5d127287917fadcd12108c0e48b5e3d6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d127287917fadcd12108c0e48b5e3d6_JaffaCakes118
Size

190KB
MD5

5d127287917fadcd12108c0e48b5e3d6
SHA1

c9026450681c2316b3a13085f7c77b516b191eef
SHA256

373cc254f40961dfaa4ff964eafa36037b7620a3e730bcc564b5aeb03c531331
SHA512

9462e153c26c8a920aab1216ad959fd1ba4350d3a4c92b6cbe3e007c8f3daa54741a29c1a1ef4dba05bf0c96423991f4f4c5599657f000eaf336da6a1e4c6ab3
SSDEEP

3072:CVpFp8a/ggSGVVF45iG5h4sMDCtZvUpL6NMkF3icckZTye1d77PX23XfQpV+rDKE:Gii5MMDCtTNMq3is51hPX20V+6Ju

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d127287917fadcd12108c0e48b5e3d6_JaffaCakes118

Files

5d127287917fadcd12108c0e48b5e3d6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

197f72510bf35d87a078680b6034aab2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
lstrlenA
SetLastError
EnterCriticalSection
GetCurrentThreadId
HeapAlloc
GetProcessHeap
FlushInstructionCache
GetCurrentProcess
LocalFree
HeapFree
MulDiv
LeaveCriticalSection
GlobalFree
GlobalHandle
GetVersionExA
FreeLibrary
TerminateProcess
GetCommandLineW
GlobalAlloc
InterlockedIncrement
SetEvent
InterlockedDecrement
IsValidLocale
GetUserDefaultLCID
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapSize
HeapReAlloc
HeapDestroy
GlobalLock
GlobalUnlock
LoadResource
InterlockedExchange
LockResource
SizeofResource
WriteFile
CloseHandle
GetTempPathA
GetTempFileNameA
CreateThread
WaitForSingleObject
ExitProcess
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetThreadLocale
GetLocaleInfoA
GetACP
Sleep

user32

DestroyAcceleratorTable
DestroyWindow
GetWindow
MapDialogRect
SetWindowContextHelpId
SetWindowPos
EndDialog
GetSysColor
IsChild
GetFocus
SetFocus
EndPaint
FillRect
GetClientRect
BeginPaint
IsWindow
RedrawWindow
GetDesktopWindow
ReleaseDC
GetDC
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
GetDlgItem
GetSystemMetrics
TranslateMessage
ShowWindow
MoveWindow
PostQuitMessage
GetWindowPlacement
GetParent

gdi32

GetStockObject
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

advapi32

RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey

ole32

CoRevokeClassObject
CoRegisterClassObject
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysStringLen
VariantInit
LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
VarBstrCat
VarBstrCmp
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayCopy
SafeArrayCreate
SafeArrayDestroy
SysAllocStringByteLen
VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
VariantClear
SysAllocString
SysFreeString
SysStringByteLen
SafeArrayRedim

shlwapi

PathFindExtensionW
PathFileExistsW

msvcr71

__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
__security_error_handler
strcpy
malloc
wcsncpy
_wcsicmp
iswspace
wcscmp
_wcslwr
localtime
_purecall
realloc
memcmp
??2@YAPAXI@Z
memmove
memcpy
_CxxThrowException
wcsrchr
wcschr
wcsspn
wcscspn
wcslen
_wtol
??_U@YAPAXI@Z
sscanf
time
__CxxFrameHandler
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
??_V@YAXPAX@Z
memset
_except_handler3
free
??3@YAXPAX@Z

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

197f72510bf35d87a078680b6034aab2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

msvcr71

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 40KB - Virtual size: 40KB