7841eccef9a569d15b6d533ae82272d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7841eccef9a569d15b6d533ae82272d2_JaffaCakes118
Size

277KB
MD5

7841eccef9a569d15b6d533ae82272d2
SHA1

37281b11115c5e6edc2b26cdaa5a0eac2b488498
SHA256

f61859349d2caf270b90051368281b2a70ca52b80a886fb5a0b4030521c92be3
SHA512

91e398e22caf2273ce0a648c3a62231be17c6190166eccd071b49fb5055ef831f34da4f314ad4d785e8bee2cf2cdf5539b523ae9f9cf4b227348a999dad63d62
SSDEEP

6144:iFR58XhISADp8RQx9zA97GTBaQKVBkSQeozG7EaDi5GNQAvDqyS:iFcHAtk2kV+aQK9QeozG7EalzvOyS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7841eccef9a569d15b6d533ae82272d2_JaffaCakes118

Files

7841eccef9a569d15b6d533ae82272d2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a717b61808e6dd5cadca4157a01a1280

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

atl.pdb

Imports

ntdll

RtlAppendUnicodeToString
RtlDosPathNameToNtPathName_U
RtlUnwind
RtlFreeUnicodeString
RtlFreeHeap

ole32

OleRegGetMiscStatus
CreateOleAdviseHolder
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
OleRegEnumVerbs
OleRegGetUserType

urlmon

CreateURLMoniker

gdi32

GetObjectW
CreateSolidBrush
SetBkColor
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
GetStockObject
CreateRectRgnIndirect
Rectangle
SetTextColor
SetBkMode
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetTextExtentPointW
DeleteObject

user32

DestroyAcceleratorTable
GetKeyState
InvalidateRect
EnableWindow
IsWindow
BeginDeferWindowPos
GetSystemMetrics
GetWindowRect
DeferWindowPos
EndDeferWindowPos
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
EnumChildWindows
GetDlgItem
SendDlgItemMessageW
GetFocus
IsChild
SetWindowLongW
GetSysColor
DrawTextW
DestroyWindow
GetDC
GetDialogBaseUnits
ReleaseDC
GetWindowLongW
SendMessageW
SetDlgItemTextW
GetNextDlgTabItem
SetFocus
GetParent
CreateAcceleratorTableW
ScreenToClient
PostMessageW
IsDialogMessageW
GetWindow
DestroyIcon
DestroyMenu
TrackPopupMenu
ClientToScreen
GetMenuItemInfoW
GetMenuItemCount
DeleteMenu
CreatePopupMenu
GetMessagePos
LoadImageW
LoadStringW
GetClientRect
GetWindowTextW
GetWindowTextLengthW
GetActiveWindow
ShowWindow

kernel32

GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
HeapSize
IsBadWritePtr
VirtualAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetACP
GetOEMCP
LoadLibraryA
InterlockedExchange
IsBadReadPtr
SetFilePointer
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
GetProcessHeap
GetWindowsDirectoryW
lstrcpynW
IsBadCodePtr
FindFirstFileW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualFree
HeapCreate
HeapDestroy
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCPInfo
GetModuleHandleA
ExitProcess
LCMapStringW
LCMapStringA
RaiseException
HeapAlloc
HeapReAlloc
HeapFree
GetVersionExA
GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetDriveTypeW
TerminateProcess
GetExitCodeProcess
CreateFileW
WriteFile
DeleteFileW
GetModuleHandleW
GetModuleFileNameW
GetTempPathW
GetTempFileNameW
SetEnvironmentVariableW
CreateProcessW
GetLastError
GetBinaryTypeW
SearchPathW
LoadLibraryW
GetProcAddress
GetSystemWindowsDirectoryW
FreeLibrary
SetErrorMode
GetFileAttributesW
GetCurrentThreadId
ExpandEnvironmentStringsW
ResetEvent
CreateThread
FindNextFileW
FindClose
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
lstrcpyW
MulDiv
LockResource
LoadResource
FindResourceW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
FlushInstructionCache
GetCurrentProcess
CreateEventW
WaitForSingleObject
SetEvent
CloseHandle
InterlockedCompareExchange

advapi32

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

shell32

SHGetPathFromIDListW
SHGetDesktopFolder
SHBindToParent
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHGetFolderLocation

sfc

SfcIsFileProtected

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a717b61808e6dd5cadca4157a01a1280

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

ole32

urlmon

gdi32

user32

kernel32

advapi32

shell32

sfc

Sections

.text Size: 64KB - Virtual size: 64KB

.data Size: 197KB - Virtual size: 303KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 64KB - Virtual size: 64KB

.data
Size: 197KB - Virtual size: 303KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 9KB - Virtual size: 9KB