5f7b19797245bb73f78eda9ebc977483_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f7b19797245bb73f78eda9ebc977483_JaffaCakes118
Size

756KB
MD5

5f7b19797245bb73f78eda9ebc977483
SHA1

80e27343c41f882dea0bf7d40f144ec9f0420131
SHA256

960aba9dca72a42732be910c69991a98e3e537370849fd03a65f989cacc5d0f9
SHA512

04a6f83eedfadcecf6190c50bb29e8fc40a7791a1a7c1ac5de0c3c9f1fbe5eed5d65b8771cd79b20a0806dfc4750cdb6b4b41405bb9de129d20ec1ccd179e694
SSDEEP

12288:psKsPt5C6sCs/h1jMI5HDn7or6ltcgP+0ZXZVeC/PJoIFXoWS8Eo10N95MfVnwSb:pwPwCUhhb5HDn7oYtcZIVT/D1I92fKy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f7b19797245bb73f78eda9ebc977483_JaffaCakes118

Files

5f7b19797245bb73f78eda9ebc977483_JaffaCakes118
.exe windows:4 windows x86 arch:x86

47be789e30d011e8f1ef1dbfea27c86d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\b

Imports

advapi32

OpenThreadToken
RegCloseKey
CopySid
DeleteService
RegDeleteValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
RegCreateKeyExA
ReportEventA
SetSecurityDescriptorDacl
RegSetValueExA
RegCreateKeyA
CloseServiceHandle
CreateServiceA
GetTokenInformation
OpenServiceA
OpenProcessToken
RegisterEventSourceA
RegQueryValueExA

comctl32

DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Draw
ImageList_Add
ImageList_BeginDrag
ImageList_DrawEx
ImageList_LoadImageA
ImageList_GetImageCount
ImageList_GetImageInfo
ord17
ImageList_Destroy
CreatePropertySheetPageA

shlwapi

PathParseIconLocationA
PathRemoveArgsA
PathIsUNCA
PathIsRelativeA
PathFindFileNameA
PathMakePrettyA
PathRelativePathToA
PathCanonicalizeA

gdi32

GetNearestPaletteIndex
CreatePatternBrush
SetViewportOrgEx
SetTextColor
PaintRgn
PolyBezier
RestoreDC
GetGlyphOutlineA
SetStretchBltMode
GetRgnBox
SaveDC
SetBkColor
FrameRgn
CreateFontIndirectW
CreatePolygonRgn
CreateCompatibleDC
GetDIBits
RectVisible
SetViewportExtEx
MaskBlt
StrokePath
GetClipRgn
EndPage
StartPage
DPtoLP
GetNearestColor
BeginPath
DeleteDC
EndDoc
EndPath
CreatePen

kernel32

HeapCreate
LoadLibraryW
GetCurrentProcessId
FreeEnvironmentStringsW
MultiByteToWideChar
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetOEMCP
GetCurrentProcess
WriteConsoleA
WaitForSingleObject
DeleteCriticalSection
WriteFile
GetCommandLineW
GetTimeZoneInformation
TerminateProcess
CreateMutexW
HeapAlloc
UnhandledExceptionFilter
InterlockedDecrement
LeaveCriticalSection
LCMapStringA
FlushFileBuffers
CompareStringW
RaiseException
GetTimeFormatA
GetModuleHandleW
GetStdHandle
GetStartupInfoA
WriteConsoleW
SetStdHandle
GetCurrentThreadId
GetModuleFileNameW
SetHandleCount
TlsFree
LoadLibraryA
SetEnvironmentVariableA
GetTickCount
TlsAlloc
VirtualAlloc
HeapSize
GetCPInfo
GetFileType
GetConsoleOutputCP
Sleep
SetLastError
GetLastError
QueryPerformanceCounter
GetStartupInfoW
GetACP
CompareStringA
LCMapStringW
HeapFree
VirtualQuery
InterlockedIncrement
CloseHandle
GetDateFormatA
GetConsoleMode
EnterCriticalSection
HeapReAlloc
GetStringTypeA
LocalFree
ReadFile
TlsSetValue
GetEnvironmentStringsW
WideCharToMultiByte
GetProcAddress
RtlUnwind
TlsGetValue
IsValidCodePage
GetSystemTimeAsFileTime
GetStringTypeW
GetConsoleCP
CreateFileA
GetModuleFileNameA
GetModuleHandleA
ExitProcess
GetLocaleInfoA
VirtualFree
SetFilePointer
InterlockedExchange
SetUnhandledExceptionFilter

ole32

StringFromGUID2
CoTaskMemAlloc
StringFromCLSID
WriteClassStg
CreateOleAdviseHolder
CoGetClassObject
OleRegGetUserType
OleQueryLinkFromData
CoDisconnectObject
CoGetMalloc
OleSetClipboard
StgCreateDocfileOnILockBytes
OleCreateFromData
CreateILockBytesOnHGlobal
IsAccelerator
OleDestroyMenuDescriptor
OleRegGetMiscStatus
OleIsCurrentClipboard
CLSIDFromString
DoDragDrop
GetClassFile
OleUninitialize
OleQueryCreateFromData
OleSaveToStream
OleCreateStaticFromData
CreateBindCtx
OleGetClipboard
StgIsStorageFile
OleRegEnumVerbs
OleCreateMenuDescriptor
StgCreateDocfile
CreateGenericComposite
CreateFileMoniker
CreateStreamOnHGlobal
ReleaseStgMedium
WriteClassStm
StgOpenStorage
CoTaskMemFree
CoRegisterClassObject
OleDuplicateData
CoCreateInstance
OleTranslateAccelerator
StgIsStorageILockBytes
CoFreeUnusedLibraries
OleInitialize

user32

GetMenu
CreateWindowExW
LoadImageW
ShowWindow
LoadCursorW
LoadAcceleratorsW
DestroyWindow
PeekMessageW
DestroyAcceleratorTable
GetWindow
DestroyMenu
GetSysColorBrush
ReleaseCapture
LoadStringW
SetMenu
SetTimer
IsWindow
RegisterClassW
DefWindowProcW
PostQuitMessage
TrackPopupMenu
MessageBoxW
KillTimer
CopyRect
UpdateWindow
FillRect
RegisterClassExW
LoadIconW
TranslateMessage
ClientToScreen
SetWindowPos

shell32

DragFinish
SHGetDesktopFolder
Shell_NotifyIconA
ord155

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA
CommDlgExtendedError

oleaut32

LoadTypeLi

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 476KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47be789e30d011e8f1ef1dbfea27c86d

Headers

File Characteristics

PDB Paths

Imports

advapi32

comctl32

shlwapi

gdi32

kernel32

ole32

user32

shell32

comdlg32

oleaut32

Sections

.text Size: 115KB - Virtual size: 115KB

.rdata Size: 476KB - Virtual size: 476KB

.data Size: 129KB - Virtual size: 129KB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 476KB - Virtual size: 476KB

.data
Size: 129KB - Virtual size: 129KB

.rsrc
Size: 23KB - Virtual size: 23KB