7128040c6469db57d200f0d77c7f2090_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7128040c6469db57d200f0d77c7f2090_JaffaCakes118
Size

797KB
MD5

7128040c6469db57d200f0d77c7f2090
SHA1

2829b25f38867e610e86d151d37e65b3d1af6fa3
SHA256

6ed2b220d92811d5e3ed1aca1b3fb1520a898ae9fb47d4ec349155bb715c667b
SHA512

e7542f2849ffd7cfb1815a63b72e2c37fc20219cd29da67fc7da1d4d3a8e4a4caddf57c93b1a6528faac1d971269af64e799efe710b69b6268fa28f6e721b6ff
SSDEEP

12288:6IcD+lqkbjAUiIyjelAR99vr+M3Q7c2ZToxw0GXxAcNHFi:6/3kbD5GFR99r0asXxXi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7128040c6469db57d200f0d77c7f2090_JaffaCakes118

Files

7128040c6469db57d200f0d77c7f2090_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1afed3def44beb015902c5c62d69f6bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
GetSystemTimeAsFileTime
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
Sleep
lstrlenW
GetTempPathW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetFileAttributesW
GetFileAttributesExW
CreateFileW
CreateFileA
GetLastError
FindClose
RemoveDirectoryW
DeleteFileW
FindFirstFileW
LocalFree
FormatMessageA
ReleaseMutex
TlsAlloc
TlsFree
TlsGetValue
GetSystemInfo
CreateMutexA
GetCurrentProcessId
ResetEvent
TlsSetValue
ResumeThread
InitializeCriticalSection
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
RaiseException
GetModuleHandleW
GetProcAddress
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetCPInfo
VirtualProtect
VirtualAlloc
VirtualQuery
LCMapStringA
LCMapStringW
GetStringTypeW
ExitThread
CreateThread
SetLastError
WriteFile
GetStdHandle
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapCreate
HeapDestroy
VirtualFree
HeapReAlloc
GetModuleHandleA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetStringTypeA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
HeapSize
ReadFile
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
SetEvent
CloseHandle
GetTickCount
GetTempFileNameW
SetFileAttributesW
CreateSemaphoreW
CreateEventW
GetFileSize
lstrlenA
GetSystemTime
FormatMessageW
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
ReleaseSemaphore
DuplicateHandle
CreateSemaphoreA
GetVersionExA
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemDefaultLCID
CreateEventA

advapi32

RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW

dnsapi

DnsQuery_A
DnsRecordListFree

rpcrt4

UuidCreate

shell32

ord680

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantCopy
SysStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString

gdiplus

GdiplusShutdown
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCloneBitmapAreaI
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipBitmapGetPixel
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneImage
GdipDeleteGraphics
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipSetImagePalette
GdipCreateBitmapFromScan0
GdiplusStartup

shlwapi

PathRemoveExtensionW
PathStripPathW
PathRemoveArgsW
PathMakePrettyW

wininet

FindNextUrlCacheEntryW
SetUrlCacheEntryInfoW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache

user32

wsprintfW
SetThreadDesktop
GetThreadDesktop
GetDC
CreateDesktopW
CharUpperW
CloseDesktop
CharLowerW
GetSystemMetrics

gdi32

CreateCompatibleBitmap
DeleteObject
DeleteDC
SelectObject
StretchBlt
CreateCompatibleDC

Sections

.text
Size: 575KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1afed3def44beb015902c5c62d69f6bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

dnsapi

rpcrt4

shell32

ole32

oleaut32

gdiplus

shlwapi

wininet

user32

gdi32

Sections

.text Size: 575KB - Virtual size: 575KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 42KB - Virtual size: 60KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 54KB - Virtual size: 54KB

.text
Size: 575KB - Virtual size: 575KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 42KB - Virtual size: 60KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 54KB - Virtual size: 54KB