6f117837aa44e8dc415793a036645514_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6f117837aa44e8dc415793a036645514_JaffaCakes118
Size

226KB
MD5

6f117837aa44e8dc415793a036645514
SHA1

bf60c1c866a9bc2d4f006758c40c89f9406ec6de
SHA256

3f281d35aad75cc0327ef5bcdfc765b866d3abc90ac96d0498b84ccad77a8d03
SHA512

dbce1d5398ff27425245274aa6f81c722b388f88ac33cbe829a5343c986159375d1072424fc0282454c571e93a89b4d61c33f8b59445c7ff43f0cfdbea4b68dc
SSDEEP

3072:y0/yYOV9ls254HXsF5rnOvqoW9ZNrGG3QkwLtjhq4VYWMPrbC1yfIf:ylYOV9ls2GH8DOiN3kGsZg4VYEf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f117837aa44e8dc415793a036645514_JaffaCakes118

Files

6f117837aa44e8dc415793a036645514_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1df3053a8c0da1f34805db654ede63f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

RapportSetup.pdb

Imports

shlwapi

PathAppendA
SHDeleteKeyA
SHDeleteValueA

kernel32

InitializeCriticalSection
CreateProcessA
GetProcAddress
LoadLibraryA
FreeLibrary
RemoveDirectoryA
DeleteFileA
CompareStringA
lstrlenA
GetModuleFileNameA
lstrcpyA
lstrcpynA
GetSystemDirectoryA
GetExitCodeProcess
GetFileAttributesA
CreateDirectoryA
WideCharToMultiByte
LoadResource
GetUserDefaultLangID
FindResourceExA
FindResourceA
SizeofResource
LockResource
CreateMutexA
GlobalFree
GlobalAlloc
GetNativeSystemInfo
GetCurrentProcess
GetModuleHandleA
GetVersionExA
GetEnvironmentVariableA
GetTickCount
SetLastError
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
LocalFree
FormatMessageA
OutputDebugStringA
MultiByteToWideChar
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
FreeEnvironmentStringsA
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
SetFilePointer
WriteFile
ReadFile
CloseHandle
CreateFileA
GetLastError
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTempPathA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LocalAlloc
InterlockedExchange
RaiseException
HeapAlloc
HeapFree
GetCurrentThreadId
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
SetHandleCount

user32

CharNextA
CharPrevA
CreateDialogParamA
SetWindowTextA
MoveWindow
SetFocus
ShowWindow
SetForegroundWindow
LoadIconA
LoadCursorA
SetCursor
GetDlgItem
SendMessageA
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
DestroyWindow
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
GetForegroundWindow
MessageBoxA

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
QueryServiceStatus
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
EqualSid

shell32

SHGetFolderPathW
ShellExecuteExA
ShellExecuteA
SHGetFolderPathA
SHFileOperationA

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1df3053a8c0da1f34805db654ede63f5

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 60KB - Virtual size: 56KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 60KB - Virtual size: 56KB