5fb0d92a6b5962e7511f206bcb72510d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5fb0d92a6b5962e7511f206bcb72510d_JaffaCakes118
Size

154KB
MD5

5fb0d92a6b5962e7511f206bcb72510d
SHA1

97550d2d0f4cadc5d2661f52c39e9c48446225c8
SHA256

1a74c8c5a3ccebe6312e83429d8d1e461620c86509ca3c6cfa90d7dff67b1cb8
SHA512

4558bf4215717f55858c50ab80487198d4e2f7dbae9869534c4149dae69225a232b85f39ada2a3128fc9fb75559172184b50b567451a476cc5df4391ad193ab2
SSDEEP

3072:TpDI4f6CwIbU+tlt7ox1HI51cMqm6Wk566tuwGyRsFxH6TJ9:VI4fFwI7rEy1c56yuwpaN6TD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fb0d92a6b5962e7511f206bcb72510d_JaffaCakes118

Files

5fb0d92a6b5962e7511f206bcb72510d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a717b61808e6dd5cadca4157a01a1280

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAppendUnicodeToString
RtlDosPathNameToNtPathName_U
RtlUnwind
RtlFreeUnicodeString
RtlFreeHeap

ole32

OleRegGetMiscStatus
CreateOleAdviseHolder
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
OleRegEnumVerbs
OleRegGetUserType

urlmon

CreateURLMoniker

gdi32

GetObjectW
CreateSolidBrush
SetBkColor
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
GetStockObject
CreateRectRgnIndirect
Rectangle
SetTextColor
SetBkMode
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetTextExtentPointW
DeleteObject

user32

DestroyAcceleratorTable
GetKeyState
InvalidateRect
EnableWindow
IsWindow
BeginDeferWindowPos
GetSystemMetrics
GetWindowRect
DeferWindowPos
EndDeferWindowPos
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
EnumChildWindows
GetDlgItem
SendDlgItemMessageW
GetFocus
IsChild
SetWindowLongW
GetSysColor
DrawTextW
DestroyWindow
GetDC
GetDialogBaseUnits
ReleaseDC
GetWindowLongW
SendMessageW
SetDlgItemTextW
GetNextDlgTabItem
SetFocus
GetParent
CreateAcceleratorTableW
ScreenToClient
PostMessageW
IsDialogMessageW
GetWindow
DestroyIcon
DestroyMenu
TrackPopupMenu
ClientToScreen
GetMenuItemInfoW
GetMenuItemCount
DeleteMenu
CreatePopupMenu
GetMessagePos
LoadImageW
LoadStringW
GetClientRect
GetWindowTextW
GetWindowTextLengthW
GetActiveWindow
ShowWindow

kernel32

GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
HeapSize
IsBadWritePtr
VirtualAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetACP
GetOEMCP
LoadLibraryA
InterlockedExchange
IsBadReadPtr
SetFilePointer
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
GetProcessHeap
GetWindowsDirectoryW
lstrcpynW
IsBadCodePtr
FindFirstFileW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualFree
HeapCreate
HeapDestroy
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCPInfo
GetModuleHandleA
ExitProcess
LCMapStringW
LCMapStringA
RaiseException
HeapAlloc
HeapReAlloc
HeapFree
GetVersionExA
GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetDriveTypeW
TerminateProcess
GetExitCodeProcess
CreateFileW
WriteFile
DeleteFileW
GetModuleHandleW
GetModuleFileNameW
GetTempPathW
GetTempFileNameW
SetEnvironmentVariableW
CreateProcessW
GetLastError
GetBinaryTypeW
SearchPathW
LoadLibraryW
GetProcAddress
GetSystemWindowsDirectoryW
FreeLibrary
SetErrorMode
GetFileAttributesW
GetCurrentThreadId
ExpandEnvironmentStringsW
ResetEvent
CreateThread
FindNextFileW
FindClose
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
lstrcpyW
MulDiv
LockResource
LoadResource
FindResourceW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
FlushInstructionCache
GetCurrentProcess
CreateEventW
WaitForSingleObject
SetEvent
CloseHandle
InterlockedCompareExchange

advapi32

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

shell32

SHGetPathFromIDListW
SHGetDesktopFolder
SHBindToParent
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHGetFolderLocation

sfc

SfcIsFileProtected

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a717b61808e6dd5cadca4157a01a1280

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ole32

urlmon

gdi32

user32

kernel32

advapi32

shell32

sfc

Sections

.text Size: 64KB - Virtual size: 61KB

.data Size: 212KB - Virtual size: 312KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 64KB - Virtual size: 61KB

.data
Size: 212KB - Virtual size: 312KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 11KB - Virtual size: 11KB