6f4919062f45969fc20618eff45a1d04_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6f4919062f45969fc20618eff45a1d04_JaffaCakes118
Size

542KB
MD5

6f4919062f45969fc20618eff45a1d04
SHA1

f1fece2cbc8e77148db72a21bbfe0ada743343ed
SHA256

d38c82105a786123065b87d2c292c35b0dda00dbc59cfce484f949a3fa676b75
SHA512

5cd7df5f6c183b101ef4ceb6ce11c38d4959faa3db8f9039aa2f52bce748b42a3fc2051ddad53a94da19af00a6b245dfbc35469c9143f3cb56fc16fe54e0002d
SSDEEP

12288:slLux4kLorh292o711N3/BvJ1evp/NL4evt/:kySYo12924vCp/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f4919062f45969fc20618eff45a1d04_JaffaCakes118

Files

6f4919062f45969fc20618eff45a1d04_JaffaCakes118
.exe windows:4 windows x86 arch:x86

23d4bb962626e82f0b9914b939093649

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\ytoonfsqp\hueopcvc\ohbmgoofft\yetoewyau.pdb

Imports

gdi32

GetCharWidth32W
EnumFontFamiliesExA
GetCharWidthA
CreateDCW
GetDeviceCaps
DeleteDC
GetCharABCWidthsA

kernel32

SuspendThread
Sleep
SetEndOfFile
HeapSize
GetCurrentProcess
ReadFile
CreateMailslotA
lstrlenA
SetStdHandle
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
HeapReAlloc
RaiseException
LoadLibraryA
GetEnvironmentStrings
IsValidCodePage
GetUserDefaultLCID
GetProcessHeap
GetConsoleMode
ReadConsoleInputA
ExitProcess
GetTimeZoneInformation
GetModuleHandleA
HeapDestroy
CloseHandle
WriteFile
TlsFree
CreateMutexA
WriteConsoleA
GetConsoleCP
FreeLibrary
TlsAlloc
GetLocaleInfoW
GetConsoleOutputCP
LocalUnlock
OutputDebugStringA
GetCurrentProcessId
QueryPerformanceCounter
FlushFileBuffers
InterlockedIncrement
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
GetACP
HeapValidate
GetModuleHandleW
GetOEMCP
GetLocaleInfoA
IsDebuggerPresent
OpenMutexA
UnhandledExceptionFilter
HeapFree
HeapAlloc
LeaveCriticalSection
GetEnvironmentStringsW
GetStringTypeA
GetDateFormatA
CompareStringA
InterlockedExchange
EnumSystemLocalesA
GetCommandLineA
VirtualQuery
GetFileType
LCMapStringA
GetModuleFileNameA
GetProcAddress
LCMapStringW
GetTickCount
DeleteCriticalSection
CompareStringW
SetLastError
SetConsoleCtrlHandler
CreateDirectoryExW
LoadLibraryW
EnterCriticalSection
GetStdHandle
GetStringTypeW
GetStartupInfoA
VirtualFree
LocalReAlloc
GetCPInfo
SetUnhandledExceptionFilter
GetTimeFormatA
VirtualAlloc
GetCurrentThread
SetWaitableTimer
SetFilePointer
GetModuleFileNameW
GetPrivateProfileStructA
WriteConsoleW
SetEnvironmentVariableA
IsValidLocale
TlsGetValue
GetLastError
FreeEnvironmentStringsA
SetHandleCount
CreateFileA
IsBadReadPtr
HeapCreate
RtlUnwind
InterlockedDecrement
DebugBreak
TerminateProcess
GetCurrentThreadId
FreeEnvironmentStringsW
TlsSetValue
GetSystemTimeAsFileTime

user32

GetTitleBarInfo
CharPrevExA
ToUnicode
SendDlgItemMessageW
IsWindowUnicode
RegisterClassExA
CreateWindowExW
SetWindowLongW
OemKeyScan
BroadcastSystemMessageA
ShowWindow
SendMessageW
SetMenuDefaultItem
EndPaint
GetWindowTextA
ChangeMenuW
DdeImpersonateClient
ArrangeIconicWindows
GetKeyNameTextA
RegisterClassA
GetMenuState
EnumPropsW
FindWindowExW
MessageBoxA
WinHelpA
DdeFreeDataHandle

shell32

ExtractIconExW
DragQueryFileAorW
ExtractIconExA

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_Destroy
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_GetIconSize
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Write
CreateMappedBitmap
DrawInsert
ImageList_Duplicate
ImageList_LoadImageA
ImageList_Remove
ImageList_LoadImageW
ImageList_GetIcon
ImageList_SetDragCursorImage
CreatePropertySheetPage
MakeDragList
DestroyPropertySheetPage
ImageList_DragShowNolock
ImageList_GetFlags
ImageList_SetFlags

advapi32

CryptDuplicateHash
CryptSetProvParam
RegSetKeySecurity
CryptEnumProvidersA
RegOpenKeyW
LookupPrivilegeValueA
StartServiceW
RegDeleteKeyW
CryptSetProviderA
CryptSetProviderExA
CryptDuplicateKey
GetUserNameW
RegRestoreKeyA
LogonUserA
CryptDeriveKey
CryptGetKeyParam
RegFlushKey
CryptDecrypt
CryptDestroyHash
StartServiceA
CryptVerifySignatureW

wininet

FindFirstUrlCacheContainerA
SetUrlCacheEntryInfoW
InternetUnlockRequestFile
GetUrlCacheConfigInfoW
FindFirstUrlCacheEntryW
InternetSetFilePointer
FtpGetFileW
InternetReadFileExA
UrlZonesDetach

Sections

.text
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23d4bb962626e82f0b9914b939093649

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

user32

shell32

comctl32

advapi32

wininet

Sections

.text Size: 342KB - Virtual size: 341KB

.rdata Size: 71KB - Virtual size: 92KB

.data Size: 94KB - Virtual size: 93KB

.rsrc Size: 34KB - Virtual size: 33KB

.text
Size: 342KB - Virtual size: 341KB

.rdata
Size: 71KB - Virtual size: 92KB

.data
Size: 94KB - Virtual size: 93KB

.rsrc
Size: 34KB - Virtual size: 33KB