7528de7659b8a285f766d3d988a92d20_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7528de7659b8a285f766d3d988a92d20_JaffaCakes118
Size

548KB
MD5

7528de7659b8a285f766d3d988a92d20
SHA1

60e6194100ac0193642a10a64819a4a0aa58ae4f
SHA256

9766f7f404132fb38073e3e6b1559f48868dd06099da4c440f535abe7d19057d
SHA512

9ebcda2a6756ab2ce276d36b8128220acc585150e568818d2f3584592e40a844505baf4ec4d36a2bc37cedf67f28e176a89622d660edffea92da2b6101ce2f92
SSDEEP

6144:grxEUPYu3lhEkAYEbLyAYbj+tyBTV+sv9NYcOgwPx5hhb5jHjibCy/h/lVDNAXR4:glLXPZvwX5jHjibXtNN2RLxir+qn/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7528de7659b8a285f766d3d988a92d20_JaffaCakes118

Files

7528de7659b8a285f766d3d988a92d20_JaffaCakes118
.exe windows:4 windows x86 arch:x86

60c65debc5375ac2d0ffc5a29b433031

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\VOXEGAT\UOMTL\MTEO

Imports

kernel32

UnhandledExceptionFilter
GetEnvironmentStrings
MultiByteToWideChar
GetOEMCP
lstrcpy
SetLocaleInfoA
CompareStringW
WideCharToMultiByte
CreateMutexA
SetThreadLocale
GetFileType
CompareStringA
SetLastError
GetStartupInfoW
TlsAlloc
GlobalCompact
ReadConsoleW
GetCurrentProcess
GetCurrentProcessId
GetWindowsDirectoryW
GetSystemTimeAsFileTime
HeapReAlloc
GetACP
GetStartupInfoA
GetModuleHandleW
GetEnvironmentVariableA
CloseHandle
GetMailslotInfo
ReadConsoleOutputW
LockResource
EnumCalendarInfoExW
GetNamedPipeInfo
GetModuleHandleA
ExitProcess
GetDiskFreeSpaceExA
InterlockedExchange
RtlUnwind
FreeEnvironmentStringsW
DeleteFiber
WritePrivateProfileSectionA
GetStringTypeA
MoveFileW
CreateFileA
FlushFileBuffers
MapViewOfFileEx
GetTickCount
HeapAlloc
lstrcmp
EnterCriticalSection
GetStdHandle
VirtualFree
InterlockedIncrement
FreeEnvironmentStringsA
GetFullPathNameA
WaitForDebugEvent
IsBadWritePtr
SetFilePointer
GetStringTypeW
GetConsoleCursorInfo
TerminateProcess
GetEnvironmentStringsW
GetSystemTime
InterlockedDecrement
GetProcAddress
FindFirstFileExA
TlsSetValue
CreateDirectoryExW
GetCurrentThread
GetLocalTime
CreatePipe
LoadResource
TlsFree
GetLogicalDriveStringsW
HeapCreate
GetSystemInfo
GetCommandLineA
HeapFree
GetEnvironmentStringsA
ContinueDebugEvent
GetDriveTypeA
GetLogicalDriveStringsA
GetPriorityClass
DebugActiveProcess
SetThreadContext
LoadLibraryA
CreateProcessW
GetCurrentThreadId
OpenMutexA
VirtualQuery
GetModuleFileNameA
CreateFileW
HeapDestroy
InitializeCriticalSection
OpenEventA
LCMapStringW
GlobalAlloc
SetComputerNameA
EnumResourceTypesW
VirtualAlloc
EnumCalendarInfoA
QueryPerformanceCounter
GetVersion
SetStdHandle
WaitForSingleObjectEx
lstrcmpiA
WriteFile
SetHandleCount
GetCPInfo
SetLocalTime
ReadFile
SystemTimeToTzSpecificLocalTime
GetPrivateProfileSectionA
LeaveCriticalSection
HeapValidate
GetFileSize
GetThreadSelectorEntry
SetEnvironmentVariableA
PulseEvent
GetTimeZoneInformation
LCMapStringA
SetVolumeLabelW
TlsGetValue
DeleteCriticalSection
IsValidLocale
DeleteFileA
RaiseException
TryEnterCriticalSection
LoadModule
GetLastError

user32

ToUnicodeEx
HideCaret
LoadStringA
DlgDirSelectComboBoxExA
DrawTextExW
LoadCursorW
DefDlgProcA
DdeInitializeA
LoadKeyboardLayoutW
MessageBoxA
CreateIconIndirect
FrameRect
RegisterClassA
DestroyWindow
wvsprintfW
EnumPropsW
CreateWindowExW
ShowWindow
LoadIconW
GetClipboardData
TabbedTextOutA
CloseWindow
RegisterClassExA
SetSystemCursor
InsertMenuItemA
DefWindowProcA
GetMenuItemID
SetProcessDefaultLayout
GetKeyboardLayoutNameA
GetUserObjectInformationA
IsChild

wininet

FtpPutFileW
DeleteUrlCacheEntryW
DetectAutoProxyUrl

comctl32

CreateToolbar
ImageList_SetIconSize
ImageList_GetImageCount
GetEffectiveClientRect
ImageList_Replace
ImageList_GetDragImage
ImageList_Destroy
DrawStatusTextA
ImageList_Read
DrawStatusTextW
ImageList_Write
CreateUpDownControl
ImageList_LoadImageA
ImageList_DragLeave
ImageList_SetFlags
ImageList_Duplicate
ImageList_BeginDrag
ImageList_AddIcon
ImageList_Merge
ImageList_EndDrag
ImageList_SetOverlayImage
ImageList_SetDragCursorImage
ImageList_Copy
InitCommonControlsEx

advapi32

RegSaveKeyA
ReportEventW
RegReplaceKeyA
LogonUserW
RegEnumKeyW
RegRestoreKeyW
CryptSetProviderExW
CryptDestroyKey
CryptAcquireContextW
RegNotifyChangeKeyValue
RegConnectRegistryW
LookupPrivilegeNameA
RegDeleteValueW
CryptSetProviderExA
LogonUserA
StartServiceW
RegSetKeySecurity
RegOpenKeyW
RegSaveKeyW
InitiateSystemShutdownA
RegQueryValueA

gdi32

DeleteDC
GetDeviceCaps
CreateDCW
GetTextExtentPointW
GetEnhMetaFilePaletteEntries
DeleteObject
GetObjectW
SelectClipPath
GetBkColor
SetWindowOrgEx
GetDIBits
PathToRegion
StrokePath
GdiPlayScript

shell32

SHGetFileInfoW
DragQueryFileAorW
SHGetNewLinkInfo

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60c65debc5375ac2d0ffc5a29b433031

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

wininet

comctl32

advapi32

gdi32

shell32

Sections

.text Size: 164KB - Virtual size: 162KB

.rdata Size: 248KB - Virtual size: 245KB

.data Size: 112KB - Virtual size: 117KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 164KB - Virtual size: 162KB

.rdata
Size: 248KB - Virtual size: 245KB

.data
Size: 112KB - Virtual size: 117KB

.rsrc
Size: 20KB - Virtual size: 18KB