61564f28c15e30c2db97529400c85d3a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61564f28c15e30c2db97529400c85d3a_JaffaCakes118
Size

448KB
MD5

61564f28c15e30c2db97529400c85d3a
SHA1

10df9de3c3b55dcae7a7c3d100728ed5c6df95ac
SHA256

3506ada467ae07c5c2a7ee007a67f82407545a244a9e6cdb50dc04d87e8fd605
SHA512

c0f39e0dfedba3fe3afb164205e5dc8413296c62e4f0177bacd5e174a2a3e0aceacca192584313cd3f862e5b329206ffe376029b6be4fc0cf0a3cb36b924bd56
SSDEEP

6144:EMfBIYIc0e2ixLY+XhunvhA1uBd5N3HMPcU6V8vQCu0cDwfzj1LAOuXS:EG+YF0e2BncuBnNEXQwcGzjhG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61564f28c15e30c2db97529400c85d3a_JaffaCakes118

Files

61564f28c15e30c2db97529400c85d3a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a04b6a25fc8d8029648712b208d36db5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
GlobalDeleteAtom
FreeLibrary
GlobalAlloc
GlobalLock
GetCurrentThreadId
GetCurrentThread
FreeResource
GlobalFree
GlobalUnlock
GlobalAddAtomA
lstrcpynA
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
InterlockedDecrement
LocalFree
FormatMessageA
SetLastError
WritePrivateProfileStringA
GetModuleFileNameA
InterlockedIncrement
GlobalFlags
RaiseException
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
GetCPInfo
GetOEMCP
SetErrorMode
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
RtlUnwind
TerminateProcess
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
Process32First
Process32Next
OpenProcess
CreateProcessA
CreateFileA
GetFileSize
ReadFile
VirtualAllocEx
VirtualFreeEx
VirtualQueryEx
WriteProcessMemory
GetThreadContext
SetThreadContext
ResumeThread
CreateRemoteThread
WaitForSingleObject
GetProcessId
CreateToolhelp32Snapshot
Module32First
ReadProcessMemory
Module32Next
CloseHandle
GetVersion
lstrcmpiA
MultiByteToWideChar
lstrlenA
GetTickCount
MulDiv
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetLastError
CreateMutexA
CreateThread
ExitProcess
FindResourceA
Sleep

user32

IsDialogMessageA
SetWindowTextA
ShowWindow
LoadCursorA
GetSysColorBrush
DestroyMenu
wsprintfA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
PtInRect
GetWindow
GetLastActivePopup
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetFocus
ModifyMenuA
FindWindowA
GetWindowThreadProcessId
MessageBoxA
LoadIconA
GetSystemMenu
AppendMenuA
IsIconic
SendMessageA
GetSystemMetrics
GetClientRect
DrawIcon
GetWindowRect
EnableWindow
GetDC
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
CopyRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
EndPaint
BeginPaint
ReleaseDC
SetTimer
InvalidateRect
DispatchMessageA
PeekMessageA
TranslateMessage
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
UpdateWindow
TabbedTextOutA
PostQuitMessage
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
PostMessageA

gdi32

CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectA
ExtTextOutA
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetMapMode
CreatePen
SelectObject
SetROP2
GdiFlush
MoveToEx
PolylineTo
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
Ellipse
GetTextExtentPoint32A
StretchBlt
SetViewportExtEx
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
DeleteObject
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
ScaleViewportExtEx

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

VariantInit
VariantChangeType
VariantClear

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a04b6a25fc8d8029648712b208d36db5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

shlwapi

oleacc

winspool.drv

advapi32

oleaut32

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 300KB - Virtual size: 296KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 300KB - Virtual size: 296KB