81e54b33cf9a0fcc649bf526cb872078_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

81e54b33cf9a0fcc649bf526cb872078_JaffaCakes118
Size

280KB
MD5

81e54b33cf9a0fcc649bf526cb872078
SHA1

4a467680bf8e044e861aab6137b64517cfa00936
SHA256

168535ab430caf2004b6d209d3179ca0c1f9ccbc8286d7e897b8dc2618827073
SHA512

9fd81cb233a522b57832f7ff19c6a5c4417d32094ac345cf6f67f36d9294f41f5c8aa10c030a6f269667fffad0cf1f07e38b23e002ede080b90e58783aba66f7
SSDEEP

6144:y/pYcj8rBhMwc3bHYko4Z66PTK8MEGtCYs21UG4ZWZG1TZRJvG1Yu:yB5ArBOwpk5ZxMxbOZWZG19RI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81e54b33cf9a0fcc649bf526cb872078_JaffaCakes118

Files

81e54b33cf9a0fcc649bf526cb872078_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af9935b235cc25f1ffd1bfe9f463fe79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegQueryValueExA
OpenSCManagerW
RegDeleteValueW
IsValidSecurityDescriptor
RegCreateKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegOpenKeyW
StartServiceCtrlDispatcherW
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptAcquireContextA
ConvertStringSidToSidW
RegCreateKeyW
ChangeServiceConfigW

user32

EqualRect

kernel32

SetCurrentDirectoryA
HeapDestroy
VirtualFree
SetUnhandledExceptionFilter
GetTimeFormatA
QueryDosDeviceW
FindFirstFileW
lstrcpynA
GlobalFlags
FindClose
GetEnvironmentStrings
ReleaseMutex
GetTimeZoneInformation
GetPrivateProfileIntA
LoadLibraryW
LeaveCriticalSection
GetTickCount
TlsFree
GetStartupInfoA
GetWindowsDirectoryA
WaitForMultipleObjectsEx
CreateDirectoryW
GetExitCodeThread
GetLocaleInfoA
InterlockedDecrement
GetWindowsDirectoryW
FindNextFileW
DeleteFileW
GetFileSize
CreateSemaphoreW
ExitThread
GetPrivateProfileIntW
QueryPerformanceCounter
IsDBCSLeadByte
LocalFree
GetEnvironmentVariableA
GetFileAttributesA
GetConsoleCP
GetFileAttributesExW
GetCurrentDirectoryA
GetLongPathNameW
CompareStringW
CreateProcessW
GetModuleFileNameW
SearchPathW
GetProcAddress
WriteProfileStringA
CreateTimerQueueTimer
InterlockedCompareExchange
GetPrivateProfileStringW
SetLastError
GetShortPathNameW
GetFileAttributesW
IsValidLocale
FindNextChangeNotification
SetFileAttributesW
FlushInstructionCache
TransactNamedPipe
OpenFile
FormatMessageW
LockResource
GetTempPathW
GetOEMCP
ResumeThread
Sleep
OpenFileMappingW
CreateIoCompletionPort
GetDateFormatA
TerminateProcess
HeapAlloc
InitializeCriticalSectionAndSpinCount
CreateFileMappingW
IsValidCodePage
GetACP
GetSystemInfo
FindResourceW
CopyFileW
DeleteFileA
CreateToolhelp32Snapshot
ExpandEnvironmentStringsW
TerminateThread
SetProcessWorkingSetSize
InterlockedIncrement
GetSystemDefaultLangID
MulDiv
GlobalSize
FreeResource
IsBadWritePtr
lstrcmpA
SuspendThread
SetStdHandle
OutputDebugStringW
GetVersion
SetEnvironmentVariableW
RaiseException
FormatMessageA
SetEvent
GetDiskFreeSpaceA
ConvertDefaultLocale
GlobalFindAtomA
IsDebuggerPresent
GetProfileStringW
DeviceIoControl
GetStdHandle
GetDriveTypeA
SetThreadPriority
VirtualAlloc
VirtualProtect
GetModuleHandleA

comdlg32

GetSaveFileNameW
GetSaveFileNameA
ChooseColorA

gdi32

GetObjectType
LineTo
RestoreDC
GetSystemPaletteEntries
Polygon
CreatePatternBrush
SetStretchBltMode
EnumFontFamiliesExA
MoveToEx
CreatePalette
GetOutlineTextMetricsW
GetCharWidthW
SetMetaFileBitsEx
EnumFontsA
RealizePalette
GetMetaFileBitsEx
CreateDCW
LPtoDP
GetNearestPaletteIndex
SetEnhMetaFileBits
GetTextFaceA
StartDocA
OffsetRgn
SaveDC
CreateCompatibleDC
GetLayout
GetTextExtentPointA
GetDIBColorTable
CreateFontW
Ellipse
SetBitmapBits
EnumFontFamiliesExW

winspool.drv

GetPrinterDataA
EnumPrintersA
EnumPrinterDriversA
EnumPortsA

version

GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA

comctl32

ImageList_GetBkColor

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
wcsstr
_c_exit
strchr
toupper
floor
isspace
malloc
_purecall
exit
_errno
_itoa
tolower
_ecvt
qsort
bsearch
_mbsrchr
calloc
_wtoi64
_ismbblead
_CxxThrowException
strncmp
_wcsicmp
_beginthreadex
wcscspn
wcsncpy
iswalnum
strncpy
wcstoul
wcstol
fread
swscanf
_itow
_exit

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

syuaoii
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ksekua
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gukqu
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af9935b235cc25f1ffd1bfe9f463fe79

Headers

File Characteristics

Imports

advapi32

user32

kernel32

comdlg32

gdi32

winspool.drv

version

comctl32

msvcrt

Sections

.text Size: 192KB - Virtual size: 190KB

syuaoii Size: 52KB - Virtual size: 50KB

ksekua Size: 12KB - Virtual size: 11KB

gukqu Size: 20KB - Virtual size: 17KB

.text
Size: 192KB - Virtual size: 190KB

syuaoii
Size: 52KB - Virtual size: 50KB

ksekua
Size: 12KB - Virtual size: 11KB

gukqu
Size: 20KB - Virtual size: 17KB