4919aa6afdfddcbebe3d41e2817eab37_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4919aa6afdfddcbebe3d41e2817eab37_JaffaCakes118
Size

300KB
MD5

4919aa6afdfddcbebe3d41e2817eab37
SHA1

72158f1c2aad8cad05ff59999286b1e7061c6614
SHA256

e20751115d9ef5c6287f4cd2396ab26fe5550e0c7f5ecea03e3f18ce2c2cf128
SHA512

f0e88bf6e7da8cc8daf9ac178bdcd560fe13b612cb622c26d5ac7fd003dfcfd76f147de725831c55ca9ca07c8c8d48442c8055ec89e38f063df0145776c4f672
SSDEEP

6144:XNacfmdiXZu2ecVT01cZlWhvYVMl6/UQjS6G/NH4:9aDdQ4zS4cXuYeXoS68H4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4919aa6afdfddcbebe3d41e2817eab37_JaffaCakes118

Files

4919aa6afdfddcbebe3d41e2817eab37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

839859e609f6eb5fdb7127f9e5622619

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSettings
SHFormatDrive
SHFileOperationA

rpcrt4

RpcSmAllocate

ole32

CoTaskMemFree
CoTaskMemAlloc

version

VerQueryValueW

user32

CloseDesktop
CloseClipboard
GetMenuCheckMarkDimensions
CloseWindow
GetMonitorInfoA
GetSysColor
CloseWindowStation
GetDC
GetKeyboardLayout
CharNextA
GetKeyboardLayoutList
GetSystemMetrics
ReleaseDC
CharPrevA

kernel32

GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetProcessTimes
GetShortPathNameA
GetStringTypeExW
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTempPathW
GetTickCount
DeleteFileW
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapReAlloc
HeapSize
HeapUnlock
InitializeCriticalSection
FreeLibrary
InterlockedExchange
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
SetFileAttributesW
SetLastError
SetLocalTime
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
WaitForSingleObject
WideCharToMultiByte
WriteFile
DeleteCriticalSection
CreateSemaphoreA
CreateMutexA
CreateFileW
CreateDirectoryW
CloseHandle
FormatMessageW
FindFirstFileW
FindClose
ExpandEnvironmentStringsW
InterlockedCompareExchange
EnterCriticalSection
GetTimeZoneInformation

advapi32

GetTraceLoggerHandle
AddAccessDeniedAce
GetTraceEnableLevel
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid
FreeSid
CopySid
UnregisterTraceGuids
TraceEvent
SetSecurityDescriptorDacl
RegisterTraceGuidsA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyW
RegCreateKeyExW
RegCloseKey
OpenThreadToken
InitializeSecurityDescriptor
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
CheckTokenMembership
AllocateAndInitializeSid
AddAccessAllowedAce

shlwapi

StrChrA
PathFileExistsA
ChrCmpIA
StrCmpNA

gdi32

DeleteObject
DeleteDC
CreateSolidBrush
CreateDCA
GetDeviceCaps

dsound

ord9

Exports

Exports

ABProviderInit
DllMain
HrAddFavs
MSProviderInit
NDBGetFileInfo
NSTServiceEntry
OSTServiceEntry
OTONNotifyNewMail
PSTCrashRecovery
PSTServiceEntry
PSTServiceEntry_Unicode

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

839859e609f6eb5fdb7127f9e5622619

Headers

File Characteristics

Imports

shell32

rpcrt4

ole32

version

user32

kernel32

advapi32

shlwapi

gdi32

dsound

Exports

Exports

Sections

.text Size: 235KB - Virtual size: 235KB

.rdata Size: 35KB - Virtual size: 36KB

.data Size: 14KB - Virtual size: 16KB

.idata Size: 5KB - Virtual size: 8KB

.rsrc Size: 6KB - Virtual size: 8KB

.text
Size: 235KB - Virtual size: 235KB

.rdata
Size: 35KB - Virtual size: 36KB

.data
Size: 14KB - Virtual size: 16KB

.idata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 6KB - Virtual size: 8KB