7731bd8f807b02d2165723e71c937445_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7731bd8f807b02d2165723e71c937445_JaffaCakes118
Size

340KB
MD5

7731bd8f807b02d2165723e71c937445
SHA1

ceef30bc8fca341b98528c0b6e543ea0b7e60e28
SHA256

588c73596975e17f1bff4dc4d35a0ee3a6470e4f19a4a3b9f56923bac41ba020
SHA512

7ba44be8dd405d764fa15318c55c8580a00970d557fda4eb0e98b7c06814154fe8b051a4089e0defe16bb21f6e74307c909ea24639d097682b12dfe210271b43
SSDEEP

6144:6dzgaJB9JG7MertDWYXlk8K87Y6nQDFC74ih6BbOr4p0AMb4R76s4HqaLUp:6Ngw9JiMs9WYVkoKJKX6iAMcR76s41

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7731bd8f807b02d2165723e71c937445_JaffaCakes118

Files

7731bd8f807b02d2165723e71c937445_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6bfa99aa25fd270d33430f5fb2474531

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MsgWaitForMultipleObjects
GetWindowThreadProcessId
GetKeyboardType
GetActiveWindow
ExitWindowsEx
CharLowerA
DispatchMessageW
CharUpperW
CharUpperA
CharNextW
PeekMessageW
TranslateMessage
SendMessageW
PostMessageW

shlwapi

PathStripToRootW
PathIsRelativeW
PathIsRootW
PathIsUNCW
PathRemoveBackslashW
StrChrW
StrCmpIW
StrCmpW
StrRChrW
StrStrIW
StrToIntExW
UrlGetPartW
UrlCombineW
StrToIntW
PathFindExtensionW

oleaut32

SysFreeString
VariantInit
VariantClear
VarR8FromI1
SysStringLen
SysAllocString

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoUninitialize
HMETAFILE_UserFree

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LsaQueryInformationPolicy
LsaOpenPolicy
LsaNtStatusToWinError
LsaFreeMemory
LsaClose
LookupPrivilegeValueW
IsValidSid
GetTokenInformation
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetLengthSid
FreeSid
EqualSid
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
AdjustTokenPrivileges
SetNamedSecurityInfoW

kernel32

InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
InterlockedExchange
LoadLibraryExW
HeapAlloc
GlobalFree
InterlockedIncrement
HeapReAlloc
LeaveCriticalSection
lstrlenW
LocalFree
MapViewOfFile
MoveFileW
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ReleaseMutex
RemoveDirectoryW
ResetEvent
SetEndOfFile
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrcmpiW
lstrcpynW
HeapFree
GetExitCodeThread
CloseHandle
CompareFileTime
CompareStringA
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateMutexW
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileW
DisableThreadLibraryCalls
EnterCriticalSection
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeW
GetExitCodeProcess
GlobalAlloc
GetFileSize
GetFileTime
GetFileType
GetLocalTime
GetLocaleInfoW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetSystemDefaultLangID
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultLangID
GetVersionExW
GetVolumeInformationW
lstrlenA

wininet

InternetQueryOptionA
InternetCrackUrlW
InternetGetConnectedState
InternetCanonicalizeUrlW

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

setupapi

CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
SetupCloseFileQueue
SetupCloseInfFile
SetupDiBuildDriverInfoList
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoW
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInstallParamsW
SetupDiInstallDriverFiles
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
SetupDiSetDeviceInstallParamsW
SetupDiSetSelectedDriverW
SetupFindFirstLineW
SetupGetStringFieldW
SetupOpenFileQueue
SetupOpenInfFileW
SetupScanFileQueueW

shell32

SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

Sections

.text
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bfa99aa25fd270d33430f5fb2474531

Headers

File Characteristics

Imports

user32

shlwapi

oleaut32

ole32

advapi32

kernel32

wininet

crypt32

setupapi

shell32

Sections

.text Size: 252KB - Virtual size: 252KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 16KB - Virtual size: 148KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 252KB - Virtual size: 252KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 16KB - Virtual size: 148KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB