4b06a18c107f5998bf9f464dd4ea4d8a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b06a18c107f5998bf9f464dd4ea4d8a_JaffaCakes118
Size

296KB
MD5

4b06a18c107f5998bf9f464dd4ea4d8a
SHA1

83879999800a262bf26db018e8bc036042640363
SHA256

046f8e0abf8240317cf7a7f2b07c09d847233267a96a7723b084cec53c56c4aa
SHA512

f7686ad5a00097324ee3ff00cd388d872e9800b45c3437be677873cc139a7032dca3a4fa7e01263933f6af8c37fa73276c2d9a1a5a620712ef48bc7ca6f6d4a3
SSDEEP

6144:+zHKNSe98Duv6Jaj0yzcfjGdX8XikhhDQrr65DVm3kOAgTME+QnpmHHP9Z/fT:SKNSDuyJaoyOjGdX8XikhhDQrr65DVm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b06a18c107f5998bf9f464dd4ea4d8a_JaffaCakes118

Files

4b06a18c107f5998bf9f464dd4ea4d8a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

997493c9a4d18d804db0d049a1d7ef3d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
GetUserNameA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetNamedSecurityInfoW
RegCreateKeyExA
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegQueryValueExW

kernel32

FreeLibrary
SetErrorMode
GetTempPathW
GetTickCount
IsBadReadPtr
SetLastError
lstrcpyW
LoadLibraryExW
LoadLibraryExA
GetStartupInfoA
GetLogicalDriveStringsW
GetLogicalDriveStringsA
GetDriveTypeW
GetDriveTypeA
GetComputerNameA
GetTempPathA
lstrcpynW
GetModuleHandleW
GetModuleHandleA
GetFileAttributesW
LocalAlloc
LocalFree
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
CreateFileW
CreateFileA
CreateEventW
lstrlenW
GetVersionExA
CreateEventA
CreateThread
GlobalSize
WideCharToMultiByte
GetWindowsDirectoryA
GetCurrentProcessId
GetLocalTime
QueryPerformanceCounter
GlobalMemoryStatus
GetSystemInfo
GetSystemTime
CloseHandle
SetFileAttributesA
CopyFileExW
GetACP
GetShortPathNameA
LoadLibraryW
GetDiskFreeSpaceA
GetWindowsDirectoryW
GetFileAttributesA
GetFileSize
SetFileAttributesW
FindClose
GetLastError
WaitForSingleObject
InterlockedDecrement
MultiByteToWideChar
LoadLibraryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
EnterCriticalSection
InterlockedIncrement
DeviceIoControl
ResetEvent
LeaveCriticalSection
SetThreadPriority
InitializeCriticalSection
DeleteCriticalSection
GetThreadLocale
GetProcAddress
GetCurrentThreadId
SetEvent

wmvcore

WMCreateEditor
WMCreateReaderPriv

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoCreateGuid
CoUninitialize
StringFromGUID2
OleSaveToStream
GetHGlobalFromStream
OleLoadFromStream
CLSIDFromString
CoTaskMemFree

oleaut32

SysAllocStringByteLen
VariantClear
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
GetErrorInfo
VariantCopy
SysAllocStringLen
SystemTimeToVariantTime
SysFreeString
VariantInit

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHGetFolderPathW
SHGetFileInfoA

winmm

mmioAscend
mmioOpenW
mmioOpenA
mmioSeek
mmioDescend
mmioRead
mmioClose

wininet

RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW

avifil32

AVIStreamRelease
AVIFileInit
AVIFileRelease
AVIStreamSampleToTime
AVIFileInfoW
AVIFileGetStream
AVIFileOpenA
AVIFileOpenW
AVIFileInfoA
AVIStreamLength
AVIStreamInfoA
AVIStreamInfoW
AVIStreamReadFormat
AVIFileExit

msvcrt

wcscoll
_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
vswprintf
wcsspn
wcscspn
memcpy
strcpy
strcat
strlen
memset
memcmp
wcsncat
_wtol
iswalpha
_beginthreadex
memmove
towlower
_wcslwr
towupper
_wcsupr
_ui64tow
wcsncmp
_wcsnicmp
wcscmp
wcsrchr
_wcsicmp
strstr
wcscat
wcschr
wcsncpy
wcsstr
_wsplitpath
_wmakepath
wcslen
??2@YAPAXI@Z
wcscpy
??3@YAXPAX@Z
_vsnwprintf
wcspbrk
_ltow
wcstol
_wcsicoll

user32

wvsprintfW
SetWindowLongW
SetWindowLongA
DefWindowProcW
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
FindWindowExW
FindWindowExA
SendMessageA
RegisterWindowMessageW
UnregisterClassW
UnregisterClassA
RegisterClassW
RegisterClassA
PostQuitMessage
GetCursor
SetCursor
RegisterWindowMessageA
CreateWindowExA
CreateWindowExW
DefWindowProcA
DispatchMessageA
DispatchMessageW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
LoadCursorA
LoadCursorW
LoadStringA
LoadStringW

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

997493c9a4d18d804db0d049a1d7ef3d

Headers

File Characteristics

Imports

advapi32

kernel32

wmvcore

ole32

oleaut32

shell32

winmm

wininet

avifil32

msvcrt

user32

Sections

.text Size: 204KB - Virtual size: 201KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 24KB - Virtual size: 26KB

.rsrc Size: 12KB - Virtual size: 32KB

.text
Size: 204KB - Virtual size: 201KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 24KB - Virtual size: 26KB

.rsrc
Size: 12KB - Virtual size: 32KB