64d5aeca44305f3e11dd690e0b84071e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64d5aeca44305f3e11dd690e0b84071e_JaffaCakes118
Size

56KB
MD5

64d5aeca44305f3e11dd690e0b84071e
SHA1

a1020de42bc2b8608dc0ca0eeab80dc23ad0fc42
SHA256

a0acafff70b2c80b2ff3bc566e3ac7ca2b88d0484b4f187e0526f3a9231ed7af
SHA512

1fd55dd076146b43aa3ca9ea58afe44aec4a08b6f8f10f54ae00e6a73d45e7678367b846e585c35ef5f1f813c8d81a72bfbab1faa1d9211568ccdfca134a2c75
SSDEEP

1536:tgN293jop6wXtR2yLFZIwWdf0Ag5xIkagsYDifrxsN:yNEjMdR2QZdyfqLIk7ifrxsN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64d5aeca44305f3e11dd690e0b84071e_JaffaCakes118

Files

64d5aeca44305f3e11dd690e0b84071e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2d5055e370707604447bed961e804542

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW

comdlg32

CommDlgExtendedError
GetOpenFileNameW

userenv

UnloadUserProfile

winmm

auxOutMessage

secur32

GetUserNameExW

mpr

WNetGetNetworkInformationW
WNetGetConnectionW
WNetGetResourceInformationW

ole32

OleInitialize
ReleaseStgMedium
CoGetCallContext
OleSetClipboard
CoTaskMemFree
CoTaskMemAlloc
OleGetClipboard
CoCreateInstance
OleUninitialize

rpcrt4

RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
UuidCreate
RpcEpResolveBinding
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFree
NdrClientCall2

lz32

LZClose

gdi32

GetDeviceCaps
SelectObject
SelectPalette
CreateDIBitmap
CreateFontIndirectW
BitBlt
GetObjectW
GetStockObject
RealizePalette
CreateCompatibleDC
DeleteObject
CreatePalette
DeleteDC

comctl32

ImageList_SetOverlayImage
CreatePropertySheetPageW
InitCommonControlsEx
ImageList_ReplaceIcon
PropertySheetW
ImageList_Remove
ImageList_Destroy
DestroyPropertySheetPage
ImageList_AddMasked
ImageList_GetIcon
ImageList_Create

kernel32

lstrcpynW
GetEnvironmentVariableW
UnhandledExceptionFilter
ExitThread
VirtualAlloc
GetFullPathNameW
IsBadStringPtrW
GetUserDefaultUILanguage
TerminateProcess
UnmapViewOfFile
GetCurrentProcess
LocalFree
LocalReAlloc
GetProcAddress
ExpandEnvironmentStringsW
GetCurrentProcessId
LeaveCriticalSection
SearchPathW
InterlockedIncrement
GlobalReAlloc
GetTimeFormatW
CloseHandle
CompareFileTime
FreeLibrary
OpenProcess
LoadResource
DeleteCriticalSection
CompareStringW
IsBadWritePtr
WideCharToMultiByte
ReleaseActCtx
DuplicateHandle
QueryPerformanceCounter
ReadFile
SetWaitableTimer
FindNextFileW
SetCurrentDirectoryW
FormatMessageW
GetFileAttributesW
MulDiv
lstrcmpiW
GetCurrentThread
GetDateFormatW
GlobalUnlock
GetLastError
CreateWaitableTimerW
GetSystemTime
lstrcmpW
CreateDirectoryW
GetFileType
EnterCriticalSection
CreateFileW
GetComputerNameExW
lstrcmpA
DeleteFileW
SystemTimeToFileTime
CreateThread
GetDriveTypeW
LoadLibraryW
ActivateActCtx
GlobalLock
GetLocalTime
GetCurrentDirectoryW
GlobalAlloc
SetUnhandledExceptionFilter
FindFirstFileW
GetFileSize
CreateFileMappingW
GetTickCount
GetComputerNameW
GetCurrentActCtx
GetCurrentThreadId
WriteFile
SetFileAttributesW
InitializeCriticalSection
FindClose
MapViewOfFile
InterlockedDecrement
LockResource
GetVersionExW
DeactivateActCtx
GetSystemTimeAsFileTime
FindResourceW
LocalAlloc
CancelWaitableTimer
DisableThreadLibraryCalls
SetFilePointer
GetUserDefaultLCID
lstrlenW
Sleep
SetFileTime
SetEndOfFile
GetFileTime
FileTimeToSystemTime
GetVolumeInformationW
GetLocaleInfoW
GlobalFree

