708eed76754282112078d6ad7852ca55_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

708eed76754282112078d6ad7852ca55_JaffaCakes118
Size

688KB
MD5

708eed76754282112078d6ad7852ca55
SHA1

89f45d52ce392e0f025ddc03dc58457dfcd89b77
SHA256

ab85f7f843162b4c7374960a23326a647b93432cf10eabfda88123f2042500b3
SHA512

fc3f70c118043ddd6ef4426b538474a2d9d880754a0e93bee43ea703434f20baf00b2a868b106a4479ae07de063ca42ae3c291fa927b313f5228bc8f8b6887b7
SSDEEP

12288:leMDiAEx9M51yeYGaxnwQjrH5Gl2IihWzxOL9W4Hl7nPUVrdVHXm/:kMnE05/Yv9wQjlGgVgx0WQPQrrHXm/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
708eed76754282112078d6ad7852ca55_JaffaCakes118

Files

708eed76754282112078d6ad7852ca55_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5dd9225b9b96b2b7f222625c89070af8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\fog\eoctedqlc\sdfbncprs.pdb

Imports

kernel32

VirtualAlloc
FindClose
GetModuleHandleA
HeapDestroy
GetCurrentThreadId
UnmapViewOfFile
GetFileType
GetModuleHandleW
GetStringTypeW
FormatMessageA
InterlockedIncrement
GetLastError
GetLocalTime
CompareStringA
InitializeCriticalSection
SetHandleCount
SetFilePointer
TerminateProcess
GetVersion
ResetEvent
LeaveCriticalSection
lstrcmpW
CompareStringW
CreateFileMappingA
WriteFile
GetEnvironmentStrings
GetTimeFormatA
GetModuleFileNameA
lstrcmpA
VirtualQuery
GetTempPathA
WaitForMultipleObjects
VirtualFree
WaitForSingleObject
CreateMutexW
LCMapStringA
lstrlenW
FreeEnvironmentStringsW
MultiByteToWideChar
GetCurrentProcess
GlobalDeleteAtom
CloseHandle
GlobalAlloc
WideCharToMultiByte
GetFileSize
QueryPerformanceCounter
SetEnvironmentVariableA
GetStringTypeA
IsBadWritePtr
TlsGetValue
GetCurrentProcessId
GetVersionExA
TlsAlloc
HeapCreate
SetLastError
GetTickCount
UnhandledExceptionFilter
ReadFile
GetModuleFileNameW
FreeEnvironmentStringsA
HeapReAlloc
ExpandEnvironmentStringsA
SetStdHandle
GetCommandLineA
HeapAlloc
LCMapStringW
LoadLibraryA
LocalAlloc
RtlUnwind
HeapFree
IsValidLocale
IsBadCodePtr
GetCommandLineW
GetStartupInfoW
DeleteCriticalSection
IsBadReadPtr
SetUnhandledExceptionFilter
LoadLibraryW
InterlockedDecrement
RaiseException
GetCPInfo
EnterCriticalSection
TerminateThread
GetTimeZoneInformation
ExitProcess
LocalFree
GetStartupInfoA
DeleteFileW
GlobalUnlock
FlushInstructionCache
GetProcAddress
GetEnvironmentStringsW
TlsSetValue
GetSystemTimeAsFileTime
SetEndOfFile
CreateFileA
FlushFileBuffers
GetSystemTime
GetProcessHeap
InterlockedExchange
GetStdHandle
LockResource

oleaut32

LoadTypeLi

shell32

SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW
SHChangeNotify
SHGetDesktopFolder
SHGetFileInfoW

gdi32

SaveDC
GetTextMetricsW
PtInRegion
LineTo
RestoreDC
GetTextExtentPoint32W
StretchDIBits
CreatePen
SetWindowExtEx
SelectClipRgn
IntersectClipRect
Rectangle
RectVisible
CombineRgn
StretchBlt
EqualRgn
EndDoc
GdiFlush
CreateDCW
CreateDIBSection
GetPixel
SetStretchBltMode
AbortDoc
EndPage
DeleteDC
SetMapMode
SelectObject
RoundRect
GetObjectW
GetStockObject
CreateSolidBrush
SetWindowOrgEx
SetViewportOrgEx
StartPage
GetDeviceCaps
CreateCompatibleDC
SetBkMode

user32

FrameRect
GetParent
GetSysColorBrush
IsZoomed
GetClientRect
GetWindowRect
DestroyWindow
GetMenuItemCount
DefWindowProcW
UnregisterClassA
ShowWindow
InsertMenuW
RedrawWindow
IsWindow
LoadIconW
DrawTextW
GetMenuDefaultItem
CreateDialogIndirectParamW
SetScrollPos
SendMessageW
MessageBoxA
RegisterClassW
SetRect
CreateWindowExW
GetNextDlgTabItem
CheckMenuItem
IsClipboardFormatAvailable
DestroyIcon
EmptyClipboard
ShowOwnedPopups
SetMenu
GetCapture
InvalidateRect
SetWindowLongW
SendDlgItemMessageA
LoadCursorW
GetWindowThreadProcessId
TranslateMessage
RegisterClassExW
LoadStringW
CloseClipboard
CallWindowProcW
UpdateWindow
GetDoubleClickTime
GetDlgCtrlID
DrawMenuBar
MessageBoxW
GetKeyState

ole32

GetRunningObjectTable
CoRegisterClassObject
ReleaseStgMedium
CreateItemMoniker
StgCreateDocfile
OleUninitialize
CoTaskMemFree
OleSetClipboard
CreateBindCtx
CoRegisterMessageFilter
StringFromGUID2

comctl32

ImageList_GetIconSize
ImageList_Draw
ImageList_LoadImageA
_TrackMouseEvent
InitCommonControlsEx
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_GetImageInfo
PropertySheetA
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
DestroyPropertySheetPage
ImageList_Add

advapi32

RegCreateKeyExA
OpenThreadToken
RegCloseKey
RegOpenKeyExA
GetUserNameA
LookupPrivilegeValueA
RegDeleteKeyA
RegEnumKeyExA
CloseServiceHandle
RegQueryInfoKeyA
RegSetValueExA
CreateServiceA
RegEnumKeyA
OpenProcessToken
RegQueryValueExA
OpenSCManagerA
RegOpenKeyA
ControlService
SetSecurityDescriptorDacl
RegDeleteValueA
InitializeSecurityDescriptor
DeleteService
GetTokenInformation
AllocateAndInitializeSid

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dd9225b9b96b2b7f222625c89070af8

Headers

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

shell32

gdi32

user32

ole32

comctl32

advapi32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 468KB - Virtual size: 467KB

.data Size: 108KB - Virtual size: 115KB

.rsrc Size: 36KB - Virtual size: 32KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 468KB - Virtual size: 467KB

.data
Size: 108KB - Virtual size: 115KB

.rsrc
Size: 36KB - Virtual size: 32KB