6a19cb1dabdb40738d54cb248a32f122_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a19cb1dabdb40738d54cb248a32f122_JaffaCakes118
Size

380KB
MD5

6a19cb1dabdb40738d54cb248a32f122
SHA1

1a29ad1d797e5851ffe9ec754ceb6877ec91ab59
SHA256

13c3db16c780a76ec4c2980a1844e8ce60beddad26bcc9c29713a1d97be0886b
SHA512

91f2c2d396a4057b3a673b21dc00ec0247b02fbcb1f1b38858293a8c284c97826b27424c6325e2ba523152d046fbc2360397a148184f3900a45eea9c418d2d07
SSDEEP

6144:BK5iUqZUJYtKbRbDUhpNsqcKX7F1+TIO0ABgTEV4KKQ48IqO5RLdkWA/N:BEiqYtSbwBsMFo0O0ABcEV4KKQ48IqO4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a19cb1dabdb40738d54cb248a32f122_JaffaCakes118

Files

6a19cb1dabdb40738d54cb248a32f122_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4fa37bd567957b54ac8f2716087bd143

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetKeyboardLayoutList
GetDC
GetMenuCheckMarkDimensions
GetMonitorInfoA
GetSysColor
GetSystemMetrics
ReleaseDC
SystemParametersInfoA
GetKeyboardLayout
EnumDisplayMonitors

kernel32

GetShortPathNameA
GetStringTypeExW
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTempPathW
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAlloc
GlobalFree
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapReAlloc
HeapSize
HeapUnlock
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
InterlockedExchange
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
OpenMutexA
OutputDebugStringA
QueryPerformanceCounter
GetProcessTimes
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
SetFileAttributesW
SetLastError
SetLocalTime
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
WaitForSingleObject
WideCharToMultiByte
WriteFile
GetLocalTime
GetLastError
GetFileType
GetFileAttributesW
GetDiskFreeSpaceExW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
FormatMessageW
FindNextFileW
FindFirstFileW
FindClose
ExpandEnvironmentStringsW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateSemaphoreA
CreateMutexA
CreateFileW
CreateDirectoryW
CompareStringW
CloseHandle
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetModuleHandleA
RaiseException
GetModuleFileNameW
InterlockedCompareExchange

advapi32

SetSecurityDescriptorDacl
AddAccessDeniedAce
RegisterTraceGuidsA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
UnregisterTraceGuids
TraceEvent
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyW
RegCreateKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid
FreeSid
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
CheckTokenMembership
AllocateAndInitializeSid
AddAccessAllowedAce

ole32

CoTaskMemAlloc
CoTaskMemFree

shlwapi

SHDeleteKeyW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

UuidCreate

shell32

SHGetSpecialFolderPathW

gdi32

DeleteObject
DeleteDC
CreateSolidBrush
CreateDCA
GetDeviceCaps

dbghelp

ImageRvaToVa
FindExecutableImage
GetTimestampForLoadedLibrary
ImageRvaToSection
FindExecutableImageEx
ImagehlpApiVersion

dsound

ord9

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fa37bd567957b54ac8f2716087bd143

Headers

File Characteristics

Imports

user32

kernel32

advapi32

ole32

shlwapi

version

rpcrt4

shell32

gdi32

dbghelp

dsound

Sections

.text Size: 300KB - Virtual size: 299KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 16KB - Virtual size: 112KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 300KB - Virtual size: 299KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 16KB - Virtual size: 112KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 12KB