66f736a70b4fd878d087309daeae0bfc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

66f736a70b4fd878d087309daeae0bfc_JaffaCakes118
Size

205KB
MD5

66f736a70b4fd878d087309daeae0bfc
SHA1

e0419fe2bbe5ce5e7f6827f67e1c33be7e15817f
SHA256

cacf47cfbc05bdcefbd486d8a2ec61bd6703636227dc123de2cc9c2b4a2a8ac5
SHA512

42fbe557c558e261453128840a1c93d13d9b82a523079b75d282c88e88ec63931a1fef14763d272945bfa2ddb5b6ce9a25ed1cb72ab39526864d6f8dba41c618
SSDEEP

1536:3+jlMGresKy4AqapsNMMreHKuypjuuMSdkFt2v5AuqNrhO:3+jlxTv4AqussHK/De2rM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66f736a70b4fd878d087309daeae0bfc_JaffaCakes118

Files

66f736a70b4fd878d087309daeae0bfc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cabdd5ecca9961437153c80261f331c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
CreateFileW
GetCurrentThread
CreateThread
GetStartupInfoW
OpenProcess
GetExitCodeThread
MoveFileA
MoveFileW
DeleteAtom
ReplaceFileW
GetStringTypeW
GetWindowsDirectoryA
GetShortPathNameA
GetModuleHandleA
GetStartupInfoA
IsValidCodePage
BeginUpdateResourceA
ReadFile
GetCurrentProcessId
GetLongPathNameW
GetProcAddress
CreateEventA
SuspendThread
RaiseException

user32

EnumClipboardFormats
GetClassInfoExA
GetTopWindow
CheckMenuItem
DialogBoxIndirectParamW
EnumDesktopsW
EnumDesktopWindows
LoadCursorA
keybd_event
DrawTextA
SetWindowTextA
CheckRadioButton
GetMessageW
GetClassNameW
CheckDlgButton
UpdateWindow
GetSystemMetrics
IsDlgButtonChecked
CascadeWindows
MessageBoxIndirectA
DefWindowProcA
RegisterWindowMessageW
GetKeyState
AdjustWindowRect
PeekMessageW

gdi32

CreateFontIndirectA
GetColorAdjustment
SetColorAdjustment
CreateDCW
EnumObjects
CreateSolidBrush
SelectBrushLocal
EnumICMProfilesA
StartDocW
SetArcDirection
GetViewportExtEx
MoveToEx
GetLogColorSpaceW
GetBkMode

advapi32

RegSaveKeyW
RegOpenKeyExA
RegOpenKeyA
RegOpenKeyExW

shlwapi

StrChrW
SHRegCreateUSKeyW
PathUnExpandEnvStringsW
PathUndecorateA
PathIsFileSpecW
PathRemoveFileSpecW

comdlg32

ReplaceTextA

opengl32

glColor4ubv

setupapi

SetupDiMoveDuplicateDevice
pSetupStringTableSetExtraData
SetupAddSectionToDiskSpaceListA

urlmon

CoInternetGetSession
CoGetClassObjectFromURL
HlinkNavigateString
CoInternetCreateZoneManager
DllInstall
FindMimeFromData
CDLGetLongPathNameW
HlinkSimpleNavigateToMoniker
RegisterMediaTypes
URLDownloadToCacheFileA
CoInternetCreateSecurityManager

sqlunirl

_SetEnvironmentVariable_@8
_EnumFontFamiliesEx_@20
_SetFileAttributes_@8

crypt32

CertCreateSelfSignCertificate
CryptMsgDuplicate
CryptGetDefaultOIDDllList
RegSetValueExU
CertDeleteCTLFromStore
CertSerializeCertificateStoreElement
I_CryptRegisterSmartCardStore
CertFreeCertificateChainEngine
I_CryptInsertLruEntry
CertDeleteCRLFromStore
CryptSIPRemoveProvider
CertRDNValueToStrW
CryptInstallOIDFunctionAddress
CryptSignMessageWithKey
CertOpenSystemStoreA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.s
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d
Size: 1KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VKFBmZ
Size: 1024B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xJ
Size: 1024B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OQKfGO
Size: 3KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.OF
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.J
Size: 1024B - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wu
Size: 512B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cabdd5ecca9961437153c80261f331c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comdlg32

opengl32

setupapi

urlmon

sqlunirl

crypt32

Sections

.text Size: 11KB - Virtual size: 10KB

.s Size: 512B - Virtual size: 11KB

.d Size: 1KB - Virtual size: 36KB

.VKFBmZ Size: 1024B - Virtual size: 39KB

.xJ Size: 1024B - Virtual size: 18KB

.OQKfGO Size: 3KB - Virtual size: 43KB

.data Size: 12KB - Virtual size: 12KB

.OF Size: 512B - Virtual size: 7KB

.J Size: 1024B - Virtual size: 42KB

.wu Size: 512B - Virtual size: 152KB

.rsrc Size: 170KB - Virtual size: 170KB

.reloc Size: 1024B - Virtual size: 1004B

.text
Size: 11KB - Virtual size: 10KB

.s
Size: 512B - Virtual size: 11KB

.d
Size: 1KB - Virtual size: 36KB

.VKFBmZ
Size: 1024B - Virtual size: 39KB

.xJ
Size: 1024B - Virtual size: 18KB

.OQKfGO
Size: 3KB - Virtual size: 43KB

.data
Size: 12KB - Virtual size: 12KB

.OF
Size: 512B - Virtual size: 7KB

.J
Size: 1024B - Virtual size: 42KB

.wu
Size: 512B - Virtual size: 152KB

.rsrc
Size: 170KB - Virtual size: 170KB

.reloc
Size: 1024B - Virtual size: 1004B