4a29b1231d23c2b2c864eab66520df80_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a29b1231d23c2b2c864eab66520df80_JaffaCakes118
Size

356KB
MD5

4a29b1231d23c2b2c864eab66520df80
SHA1

4ae9b7ad157702c33648c044558e38812686d38f
SHA256

b8979ac9e71de3a3e5809e80b164075721f262401a9b68a5ea0cc936ae790cd8
SHA512

53554f0c4e72be46e5764d181264fd7c89d190938519cce39dd60840d300627a2dd90b8bf7d138d0f65325e16cc22de0f4eae16f09952033acdc389a81b24e27
SSDEEP

6144:qEuP7+bLe6RsDrGQy6GuC+Ybi17yHRJBb992S5:qEi7+vkrGQbc+Y217yHRJBj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a29b1231d23c2b2c864eab66520df80_JaffaCakes118

Files

4a29b1231d23c2b2c864eab66520df80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

116183e2f86003012e2bfd0e4052faa6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\okt\tue\qblrevae

Imports

advapi32

RegSetKeySecurity
LookupAccountNameW
CryptSetProviderA
LogonUserA
CryptEnumProviderTypesW
CryptHashData
RegLoadKeyW
RegOpenKeyW
RegFlushKey

comdlg32

ChooseFontW
PrintDlgW
FindTextA

comctl32

ImageList_SetDragCursorImage
ImageList_BeginDrag
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_LoadImage
ImageList_Read
ImageList_SetIconSize
ImageList_GetIcon
CreateToolbarEx
ImageList_Write
CreateStatusWindowA
ImageList_Remove
ImageList_DragLeave

shell32

ExtractAssociatedIconExW

gdi32

GetTextExtentExPointA
GetColorAdjustment
Polygon
CreatePenIndirect
GetDeviceCaps
GetClipBox
GetBitmapDimensionEx
PolyPolyline
GetBrushOrgEx
FillPath
SetGraphicsMode
DeleteColorSpace
GetPath
GetPolyFillMode
GetWindowOrgEx
GetMetaFileA
ResizePalette
PolyPolygon
ExtTextOutA
GetICMProfileA
FrameRgn
GetFontData

kernel32

ReadConsoleOutputCharacterA
GetStartupInfoA
HeapAlloc
VirtualProtect
GetLongPathNameW
InterlockedExchange
TerminateProcess
OpenMutexA
GetLocaleInfoW
TlsFree
VirtualLock
SetComputerNameW
WriteProfileSectionW
UnhandledExceptionFilter
lstrcmpiW
IsValidLocale
FlushViewOfFile
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetPrivateProfileSectionNamesW
TlsGetValue
GetACP
HeapSize
GetCurrentThread
EnumCalendarInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
LCMapStringA
GetPrivateProfileStructA
ExitProcess
CompareStringA
LCMapStringW
GlobalAlloc
WideCharToMultiByte
OpenEventA
TryEnterCriticalSection
ResumeThread
IsBadWritePtr
GetTimeZoneInformation
IsValidCodePage
GetCurrentProcess
ReadFile
VirtualAllocEx
InterlockedDecrement
MultiByteToWideChar
lstrcpynW
GetCommandLineW
VirtualAlloc
FreeEnvironmentStringsA
GetCurrentProcessId
RemoveDirectoryW
GetThreadLocale
GetSystemTimeAdjustment
InterlockedCompareExchange
GetNumberFormatW
GetDiskFreeSpaceExW
WaitForSingleObjectEx
GetProcAddress
GetWindowsDirectoryW
GetStdHandle
GetLastError
CreateThread
WriteConsoleInputA
OpenMutexW
GetFileAttributesW
CompareFileTime
EnterCriticalSection
GetStringTypeW
GetStringTypeExW
GetCurrentThreadId
GetTempPathA
ReadConsoleW
HeapCreate
TlsAlloc
GetTickCount
WriteConsoleW
SetFilePointer
SetStdHandle
QueryPerformanceCounter
WriteFile
TlsSetValue
CloseHandle
GetSystemInfo
CreatePipe
GlobalUnfix
SetLocaleInfoA
GetStringTypeA
GetVersionExA
HeapReAlloc
lstrlenW
LoadLibraryA
SetLastError
CreateMutexA
LoadLibraryW
GetFileType
LeaveCriticalSection
GetModuleFileNameW
EnumDateFormatsW
lstrcpy
GetModuleHandleA
HeapFree
GetUserDefaultLCID
GetStartupInfoW
GetEnvironmentStrings
SetEnvironmentVariableA
GetLocaleInfoA
GetTimeFormatA
GlobalGetAtomNameA
GetCPInfo
VirtualFree
CompareStringW
VirtualQuery
GetOEMCP
DeleteCriticalSection
SetThreadLocale
LockFileEx
GetProfileIntW
SetEvent
InitializeCriticalSection
FlushFileBuffers
WriteConsoleA
RtlUnwind
SetHandleCount
GetLogicalDrives
GetCommandLineA
GetEnvironmentStringsW
HeapDestroy
LocalShrink
GetDateFormatA

user32

CreateDialogParamA
DrawFrame
CharPrevA
SetClassLongW
GetPriorityClipboardFormat
EnableScrollBar
GetUpdateRgn
DispatchMessageA
GetClassLongW
SetFocus
RegisterClassA
GetKeyboardLayout
OemKeyScan
GetClassInfoA
RegisterClassExA
GetMenuStringW
ChangeClipboardChain
DdeGetData
CreateWindowExW

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

116183e2f86003012e2bfd0e4052faa6

Headers

File Characteristics

PDB Paths

Imports

advapi32

comdlg32

comctl32

shell32

gdi32

kernel32

user32

Sections

.text Size: 156KB - Virtual size: 153KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 92KB - Virtual size: 100KB

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 156KB - Virtual size: 153KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 92KB - Virtual size: 100KB

.rsrc
Size: 28KB - Virtual size: 25KB