49d5c71cce5d0a9542726fbb6bf2de0e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

49d5c71cce5d0a9542726fbb6bf2de0e_JaffaCakes118
Size

420KB
MD5

49d5c71cce5d0a9542726fbb6bf2de0e
SHA1

b526a5d003dc839151d1f63676ece730662c4b6a
SHA256

baf20701c6a23e518d3f12fcc0420d72998b0f6114e1d50447ed26354e8915b7
SHA512

d3454a68d609f22ca673db9ad9110e4ad1f11a1ee907c364afb9601ed4582fb400089a9bc69cf0aafbb2195a732d12439a1583a1c2480a94bc0eb0bc155c80f7
SSDEEP

12288:Lq8puBeg7OXDy27Y+E0AP76sRyPbCv8QWN:LrcBPv2Dkms49T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49d5c71cce5d0a9542726fbb6bf2de0e_JaffaCakes118

Files

49d5c71cce5d0a9542726fbb6bf2de0e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2b08b5b75f8580b16d8331923f00cfdf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetROP2
RestoreDC
CreateCompatibleDC
UnrealizeObject
GetSystemPaletteUse
SetArcDirection
SelectClipRgn
SetViewportOrgEx
PolylineTo
SetLayout
GetTextCharsetInfo
OffsetWindowOrgEx
GetROP2
GetMetaFileBitsEx
GdiPlayScript
StartDocA
PolyPolyline
GetCharWidthFloatA
CancelDC
SetWindowOrgEx
SetGraphicsMode
GdiGetBatchLimit
SetPixelFormat
GetWindowExtEx
SetSystemPaletteUse
GetTextFaceA
SetMetaRgn
gdiPlaySpoolStream
GetMetaFileW
OffsetViewportOrgEx
ResetDCW
PaintRgn
Arc
PathToRegion
GetKerningPairs
GetNearestPaletteIndex
SetBoundsRect
GetClipRgn
SetDIBColorTable
SetROP2
GetStretchBltMode
StartDocW
GetPixel
SetDIBits
CreateEllipticRgn
GetCharABCWidthsFloatA
SetDIBitsToDevice
StrokePath
CreateMetaFileW
PolyPolygon
SetMapperFlags
Rectangle
PolyTextOutA
SetMiterLimit

user32

GetListBoxInfo
WINNLSGetIMEHotkey
PostMessageW
ScrollDC
IntersectRect
SetClipboardViewer
CharLowerBuffA
IsMenu
IsWindow
ModifyMenuA
UnionRect
SetMenuDefaultItem
SetPropW
TranslateAccelerator
SetDoubleClickTime
ReleaseDC
OemToCharA
ToAsciiEx
WINNLSEnableIME
SetActiveWindow
SendMessageCallbackA
TranslateAcceleratorW
SendMessageW
SetProcessWindowStation
UnregisterClassW
WaitMessage
InvertRect
IsIconic
InternalGetWindowText
ShowScrollBar
TranslateAcceleratorA
RegisterWindowMessageW
IsChild
ShowWindow
ToUnicodeEx
WindowFromPoint
SetScrollInfo
SendIMEMessageExA
ToUnicode
mouse_event
GetCaretPos
WaitForInputIdle
ReuseDDElParam
ShowWindowAsync
TileWindows
TranslateMessage
ValidateRgn
OpenDesktopW
IsRectEmpty
UnpackDDElParam
SwitchToThisWindow
LoadAcceleratorsW
SetRect

advapi32

RegOpenKeyExA
GetKernelObjectSecurity
RegRestoreKeyA
EqualPrefixSid
OpenBackupEventLogA
GetFileSecurityA
RegDeleteKeyW
IsValidSid
SetSecurityDescriptorDacl
TrusteeAccessToObjectA
RegOpenKeyExW
GetNamedSecurityInfoExW
ImpersonateNamedPipeClient
InitializeSid
SetNamedSecurityInfoA
RegGetKeySecurity
RegOpenKeyW
GetTrusteeNameA
SetNamedSecurityInfoExA
GetNamedSecurityInfoA
ObjectDeleteAuditAlarmW
ImpersonateLoggedOnUser
RegSetValueA
GetAuditedPermissionsFromAclA
CreatePrivateObjectSecurity
GetNamedSecurityInfoExA
RegQueryValueW
SetEntriesInAclW
RegLoadKeyA
RegQueryMultipleValuesW
ReportEventW
RegQueryValueA
RevertToSelf
SetNamedSecurityInfoExW
RegCreateKeyExW
SetSecurityDescriptorOwner
ConvertAccessToSecurityDescriptorA
SetEntriesInAccessListA
ReportEventA
MakeAbsoluteSD
TrusteeAccessToObjectW
RegQueryValueExW
QueryServiceLockStatusA
SetPrivateObjectSecurity
GetMultipleTrusteeW
CopySid
ReadEventLogW
GetSidSubAuthority
GetMultipleTrusteeOperationA

msvcrt

_rmdir
wcsncmp
wcsftime
fputws
_wtmpnam
mbstowcs
ungetwc
_ismbcpunct
tmpnam
wctomb
ldiv
_wenviron
ftell
asctime
wcslen
fgetwc
cos
strcmp
vfprintf
vprintf
memchr
fputs
wcsrchr
wprintf
_write
wcstok
sin
wcschr
iswdigit
mbtowc
fgetc
_fpieee_flt
tan
memmove
div
remove
ispunct
realloc
sscanf
wcsstr
iswalnum
wscanf
wcsncpy
fflush
towlower
putc
wcscpy
wcsxfrm
_mbscoll
strchr
setlocale
wcscmp

kernel32

OpenSemaphoreW
GetCommandLineW
PulseEvent
UpdateResourceW
GetCurrentThread
PurgeComm
VirtualLock
lstrlen
SystemTimeToFileTime
GetCurrentThreadId
SetLocaleInfoA
_hwrite
GetTapeParameters
GetFileAttributesW
RemoveDirectoryW
lstrcpynA
SystemTimeToTzSpecificLocalTime
SwitchToFiber
WaitForDebugEvent
VirtualFree
VirtualFree
ResumeThread
GetProfileStringW
lstrcmpi
HeapCompact
GetCurrentProcess
GlobalUnlock
HeapDestroy
InterlockedIncrement
InterlockedExchange
LocalUnlock
GetCurrentProcessId
SetFileTime
GetLastError
lstrcpyW
UnlockFileEx
WaitForMultipleObjectsEx
lstrcmpA
BuildCommDCBA
LocalCompact
SetErrorMode
GlobalAddAtomW
lstrcatW
GetCommConfig
lstrcpynW
GetLocaleInfoA
QueryDosDeviceA
WaitCommEvent
GlobalUnWire
ExitProcess
GetStartupInfoW
VirtualUnlock
OpenThread
LocalLock
_llseek
SetHandleCount
SleepEx
SetLastError
VirtualAlloc
GetBinaryTypeW
GetCommandLineA
RtlUnwind
GetModuleHandleW

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 141KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 151KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b08b5b75f8580b16d8331923f00cfdf

Headers

File Characteristics

Imports

gdi32

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 109KB - Virtual size: 109KB

.rdata Size: 141KB - Virtual size: 1.1MB

.idata Size: 151KB - Virtual size: 154KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 109KB - Virtual size: 109KB

.rdata
Size: 141KB - Virtual size: 1.1MB

.idata
Size: 151KB - Virtual size: 154KB

.rsrc
Size: 4KB - Virtual size: 4KB