6fcf37c3cda5d8ca6effe5f86c18d7f7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6fcf37c3cda5d8ca6effe5f86c18d7f7_JaffaCakes118
Size

492KB
MD5

6fcf37c3cda5d8ca6effe5f86c18d7f7
SHA1

5737bd12948b3dc40b6ef97ed86d2d0ec3e23659
SHA256

f920b9717143e43cdfb518ea8e0ed6b24c592078b3f98d773f4152e90f5035b0
SHA512

485d4da2573cd1513dd17edbf79902a28909d8b86940b5cede9c4b809d8d5bdb4d86ea70cd60869cad0925e8181686f77edf8ec56f3dca80df6e2f6947b6b6e5
SSDEEP

12288:8R5QKCjl5kXxM9KyrG+EmJyto64sWGyyDU/RE50:8ROjyhybEypsWGyyD1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fcf37c3cda5d8ca6effe5f86c18d7f7_JaffaCakes118

Files

6fcf37c3cda5d8ca6effe5f86c18d7f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5ee8b7aed5c338ad27720a65eee35d24

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\rfwlo

Imports

comctl32

PropertySheetW
InitCommonControlsEx

gdi32

CreateCompatibleBitmap
DeleteObject
Ellipse
PtVisible
SetRectRgn
SetWindowExtEx
GetStockObject
CreatePen
CreatePatternBrush
PatBlt
CreateRectRgn
ExcludeClipRect
Rectangle
DeleteDC
CreateDIBitmap
GetCharWidthW
StretchBlt
GetObjectW
CreateDIBSection
SelectClipRgn
Escape
RectVisible

kernel32

CompareStringA
SuspendThread
UnhandledExceptionFilter
GetStartupInfoA
GetCurrentProcess
GetVolumeInformationA
GetCurrentProcessId
SetUnhandledExceptionFilter
MultiByteToWideChar
SetLastError
RtlUnwind
VirtualFree
GetLastError
VirtualQuery
CloseHandle
GetEnvironmentStrings
ResumeThread
SetHandleCount
GetTimeZoneInformation
SetEnvironmentVariableA
GetSystemInfo
SetFilePointer
CompareStringW
ReadFile
GetModuleFileNameA
GetFileType
EnterCriticalSection
SizeofResource
TlsSetValue
DeleteCriticalSection
GetVersionExA
GetStringTypeA
SetStdHandle
LCMapStringW
InterlockedExchange
ExitThread
HeapDestroy
HeapFree
CreateMutexA
GlobalFree
GetStdHandle
FlushFileBuffers
HeapAlloc
VirtualProtect
HeapSize
FindClose
DuplicateHandle
GetTickCount
CreateProcessA
LeaveCriticalSection
WriteFile
RaiseException
lstrcmpiW
LCMapStringA
VirtualAlloc
GetTimeFormatA
TlsFree
LocalReAlloc
GetLocaleInfoA
GlobalSize
LoadResource
GetDateFormatA
GetCommandLineA
HeapReAlloc
GetACP
FindNextFileW
GetModuleHandleA
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetModuleFileNameW
GetCurrentThreadId
lstrcmpA
TlsAlloc
GetProcAddress
HeapCreate
Sleep
lstrlenA
GetOEMCP
GetStringTypeW
ExitProcess
WideCharToMultiByte
FindNextFileA
InitializeCriticalSection
GetEnvironmentStringsW
LoadLibraryA
IsBadCodePtr
QueryPerformanceCounter
FreeEnvironmentStringsA
FreeLibrary
CreateDirectoryA
FreeEnvironmentStringsW
TerminateProcess
TlsGetValue
GetVersion
IsValidCodePage
GetUserDefaultLCID
GetCPInfo

ole32

CoFreeUnusedLibraries
OleDestroyMenuDescriptor
CoDisconnectObject
OleCreateMenuDescriptor
WriteClassStm
WriteFmtUserTypeStg
CreateDataAdviseHolder
CreateStreamOnHGlobal
CLSIDFromProgID
StgIsStorageFile
OleSaveToStream
OleInitialize
CoTaskMemAlloc
CLSIDFromString
OleSetContainedObject
OleQueryLinkFromData
OleLoad
OleDuplicateData
StgIsStorageILockBytes
CoTreatAsClass
OleTranslateAccelerator
CoTaskMemFree
CoLockObjectExternal
OleQueryCreateFromData
SetConvertStg
OleCreateStaticFromData
GetClassFile
OleGetClipboard
StgCreateDocfile
StringFromGUID2
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
IsAccelerator
CreateBindCtx
CreateOleAdviseHolder
ReleaseStgMedium
WriteClassStg
GetHGlobalFromILockBytes
StgCreateDocfileOnILockBytes
OleSetClipboard
ReadClassStg
OleCreateFromData
OleIsCurrentClipboard
ReadFmtUserTypeStg
OleLockRunning
DoDragDrop

advapi32

InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyW
SetFileSecurityW
RegQueryValueW
RegOpenKeyExW
RegOpenKeyExA
OpenProcessToken
RegEnumValueW
RegCloseKey
RegEnumKeyW
GetFileSecurityW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
SetSecurityDescriptorDacl
RegDeleteValueW
GetUserNameW
RegCreateKeyW
RegEnumKeyExW
RegQueryValueExA

user32

IsWindowEnabled
RegisterClassExA
CreatePopupMenu
CharNextA
GetActiveWindow
CreateWindowExA
PostMessageA
LoadIconA
IsMenu
DestroyAcceleratorTable
MapWindowPoints
DestroyWindow
GetSysColorBrush
MoveWindow
MessageBoxA
LoadStringA
DefWindowProcA
GetMessageA
LoadBitmapA
LoadAcceleratorsA
OffsetRect
RegisterClassA
GetNextDlgTabItem
GetClientRect
GetForegroundWindow
TranslateAcceleratorA
DestroyIcon
IsIconic
LoadCursorA
PtInRect
ShowWindow

shell32

SHChangeNotify
SHGetDesktopFolder
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetFileInfoA
SHFileOperationA
Shell_NotifyIconA

winspool.drv

EnumPrinterDriversA
AddPrinterA
DeviceCapabilitiesA
EnumJobsA
GetPrinterDriverDirectoryA
AddPrinterDriverA
EnumPrintersA

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ee8b7aed5c338ad27720a65eee35d24

Headers

File Characteristics

PDB Paths

Imports

comctl32

gdi32

kernel32

ole32

advapi32

user32

shell32

winspool.drv

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 264KB - Virtual size: 262KB

.data Size: 76KB - Virtual size: 83KB

.rsrc Size: 52KB - Virtual size: 49KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 264KB - Virtual size: 262KB

.data
Size: 76KB - Virtual size: 83KB

.rsrc
Size: 52KB - Virtual size: 49KB