4a3db1977b5517e2a15d7a4abe947b4a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a3db1977b5517e2a15d7a4abe947b4a_JaffaCakes118
Size

708KB
MD5

4a3db1977b5517e2a15d7a4abe947b4a
SHA1

324260aaac854349946044be1ac2c0cd1477f560
SHA256

3d7aab83e21a1a5e2b3e76616535c89dce4b3bdaaca44834d18d48c16f856d46
SHA512

bcb351580925a6ffcb074645c416852e2189d6c65d601452b62e0b524356db93ddf88d2d347c565c5db5184c3ef2bbd7bc9191b50e329606c105503003e4e2f7
SSDEEP

12288:DOzB8bkdhRRY1GU8+Wf5ItN30jhAs7hwgqk3KODppE8P8rwTvo4xVk80uEU+h:C95vYwdVes7h1tlD0frubkFuze

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a3db1977b5517e2a15d7a4abe947b4a_JaffaCakes118

Files

4a3db1977b5517e2a15d7a4abe947b4a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7954a4c63a864a97d2430a1674c817d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\eqqvdpes.pdb

Imports

comdlg32

GetOpenFileNameA
ReplaceTextA
PageSetupDlgA
ReplaceTextW

user32

SetThreadDesktop
SetWindowContextHelpId
OpenIcon
RegisterClassExA
NotifyWinEvent
RegisterClassA
DeleteMenu
GetWindowTextLengthW
TabbedTextOutW
CreateMenu
IsWindowVisible
GetMenu
WINNLSEnableIME
SendIMEMessageExA
SendIMEMessageExW
GetMessagePos
CopyRect
GetKeyboardLayoutNameW
GetKeyNameTextA
GetWindow
wsprintfW
UnloadKeyboardLayout
ChangeDisplaySettingsW
KillTimer
MonitorFromPoint
TrackMouseEvent
GetTitleBarInfo
CreateCaret
ShowScrollBar
SetScrollRange
EqualRect
ShowOwnedPopups

advapi32

CryptContextAddRef
CryptSetProviderW
AbortSystemShutdownA
LookupAccountSidA
CryptGetDefaultProviderW
CryptGetProvParam
ReportEventW
CryptDeriveKey
LookupPrivilegeNameW
RegSetValueA
LookupPrivilegeNameA
StartServiceA
RegEnumKeyA
CryptHashData
RegRestoreKeyW
CryptDecrypt
GetUserNameA
ReportEventA
InitializeSecurityDescriptor
RegQueryInfoKeyA
RegCreateKeyExW
LookupSecurityDescriptorPartsA
CryptGenRandom

gdi32

FixBrushOrgEx
GetDeviceGammaRamp
GetTextFaceA
GetRegionData
StartPage
SetWindowExtEx
GetMiterLimit
GetTextMetricsW
StrokeAndFillPath
SetTextColor
GetTextExtentPointA
GetGlyphOutlineA
SetWindowOrgEx
SetDIBColorTable

comctl32

ImageList_ReplaceIcon
ImageList_DrawIndirect
DrawStatusTextA
CreateToolbar
CreateToolbarEx
DrawStatusTextW
ImageList_DragMove
ImageList_Create
InitCommonControlsEx
ImageList_Duplicate
ImageList_SetImageCount
ImageList_GetDragImage
ImageList_LoadImage
ImageList_SetBkColor
ImageList_GetIcon
ImageList_Replace
ImageList_AddMasked

kernel32

InterlockedExchange
TlsGetValue
SetSystemTime
HeapCreate
VirtualQuery
SetUnhandledExceptionFilter
VirtualAlloc
GetCommandLineW
GetLocaleInfoA
GetCurrentThread
GetModuleFileNameW
UnhandledExceptionFilter
GetLastError
ReadFile
VirtualFree
HeapDestroy
IsValidCodePage
MultiByteToWideChar
GetOEMCP
HeapSize
GetStartupInfoA
GetEnvironmentStrings
VirtualProtect
TerminateProcess
GetCurrentProcess
GetProcAddress
DeleteCriticalSection
GetACP
FreeEnvironmentStringsA
SetFilePointer
EnterCriticalSection
TlsSetValue
GetSystemInfo
HeapAlloc
GetStartupInfoW
InitializeCriticalSection
RtlUnwind
LoadLibraryA
CompareStringA
GetSystemTimeAsFileTime
LCMapStringA
GetCPInfo
TlsFree
EnumSystemLocalesA
GetLocaleInfoW
IsBadWritePtr
GetUserDefaultLCID
GetTimeFormatA
HeapFree
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetStringTypeA
LeaveCriticalSection
GetVersionExA
LCMapStringW
GetEnvironmentStringsW
CompareStringW
GetTimeZoneInformation
GetFileType
SetHandleCount
SetStdHandle
GetStringTypeW
OpenMutexA
IsValidLocale
CreateMutexA
WriteFile
GetDateFormatA
GetCurrentProcessId
GetModuleFileNameA
HeapReAlloc
GetStdHandle
QueryPerformanceCounter
SetLastError
WideCharToMultiByte
ExitProcess
GetCommandLineA
GetCurrentThreadId
GetTickCount
GetModuleHandleA
TlsAlloc
CloseHandle
FlushFileBuffers

shell32

SHBrowseForFolder
SHFormatDrive

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 452KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7954a4c63a864a97d2430a1674c817d5

Headers

File Characteristics

PDB Paths

Imports

comdlg32

user32

advapi32

gdi32

comctl32

kernel32

shell32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 452KB - Virtual size: 450KB

.data Size: 136KB - Virtual size: 149KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 452KB - Virtual size: 450KB

.data
Size: 136KB - Virtual size: 149KB

.rsrc
Size: 24KB - Virtual size: 23KB