4c1fa07b0cca1dd2c1be938699c117f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c1fa07b0cca1dd2c1be938699c117f1_JaffaCakes118
Size

540KB
MD5

4c1fa07b0cca1dd2c1be938699c117f1
SHA1

da3fd8610fa24899924a1ea31d8e432f5f5d131c
SHA256

c7381db0ded6478a943cc4a0ae540c6826026fcfa8b49adcac71280c79cdca24
SHA512

96f92ed0e440fed680f375862d615ec1e307a07c57bcd8a0c6369386cf729a35ab9ec18c98e8b845b109b2f22e3508cf2ab093ae66de426da9c69a154fd70983
SSDEEP

12288:4OTIM3xrcKQ0raUNeMwdWJDl6IS0Zk9CUpZC93k2kp0FbESve0tIGwcOF:4OTIM3xrOa1ls0Zk8dxkF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c1fa07b0cca1dd2c1be938699c117f1_JaffaCakes118

Files

4c1fa07b0cca1dd2c1be938699c117f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ba945f40f2f73a66c4479aa9575cfc4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\oeqaagbqde\eesechixt.pdb

Imports

shell32

RealShellExecuteA
SHGetPathFromIDListW
SHGetDataFromIDListA
DoEnvironmentSubstA

kernel32

GetStartupInfoA
InterlockedDecrement
lstrcpyA
CreateNamedPipeA
EnterCriticalSection
GetCurrentProcess
GetConsoleTitleW
WriteConsoleInputW
CreateProcessA
TlsGetValue
GetCurrentProcessId
GetCPInfo
WriteFileEx
EnumDateFormatsW
GetACP
GetFileType
WritePrivateProfileStringW
SetThreadIdealProcessor
GetOEMCP
GetTempFileNameA
GetDiskFreeSpaceExW
GlobalFlags
FormatMessageA
WriteFile
GetProcAddress
VirtualAllocEx
InterlockedExchange
GetStringTypeW
MapViewOfFileEx
SetLastError
ReadConsoleOutputAttribute
SetVolumeLabelW
FoldStringW
GetStdHandle
GetLocalTime
lstrcatW
TerminateThread
GetCurrentThreadId
GetDiskFreeSpaceW
GetModuleHandleA
GetTimeZoneInformation
FileTimeToDosDateTime
GetSystemTimeAsFileTime
GetStringTypeA
GetTickCount
HeapAlloc
VirtualFree
MultiByteToWideChar
QueryPerformanceCounter
HeapLock
GlobalUnfix
FileTimeToLocalFileTime
RtlUnwind
ExitProcess
WideCharToMultiByte
HeapCreate
CreateSemaphoreA
HeapReAlloc
LeaveCriticalSection
ReadFile
GetFileTime
SetEnvironmentVariableA
GlobalAlloc
DebugActiveProcess
InterlockedCompareExchange
HeapDestroy
OpenMutexA
UnlockFile
LoadLibraryA
ResetEvent
CreateWaitableTimerA
OpenWaitableTimerW
FreeLibraryAndExitThread
GetEnvironmentStringsW
lstrlenW
WriteConsoleInputA
TlsFree
UnhandledExceptionFilter
GetEnvironmentStrings
GetLastError
ReadConsoleOutputCharacterA
GlobalCompact
LCMapStringA
DuplicateHandle
SetFilePointer
ConnectNamedPipe
GetDateFormatA
TlsAlloc
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
SetHandleCount
SetStdHandle
lstrcmpA
SuspendThread
WaitForDebugEvent
UnlockFileEx
LCMapStringW
VirtualFreeEx
ExitThread
GetCurrentThread
GetNamedPipeHandleStateW
IsBadWritePtr
TerminateProcess
VirtualAlloc
FreeEnvironmentStringsA
GetAtomNameA
LoadLibraryExA
GetThreadSelectorEntry
CloseHandle
GetVersion
CreateToolhelp32Snapshot
VirtualQuery
GetModuleFileNameA
GetSystemTime
CompareStringW
TlsSetValue
InitializeCriticalSection
LocalCompact
CompareStringA
GetExitCodeThread
CreateMutexA
ReadFileEx
FlushFileBuffers
GlobalAddAtomA
InterlockedIncrement
GetCommandLineA
lstrlenA
HeapFree
GetMailslotInfo
WriteProfileSectionW
DeleteCriticalSection
ResumeThread

comctl32

InitMUILanguage
CreatePropertySheetPageW
ImageList_SetImageCount
ImageList_GetIcon
ImageList_DrawEx
InitCommonControlsEx
ImageList_LoadImageA
ImageList_GetBkColor
ImageList_Duplicate
ImageList_SetDragCursorImage
ImageList_Remove
CreateStatusWindowW
ImageList_SetBkColor
ImageList_Add
ImageList_GetIconSize
ImageList_SetFilter
ImageList_DragLeave
ImageList_GetFlags
ImageList_Draw
DrawStatusTextW

wininet

InternetAlgIdToStringW

user32

VkKeyScanA
VkKeyScanExA
GetKeyboardState
EnumClipboardFormats
InSendMessageEx
CallMsgFilterW
DefWindowProcW
GetClipboardOwner
DdeConnect
ShowCaret
CharPrevW
GetClipCursor
GetMenuBarInfo
ShowWindow
LockWindowUpdate
InvalidateRect
SystemParametersInfoW
DragDetect
SendMessageTimeoutW
RegisterClassExA
GetClassNameA
CloseWindow
GetProcessWindowStation
SetWindowPlacement
DefFrameProcW
DeleteMenu
CharLowerW
DestroyWindow
LoadStringA
OemToCharA
DefMDIChildProcA
RegisterClipboardFormatA
InflateRect
WINNLSGetEnableStatus
CreateCursor
SendInput
SetWindowTextW
SetUserObjectInformationW
SwapMouseButton
TranslateMDISysAccel
SetWindowsHookExA
SetWindowPos
TranslateAcceleratorW
EmptyClipboard
GetMenuItemInfoW
EndDialog
WINNLSEnableIME
GetScrollPos
MessageBoxW
OemToCharBuffA
RegisterClassA
GetUserObjectSecurity
DrawEdge
ArrangeIconicWindows
MapVirtualKeyExW
PostQuitMessage
DestroyMenu
CreateWindowExA
ValidateRgn
FindWindowExA

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba945f40f2f73a66c4479aa9575cfc4f

Headers

File Characteristics

PDB Paths

Imports

shell32

kernel32

comctl32

wininet

user32

Sections

.text Size: 140KB - Virtual size: 138KB

.rdata Size: 256KB - Virtual size: 252KB

.data Size: 116KB - Virtual size: 118KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 140KB - Virtual size: 138KB

.rdata
Size: 256KB - Virtual size: 252KB

.data
Size: 116KB - Virtual size: 118KB

.rsrc
Size: 24KB - Virtual size: 23KB