6294e40ff7ded4d9b41aba0b8c192634_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6294e40ff7ded4d9b41aba0b8c192634_JaffaCakes118
Size

407KB
MD5

6294e40ff7ded4d9b41aba0b8c192634
SHA1

025327b05312b58aa9a6239a9dd68ec15fc35aa7
SHA256

5db1e61e2597fbe198d62efbb852ba17e090feb5a8c7b3c7a83e85d17beb9683
SHA512

bbe61eec66c66e1f22696b7584a899ce1edae88343bc8a4017bb7e4deea1db358e40b3d8cf48075270d703f56c07c59a693fe2ead835ec596783d7da9a8c612d
SSDEEP

12288:TwstFdxfPoNjBqVJyqBlkP3BvVOqnuOqnu1qnuaqnuZqnuCqnui3zY:xmcJlkPO+uO+u1+ua+uZ+uC+ui3U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6294e40ff7ded4d9b41aba0b8c192634_JaffaCakes118

Files

6294e40ff7ded4d9b41aba0b8c192634_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82172e1ef71eb8dc32e94b51e1816358

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
LocalFree
LocalAlloc
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
lstrcmpA
lstrcpyA
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetComputerNameA
GetWindowsDirectoryA
CreateMutexA
ReleaseMutex
SetCurrentDirectoryW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
CreateFileW
IsValidLocale
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetTempPathW
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
InterlockedExchange
FindClose
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
HeapSize
SetUnhandledExceptionFilter
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetTickCount
GetModuleFileNameW
lstrcpynW
lstrcpynA
SetCurrentDirectoryA
GetModuleHandleA
ReadFile
SetFilePointer
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcatA
Sleep
GetCurrentDirectoryA
SetFileAttributesA
CreateThread
WaitForSingleObject
TerminateThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
GetSystemDirectoryA
SetLastError
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrlenW
LoadLibraryA
GetProcAddress
GetTempPathA
GetTempFileNameA
DeleteFileA
FreeLibrary
CreateFileA
WriteFile
GetLastError
CloseHandle
IsValidCodePage
IsBadWritePtr
VirtualAlloc
VirtualFree
TlsGetValue
TlsAlloc
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
RaiseException
ExitProcess
TerminateProcess
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetCurrentThreadId
TlsSetValue
GetFileAttributesA

user32

wsprintfW
SetFocus
SendMessageA
LoadIconA
SetWindowTextA
SetDlgItemTextA
DialogBoxParamA
wsprintfA
GetDesktopWindow
EndPaint
ShowWindow
GetDlgItem
BeginPaint
LoadBitmapA
EndDialog
ExitWindowsEx
GetDlgItemTextA

gdi32

SelectObject
GetObjectA
BitBlt
DeleteObject
DeleteDC
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHGetSpecialFolderPathA
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW

advapi32

CryptReleaseContext
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateServiceA
StartServiceA
DeleteService
CloseServiceHandle
OpenSCManagerA
OpenThreadToken
OpenProcessToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid
RegEnumValueW
RegEnumValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyW
RegCreateKeyA
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegSetValueExA
LookupAccountNameA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

wsock32

ioctlsocket
gethostname
WSAStartup
WSAGetLastError
gethostbyname
inet_addr

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82172e1ef71eb8dc32e94b51e1816358

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

version

advapi32

wsock32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 124KB - Virtual size: 130KB

.rsrc Size: 56KB - Virtual size: 55KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 124KB - Virtual size: 130KB

.rsrc
Size: 56KB - Virtual size: 55KB