61bdb03f792197493c450cf230f819ed_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

61bdb03f792197493c450cf230f819ed_JaffaCakes118
Size

676KB
MD5

61bdb03f792197493c450cf230f819ed
SHA1

969b65909878ad6889a39a717250b6e499439eb0
SHA256

3c5efb5df2336c311a0b9541eb4a8f769cc06deb5498316a1f40e8edc7a39636
SHA512

280cd6c05737b3c8832065b49773ddce315f33fac74a84e2a78f123e7584e0b720b2a43ff858e21101c88e4462cae087b017528c6a38c2d05dc691dea30d9e46
SSDEEP

6144:vEGivITS4+L9J3eu4rqfTN9+w7RSmMaf2uEzSa5XnojeDpKpJK2ajVNR6lc2bYMl:d/8+sVf2ppmKLRs0MziCPp0b/ZAo3bW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61bdb03f792197493c450cf230f819ed_JaffaCakes118

Files

61bdb03f792197493c450cf230f819ed_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e45678bfef61a6e64548acd737aca950

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

lstrcmpA
FindFirstFileA
SystemTimeToFileTime
GetSystemTime
FileTimeToDosDateTime
FindNextFileA
FileTimeToLocalFileTime
GetFileSize
GetFileTime
WriteFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetDiskFreeSpaceA
GetTempPathA
GetWindowsDirectoryA
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryExA
WaitForSingleObject
CreateProcessA
LoadLibraryA
lstrcmpiA
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileSectionA
GetPrivateProfileStringA
SetEvent
CreateThread
Sleep
GetCurrentThreadId
CreateEventA
CreateDirectoryA
GetShortPathNameA
GetModuleHandleA
FindClose
HeapDestroy
DeleteCriticalSection
lstrcatA
OpenEventA
SetFilePointer
ReadFile
LockResource
LoadResource
SizeofResource
FindResourceA
SetFileAttributesA
GetCurrentProcess
GetVersionExA
WritePrivateProfileStringA
GetSystemDirectoryA
WinExec
SetFileTime
MoveFileExA
IsBadWritePtr
IsBadReadPtr
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA
RemoveDirectoryA
InitializeCriticalSection
QueryPerformanceFrequency
CreateFileA
CloseHandle
GetFileAttributesA
MoveFileA
DeleteFileA
CopyFileA
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
lstrlenW
WideCharToMultiByte
lstrcpyA
MultiByteToWideChar
lstrlenA
GetLastError
SetLastError
SetErrorMode
GetCommandLineA
GetACP
HeapSize
GetCPInfo
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
UnhandledExceptionFilter
TerminateProcess
TlsGetValue
TlsAlloc
ExitProcess
GetVersion
GetStartupInfoA
HeapAlloc
HeapFree
ExitThread
TlsSetValue
RaiseException
RtlUnwind
HeapReAlloc
LCMapStringA
QueryPerformanceCounter
ResetEvent
GetCurrentThread
CreateFileMappingA
MapViewOfFile
lstrcpynA
VirtualQuery
GetOEMCP
InterlockedExchange
SearchPathA
UnmapViewOfFile
VirtualProtect

user32

GetDesktopWindow
PostThreadMessageA
wsprintfA
CharLowerBuffA
CharNextA
DispatchMessageA
GetMessageA
LoadStringA
TranslateMessage
ExitWindowsEx
CharUpperA

advapi32

RegCloseKey
GetFileSecurityA
IsValidSecurityDescriptor
SetFileSecurityA
RegEnumValueA
RegConnectRegistryA
RegDeleteValueA
RegQueryInfoKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCreateKeyA
RegSetValueA
RegOpenKeyA
RegQueryValueExA
RegQueryValueA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

StringFromCLSID
CoUninitialize
CoGetClassObject
ProgIDFromCLSID
OleSaveToStream
WriteClassStm
CLSIDFromString
CoTaskMemFree
CoTreatAsClass
CoInitialize
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
StgOpenStorage
StgCreateDocfile
CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid
OleLoadFromStream

oleaut32

LoadTypeLi
SafeArrayCopy
RegisterTypeLi
SafeArrayGetDim
SysAllocStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
VariantChangeType
LoadRegTypeLi
SysReAllocStringLen
CreateErrorInfo
SetErrorInfo
VariantInit
VariantCopyInd
VariantCopy
SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
VariantClear
SafeArrayGetElement
SysStringByteLen

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 428KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e45678bfef61a6e64548acd737aca950

Headers

File Characteristics

Imports

comctl32

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

Sections

.text Size: 428KB - Virtual size: 426KB

.rdata Size: 88KB - Virtual size: 85KB

.data Size: 16KB - Virtual size: 105KB

.rsrc Size: 140KB - Virtual size: 140KB

.text
Size: 428KB - Virtual size: 426KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 16KB - Virtual size: 105KB

.rsrc
Size: 140KB - Virtual size: 140KB