5e50cf11724ded81ad97cfc8c86de163_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5e50cf11724ded81ad97cfc8c86de163_JaffaCakes118
Size

292KB
MD5

5e50cf11724ded81ad97cfc8c86de163
SHA1

45a8a16ecd807bc7b133c8d1f24fe6e01b4a6ae7
SHA256

3a92ab1890ff14107bce03f4c803c9d2588a6656ebd3beef52e918ab5ad57118
SHA512

f7e1dce0b490d03deccad315be09c6f312d4b13b54610004c00baeb017efa7a7edce4203eac44573518b6c337c6969ee6c1ad24c68420d037de8c3c9c21f6e97
SSDEEP

6144:+U8olritKpGmgXIaik9gvrmQyfMcIZnpYAHIe+cg/fp:bEKGLXIJkwrmHrIZpYAHnk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e50cf11724ded81ad97cfc8c86de163_JaffaCakes118

Files

5e50cf11724ded81ad97cfc8c86de163_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f0da0faf15dcfa0e3c263855412fc86c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetNamedSecurityInfoW
RegSetValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCreateKeyExA
GetUserNameA

kernel32

GetShortPathNameA
GetDiskFreeSpaceA
GetWindowsDirectoryW
SetFileAttributesW
SetFileAttributesA
IsBadReadPtr
SetLastError
lstrcpyW
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
GetComputerNameA
GetTempPathW
GetTempPathA
GetDriveTypeA
GetDriveTypeW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetStartupInfoA
lstrcpynW
GetModuleHandleW
GetModuleHandleA
GetFileAttributesW
LocalAlloc
LocalFree
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
CreateFileW
CreateFileA
CreateEventW
lstrlenW
GetVersionExA
CreateEventA
CreateThread
GlobalSize
WideCharToMultiByte
GetWindowsDirectoryA
GetFileAttributesA
LoadLibraryA
GetACP
MultiByteToWideChar
ResetEvent
DeviceIoControl
SetEvent
GetSystemInfo
GlobalMemoryStatus
QueryPerformanceCounter
GetLocalTime
GetTickCount
GetCurrentProcessId
FreeLibrary
SetErrorMode
FindClose
GetLastError
GetSystemTime
CloseHandle
CopyFileExW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileSize
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
LeaveCriticalSection
SetThreadPriority
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetThreadLocale
GetProcAddress
GetCurrentThreadId

wmvcore

WMCreateEditor
WMCreateReaderPriv

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString
OleLoadFromStream
GetHGlobalFromStream
OleSaveToStream
StringFromGUID2

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
VariantClear
SafeArrayUnaccessData
SysAllocStringByteLen
GetErrorInfo
VariantCopy
SysAllocStringLen
SystemTimeToVariantTime
SysFreeString
SysAllocString
VariantInit
SafeArrayAccessData

shell32

SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHGetFileInfoA

winmm

mmioOpenW
mmioOpenA
mmioRead
mmioAscend
mmioSeek
mmioDescend
mmioClose

wininet

RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryFileA

avifil32

AVIStreamLength
AVIStreamInfoW
AVIStreamInfoA
AVIFileInfoW
AVIFileInfoA
AVIFileExit
AVIFileRelease
AVIFileInit
AVIStreamRelease
AVIStreamSampleToTime
AVIStreamReadFormat
AVIFileGetStream
AVIFileOpenA
AVIFileOpenW

msvcrt

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
vswprintf
wcsspn
wcscspn
memcpy
strcpy
strcat
strlen
memset
memcmp
wcsncat
_wtol
iswalpha
_beginthreadex
memmove
towlower
_wcslwr
towupper
_wcsupr
_ui64tow
wcsncmp
_wcsnicmp
wcscmp
wcsrchr
_wcsicmp
strstr
wcscat
wcschr
wcsncpy
wcsstr
_wsplitpath
_wmakepath
wcslen
??2@YAPAXI@Z
wcscpy
??3@YAXPAX@Z
wcspbrk
_vsnwprintf
wcscoll
_wcsicoll
wcstol
_ltow

user32

wvsprintfW
SetWindowLongW
SetWindowLongA
FindWindowExW
SendMessageA
RegisterWindowMessageW
UnregisterClassW
UnregisterClassA
RegisterClassW
RegisterClassA
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
FindWindowExA
PostQuitMessage
GetCursor
SetCursor
RegisterWindowMessageA
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DispatchMessageA
DispatchMessageW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
LoadCursorA
LoadCursorW
LoadStringA
LoadStringW

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f0da0faf15dcfa0e3c263855412fc86c

Headers

File Characteristics

Imports

advapi32

kernel32

wmvcore

ole32

oleaut32

shell32

winmm

wininet

avifil32

msvcrt

user32

Sections

.text Size: 204KB - Virtual size: 201KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 24KB - Virtual size: 26KB

.rsrc Size: 16KB - Virtual size: 28KB

.text
Size: 204KB - Virtual size: 201KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 24KB - Virtual size: 26KB

.rsrc
Size: 16KB - Virtual size: 28KB