user32

MapWindowPoints
GetWindowTextW
EnumChildWindows
GetMenuItemCount
PostMessageW
GetWindowThreadProcessId
RegisterClassW
EnableWindow
GetSubMenu
GetWindowRect
GetClassNameW
TrackPopupMenu
GetDC
SwitchToThisWindow
IsWindow
CheckDlgButton
ValidateRect
GetMenuItemInfoW
SetCursor
GetWindow
MessageBoxW
GetLastActivePopup
DefWindowProcW
EnableMenuItem
MessageBeep
GetKeyState
SendDlgItemMessageW
ShowWindow
SetDlgItemTextW
LoadMenuW
SetMenuItemInfoW
SetWindowPos
LoadStringW
GetClientRect
CreateWindowExW
CheckRadioButton
SetWindowTextW
SetFocus
DestroyMenu
LoadImageW
SetTimer
WinHelpW
RemoveMenu
RegisterWindowMessageW
GetMenuItemID
SystemParametersInfoW
SendMessageW
IsDlgButtonChecked
DialogBoxParamW
GetDlgItemTextW
SetForegroundWindow
InvalidateRect
SetMenuDefaultItem
EndDialog
GetClassInfoW
KillTimer
GetSystemMetrics
GetForegroundWindow
EnumWindows
CheckMenuItem
DestroyIcon
GetWindowLongW
GetParent
GetDlgItemInt
GetDlgItem
SetWindowLongW
LoadCursorW
RegisterClipboardFormatW
FindWindowW
GetWindowTextLengthW
DestroyWindow
ReleaseDC

advapi32

SetSecurityInfo
CheckTokenMembership
SetEntriesInAclW
RegConnectRegistryW
GetFileSecurityW
AdjustTokenPrivileges
FreeSid
CloseServiceHandle
OpenThreadToken
RegQueryValueExW
RegSetValueExW
OpenProcessToken
RevertToSelf
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
LookupPrivilegeValueW
OpenServiceW
RegOpenKeyExW
RegDeleteKeyW
GetSecurityInfo
GetTokenInformation
OpenSCManagerW
RegCloseKey
QueryServiceStatus
ImpersonateSelf
AccessCheck
SetSecurityDescriptorOwner
RegEnumKeyExW
StartServiceW
ControlService
LookupAccountSidW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shell32

SHExtractIconsW
SHChangeNotify
SHGetFolderPathW
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
DragQueryFileW

ntdsapi

DsMakeSpnW

msvcrt

_vsnwprintf
setlocale
wcstoul
wcstombs
wcsncmp
mbstowcs
iswctype
_initterm
_purecall
_adjust_fdiv
rand
wcsrchr
wcsncpy
wcslen
malloc
wcspbrk
wcsstr
free
memmove
wcschr
_itow
wcsspn
wcscmp
_wcsicmp
_except_handler3
_wcsnicmp

Sections

.textbss
Size: 45KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d5055e370707604447bed961e804542

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

comdlg32

userenv

winmm

secur32

mpr

ole32

rpcrt4

lz32

gdi32

comctl32

kernel32

user32

advapi32

version

shell32

ntdsapi

msvcrt

Sections

.textbss Size: 45KB - Virtual size: 208KB

.text Size: 512B - Virtual size: 420B

.idata Size: 8KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 4B

.textbss
Size: 45KB - Virtual size: 208KB

.text
Size: 512B - Virtual size: 420B

.idata
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 4B