66617f3ae087cd066d2e26eba4652eb5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

66617f3ae087cd066d2e26eba4652eb5_JaffaCakes118
Size

250KB
MD5

66617f3ae087cd066d2e26eba4652eb5
SHA1

92f0dcf6389f15fb5264b5ec66e71d1bb8681151
SHA256

7d1d9b10376993d9b9b55302ba1e57c9edd816ea0dbddee7791c178b70105326
SHA512

96f4bab29207a3723bd6c3c7ceb17b08b98c6dcb4a878d0c4737856fdcf63acdaf931b4fe45c308e229f12151deb3d29e534b4460ed056b819f8023bb69313ef
SSDEEP

6144:A6xlWj+6WOoKCSXcqvlzmE4XxLbpcop9BWbCG:AIlsWSXcqBwljECG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66617f3ae087cd066d2e26eba4652eb5_JaffaCakes118

Files

66617f3ae087cd066d2e26eba4652eb5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a00949ea9cb44b738518bc6a1a4c76a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempPathW
LocalAlloc
LocalFree
CreateProcessW
SetErrorMode
WideCharToMultiByte
lstrcpynW
GetModuleHandleW
SetLastError
GetCurrentThreadId
CreateDirectoryW
FindFirstFileW
CopyFileW
DeleteFileW
GetWindowsDirectoryW
CloseHandle
OpenEventW
RemoveDirectoryW
GetSystemDirectoryW
OutputDebugStringW
lstrlenA
LockResource
LoadResource
FindResourceW
FreeResource
lstrcmpiW
lstrlenW
WaitForSingleObject
CreateEventW
SetFileAttributesW
LoadLibraryExW
ExpandEnvironmentStringsA
FreeLibrary
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateFileW
ReadFile
WriteFile
FindNextFileW
FindClose
BeginUpdateResourceW
GetProcAddress

user32

GetForegroundWindow
GetSysColor
GetSubMenu
RemoveMenu
GetSysColorBrush
CreatePopupMenu
CreateMenu
GetMenuItemID
GetMenuState
ModifyMenuW
InsertMenuW
GetMenuItemCount
AppendMenuW
GetSystemMetrics
LoadBitmapW
DrawIconEx
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetDesktopWindow
SystemParametersInfoW
DrawEdge
FillRect
SetRect
GetMenuItemInfoW
GetDlgItem
MoveWindow
GetTopWindow
RegisterWindowMessageW
ScreenToClient
CopyRect
DeleteMenu
EnableMenuItem
CheckMenuItem
GetMessagePos
IsChild
CallNextHookEx
InvalidateRect
GetClassNameW
SetWindowsHookExW
UnhookWindowsHookEx
DestroyIcon
GetDC
ReleaseDC
TranslateAcceleratorW
LoadAcceleratorsW
GetClientRect
RedrawWindow
SetWindowPos
IsWindowVisible
GetDlgCtrlID
PostMessageW
GetWindow
GetWindowRect
GetParent
LoadStringW
IsWindow
EnableWindow
SendMessageW

gdi32

GetDeviceCaps
DeleteObject
CreateSolidBrush
GetPixel
GetObjectW
CreateFontW
CreateCompatibleDC
BitBlt
CreateFontIndirectW
CreatePen
Rectangle
CreateCompatibleBitmap
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetTextExtentPoint32W
Ellipse
DeleteDC
SelectObject
CreateDIBSection
SetPixel
PatBlt
CreateHatchBrush
GetBkMode
CreatePatternBrush

advapi32

OpenThreadToken
RegOpenKeyExA
RegQueryValueExA
SetEntriesInAclW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW
GetLengthSid
IsValidSecurityDescriptor
FreeSid
RevertToSelf
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
ImpersonateSelf
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AccessCheck
SetSecurityDescriptorGroup
OpenProcessToken

shell32

ShellExecuteW

comctl32

ImageList_GetIconSize

w32topl

ToplListCreate

mciwave

DriverProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.T
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zQWw
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wOIDR
Size: 512B - Virtual size: 187B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ph
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NUZvX
Size: 512B - Virtual size: 323B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vXVw
Size: 1024B - Virtual size: 1003B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 506KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Cz
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a00949ea9cb44b738518bc6a1a4c76a8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

w32topl

mciwave

Sections

.text Size: 16KB - Virtual size: 15KB

.T Size: 1024B - Virtual size: 1KB

.zQWw Size: 1KB - Virtual size: 1KB

.wOIDR Size: 512B - Virtual size: 187B

.rdata Size: 4KB - Virtual size: 4KB

.ph Size: 1024B - Virtual size: 1KB

.NUZvX Size: 512B - Virtual size: 323B

.vXVw Size: 1024B - Virtual size: 1003B

.data Size: 212KB - Virtual size: 506KB

.Cz Size: 1KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 16KB - Virtual size: 15KB

.T
Size: 1024B - Virtual size: 1KB

.zQWw
Size: 1KB - Virtual size: 1KB

.wOIDR
Size: 512B - Virtual size: 187B

.rdata
Size: 4KB - Virtual size: 4KB

.ph
Size: 1024B - Virtual size: 1KB

.NUZvX
Size: 512B - Virtual size: 323B

.vXVw
Size: 1024B - Virtual size: 1003B

.data
Size: 212KB - Virtual size: 506KB

.Cz
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB