5a1e6583963ee2d8fdafc2f7fa99da21_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5a1e6583963ee2d8fdafc2f7fa99da21_JaffaCakes118
Size

347KB
MD5

5a1e6583963ee2d8fdafc2f7fa99da21
SHA1

6eb1081f3be37c437b2203c727996ec494422270
SHA256

ca93b701b51d7888a735e10cd7595d400501edff3afa0afc9168c2dce23d89f6
SHA512

249205522ac94d337c35572ad09b2c72773d1049f0f6eebc5772283bf480cd3f87a677ff8e497712c022cd558cbf4df395144828f2343e0d3a6c36c47cc95c9c
SSDEEP

6144:dfmf8jRR0U/G3c0LNmC0KAVvuLoHoQkfROXS+bmn3aM70nE6aB:ofiFG3esAluLgoQAl+OaM7AE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a1e6583963ee2d8fdafc2f7fa99da21_JaffaCakes118

Files

5a1e6583963ee2d8fdafc2f7fa99da21_JaffaCakes118
.exe windows:6 windows x86 arch:x86

3c173053b30660f62a7338a8260f0a5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

InputPersonalization.pdb

Imports

kernel32

SystemTimeToFileTime
GetStringTypeW
WaitNamedPipeW
ReadFile
GetOverlappedResult
CancelIo
GetTempPathW
GetTempFileNameW
MoveFileExW
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandle
UnmapViewOfFile
CompareFileTime
GetFileAttributesW
LockResource
GetSystemTime
FindClose
RegDeleteKeyExW
CreateFileW
WriteFile
SetFileAttributesW
RegEnumValueW
SetThreadPriority
DeleteFileW
RegGetValueW
WaitForMultipleObjects
RegQueryValueExW
InitializeCriticalSectionAndSpinCount
SetLastError
RegNotifyChangeKeyValue
FlushInstructionCache
LoadLibraryA
CreateDirectoryW
FindNextFileW
LCMapStringW
FormatMessageA
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
SetEvent
GetCurrentThreadId
HeapSetInformation
SetPriorityClass
GetCommandLineW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
CreateEventW
CreateThread
Sleep
ReleaseMutex
GetModuleFileNameW
WaitForSingleObject
GetCurrentThread
GetCurrentProcess
CloseHandle
CreateMutexW
ExpandEnvironmentStringsW
FreeLibrary
GetVersionExW
lstrcmpiW
GetModuleHandleW
GetProcAddress
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
FindFirstFileW
lstrlenW

user32

DestroyWindow
DefWindowProcW
RegisterClassExW
GetWindowLongW
CallWindowProcW
DispatchMessageW
UnregisterPowerSettingNotification
CharNextW
CreateWindowExW
GetKeyboardLayoutList
PeekMessageW
MsgWaitForMultipleObjects
OffsetRect
PostQuitMessage
RegisterPowerSettingNotification
SendMessageW
LoadCursorW
PostMessageW
GetClassInfoExW
CharUpperW
SetWindowLongW
UnregisterClassA
TranslateMessage
IsRectEmpty
GetMessageW
PostThreadMessageW
GetSystemMetrics

msvcrt

_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
_resetstkoflw
__CxxFrameHandler3
memset
calloc
_wcsicmp
_amsg_exit
wcscat_s
wcsncpy_s
wcscpy_s
memmove_s
_CxxThrowException
memcpy_s
free
malloc
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
realloc
_errno
?terminate@@YAXXZ
_purecall
__setusermatherr
_unlock
strcspn
sprintf_s
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
setlocale
islower
abort
__uncaught_exception
__dllonexit
_lock
_onexit
_controlfp
_except_handler4_common
swprintf_s
memcpy
_vsnwprintf
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_itow
wcstol
wcstoul
??0exception@@QAE@XZ
_wtoi
_i64tow_s
_itow_s
_ui64tow_s
_wcstoi64
wcschr
_ftol2
_wtoi64
wcspbrk
_wcsnicmp
fclose
fread
_wstat64
_wfopen
wcsrchr
iswspace
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
localeconv
memchr

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSize
GetProcessHeap
HeapAlloc
HeapDestroy
HeapReAlloc
HeapFree

api-ms-win-core-interlocked-l1-1-0

InterlockedExchange

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleA

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetStartupInfoW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExA

imm32

ImmDisableIME
ImmDisableTextFrameService

ole32

CoCreateInstance
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoTaskMemFree
CoRegisterClassObject
CLSIDFromString
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoUninitialize
StringFromCLSID
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SafeArrayCreateVector
SafeArrayDestroy
VarBstrCat
VarBstrFromI8
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
VariantInit
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

shlwapi

PathAppendW
PathAddBackslashW
PathStripPathW
SHCreateStreamOnFileW

rpcrt4

UuidHash
UuidCreateSequential

xmllite

CreateXmlReader

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c173053b30660f62a7338a8260f0a5e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

imm32

ole32

oleaut32

shlwapi

rpcrt4

xmllite

api-ms-win-core-memory-l1-1-0

Sections

.text Size: 217KB - Virtual size: 216KB

.data Size: 63KB - Virtual size: 64KB

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 217KB - Virtual size: 216KB

.data
Size: 63KB - Virtual size: 64KB

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 9KB - Virtual size: 8KB