4c50a23f63a6fd5388b5bb3e49a5ae60_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c50a23f63a6fd5388b5bb3e49a5ae60_JaffaCakes118
Size

140KB
MD5

4c50a23f63a6fd5388b5bb3e49a5ae60
SHA1

4abf53d5e1c0ed8ca7034ffbff7db9a569d3efa0
SHA256

4006f8a42eb0f0ff27f451237eff8c36e2135066734e542ddd3ad048745ddbab
SHA512

80d01e4513960c8c0b9f4f41788271b1d50a755577da78f08ca320658ba4d8305c1357bbbb6ed65dc1038926dea90b90dabc1f5b51da496edc444e2b62284e73
SSDEEP

3072:uCDcf+njRK2nh/nxeV7o2PjtkDstlIDK:u2j8Yh/ArP2DelI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c50a23f63a6fd5388b5bb3e49a5ae60_JaffaCakes118

Files

4c50a23f63a6fd5388b5bb3e49a5ae60_JaffaCakes118
.exe windows:4 windows x86 arch:x86

25bb495f520d9c0faa30a11b9dbb77ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dlaapi_w

TfsGetConfigString
DLAOperationStatus
TfsPnpDevice
TfsCancelCallback
TfsGetDriveStatus2
TfsInitInstance
TfsInitCallbacks1
TfsTermInstance
TfsGetFileSystemStatus
TfsGetIniFileName
TfsGetDriveClientFolder
DLAOperationStart
DLAOperationFree
TfsGetUserNotificationCode
TfsCallOnUserNotification
TfsGetDriveCaps
TfsCommand
TfsProcessEjectRequestNotify

dlacresw

GetResourceHandle

kernel32

GetCurrentProcess
IsBadCodePtr
SetSystemPowerState
IsBadReadPtr
lstrlenA
lstrcpyA
lstrcmpiA
GlobalUnlock
GlobalLock
InterlockedIncrement
InterlockedDecrement
CreateThread
SetEvent
WaitForMultipleObjects
GetPrivateProfileStringA
WriteFile
ReadFile
GetTempFileNameA
GetTempPathA
LocalAlloc
UnmapViewOfFile
lstrcatA
GetProfileStringA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
HeapReAlloc
HeapSize
VirtualAlloc
SetFilePointer
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
SetEndOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
MultiByteToWideChar
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
FormatMessageA
LocalFree
FreeLibrary
GetVersionExA
CreateMutexA
LoadLibraryA
GetProcAddress
WritePrivateProfileStringA
GetTickCount
GetPrivateProfileIntA
DeviceIoControl
SetErrorMode
CreateFileA
lstrcpynA
GetDriveTypeA
GetVolumeInformationA
CreateEventA
WaitForSingleObject
CloseHandle
GetLastError
GetFileSize

user32

EnableMenuItem
GetSystemMenu
GetWindowLongA
GetDesktopWindow
SetWindowLongA
EnableWindow
IsWindow
TranslateMessage
GetWindowRect
ScreenToClient
GetParent
MoveWindow
GetClientRect
IsZoomed
IsIconic
FillRect
InvalidateRect
CheckDlgButton
SetDlgItemTextA
GetDlgItemTextA
SetFocus
ExitWindowsEx
MessageBoxA
LoadStringA
RegisterClipboardFormatA
GetActiveWindow
CreateDialogParamA
SetWindowTextA
SetWindowPos
SetForegroundWindow
SetActiveWindow
GetMessageA
PeekMessageA
IsDialogMessageA
DispatchMessageA
LoadCursorA
SetCursor
ShowWindow
EndDialog
SetTimer
CharUpperA
KillTimer
PostQuitMessage
SendMessageA
DefWindowProcA
FindWindowA
RegisterClassA
CreateWindowExA
DestroyWindow
PostMessageA
wsprintfA
GetDlgItem
GetWindowTextA
IsDlgButtonChecked
BroadcastSystemMessage
DialogBoxParamA

gdi32

StretchBlt
DeleteObject
CreateCompatibleDC
SelectObject
SetBkColor
CreateBitmap
SetTextColor
DeleteDC

advapi32

AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
RegEnumValueA
RegDeleteValueA
RegNotifyChangeKeyValue
RegCreateKeyA
RegOpenKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
LookupPrivilegeValueA

shell32

DragQueryFileA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoRevokeClassObject
CoGetMalloc
CoCreateInstance
ReleaseStgMedium
CoRegisterClassObject

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

25bb495f520d9c0faa30a11b9dbb77ed

Headers

File Characteristics

Imports

dlaapi_w

dlacresw

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 24KB

.rsrc Size: 48KB - Virtual size: 48KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 24KB

.rsrc
Size: 48KB - Virtual size: 48KB