfileStringW
SetEnvironmentVariableA
GetCurrentProcessId
FlushFileBuffers
SetLastError
QueryPerformanceCounter

comctl32

CreateToolbarEx
ImageList_Add
ImageList_LoadImageW
ImageList_SetFlags
ImageList_SetOverlayImage
ImageList_DrawEx
CreatePropertySheetPage
ImageList_Copy
ImageList_DragShowNolock
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Merge
InitCommonControlsEx
ImageList_GetIcon
DestroyPropertySheetPage

shell32

SHQueryRecycleBinA
FindExecutableA
ShellExecuteExA
SHAppBarMessage
ExtractIconExW

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d2a1e99f40045c0c7b70b16eea4604a

Headers

File Characteristics

PDB Paths

Imports

user32

advapi32

kernel32

comctl32

shell32

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 97KB - Virtual size: 118KB

.rsrc Size: 27KB - Virtual size: 26KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 97KB - Virtual size: 118KB

.rsrc
Size: 27KB - Virtual size: 26KB