5ee6098294f98bbe11f37a4dc5859d19_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ee6098294f98bbe11f37a4dc5859d19_JaffaCakes118
Size

237KB
MD5

5ee6098294f98bbe11f37a4dc5859d19
SHA1

d2af671b61ce6b6e9aaa01e19aba80b82890c218
SHA256

81ece9b2c4dfe8a858681b659feaa8577afc4e3f77a6b7bd243c484658309741
SHA512

b1dc177002e545cd30c3d0b0e36d26b5c79d1a96f062b8071efb53df7dc55d371967a535c65b958a47fcaf814dee68e8a252adc3b7829c1ff5743fc609b01a45
SSDEEP

3072:DJms0MV8IZ+maOpwwmDnsdChTncJl8YQOpuKsILVsLBOzR/emBsO:r0MVSOpasdeTul5uxB2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ee6098294f98bbe11f37a4dc5859d19_JaffaCakes118

Files

5ee6098294f98bbe11f37a4dc5859d19_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0424c5aae8aee85040c01aa4da001745

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\bld\main\drivers\ide\bus2.5\raidapps\nvraid\objfre\i386\NvRaidMan.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA

kernel32

GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
InterlockedIncrement
InterlockedDecrement
GetLastError
FreeLibrary
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
GetProcAddress
WaitForSingleObject
SetEvent
CreateThread
CreateEventA
FlushInstructionCache
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
LoadLibraryA
lstrcatA
lstrcpyA
lstrlenA
lstrcmpiA
lstrlenW
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
DeviceIoControl
CreateFileA
TerminateProcess
WriteFile
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FlushFileBuffers
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualProtect
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
HeapSize
GetCPInfo
GetOEMCP
FreeEnvironmentStringsW
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
SetLastError
TlsFree
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetModuleHandleA

gdi32

CreateRoundRectRgn
GetClipBox
GetStockObject
UnrealizeObject
SetBrushOrgEx
PatBlt
SetBkMode
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
CreatePatternBrush
GetObjectA
CreateFontIndirectA
SetBkColor
ExtTextOutA
BitBlt
SelectObject
DeleteDC
DeleteObject

user32

GetSysColor
DrawIconEx
SetCapture
GetCapture
ReleaseCapture
GetCursorPos
GetClassNameA
SetRectEmpty
GetFocus
TrackMouseEvent
DrawFocusRect
FindWindowA
SetForegroundWindow
DestroyIcon
CharNextA
RegisterClassExA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
LoadCursorA
GetClassInfoExA
GetWindow
SystemParametersInfoA
MapWindowPoints
CreateDialogParamA
GetWindowDC
ReleaseDC
GetDC
GetSystemMetrics
PostQuitMessage
SetWindowRgn
EnableWindow
SetWindowPos
IsIconic
InflateRect
FillRect
PtInRect
DestroyWindow
GetWindowRect
GetWindowTextLengthA
GetWindowTextA
DrawTextA
OffsetRect
LoadBitmapA
GetClientRect
CopyRect
ScreenToClient
ClientToScreen
CallWindowProcA
GetWindowLongA
EndPaint
BeginPaint
DefWindowProcA
GetParent
LoadIconA
IsWindow
CharUpperA
wsprintfA
SendMessageA
UnregisterClassA
IsDialogMessageA
GetDlgItem
SetFocus
RedrawWindow
InvalidateRect
SetWindowTextA
CreateWindowExA
SetWindowLongA
DestroyMenu
AppendMenuA
SetRect
SetCursor
CreatePopupMenu
TrackPopupMenu
ShowWindow

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket

oleaut32

VarUI4FromStr
SysFreeString
SysAllocStringLen
SysStringLen
VariantInit
SysAllocString
SafeArrayGetElement

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_LoadImageA
ImageList_Draw
InitCommonControlsEx
ImageList_Create

shell32

SHAppBarMessage

msimg32

TransparentBlt
GradientFill

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0424c5aae8aee85040c01aa4da001745

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

ole32

oleaut32

comctl32

shell32

msimg32

Sections

.text Size: 79KB - Virtual size: 79KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 152KB - Virtual size: 152KB

.text
Size: 79KB - Virtual size: 79KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 152KB - Virtual size: 152KB