827c7e594a5079384764ec30ec88b6f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

827c7e594a5079384764ec30ec88b6f6_JaffaCakes118
Size

299KB
MD5

827c7e594a5079384764ec30ec88b6f6
SHA1

de70303862218531532b0b751836c9407dc61a76
SHA256

badf2624356598cb4f254189d0d03f38883a03db91d790b2eadf5edfe5af99ea
SHA512

f0a054d6074538762bd39e641a69e3c98c1d910c6527459a2821344b14703fc2527e04a57444fa7f4176a0bb513963f0938bed88a531b5334e8b8b5bcc17f99f
SSDEEP

6144:xWJHi4JPg8XszQT4PKnjYJ0uEhePk5WuGX9+R5fExomfp:kN3JPrczmCKUCQPk5Wbs5/mfp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
827c7e594a5079384764ec30ec88b6f6_JaffaCakes118

Files

827c7e594a5079384764ec30ec88b6f6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0d6036bc1f5e7615bbac03879c401a86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

kernel32

GetCurrentThreadId
TlsFree
GetCommandLineW
SetEnvironmentVariableA
GetEnvironmentStrings
EnumSystemLocalesA
lstrcmp
TerminateProcess
LCMapStringA
TryEnterCriticalSection
EnumSystemCodePagesW
CompareStringA
InterlockedExchange
GetCurrentProcessId
OpenEventW
GetModuleHandleA
GetCPInfo
lstrcpynA
VirtualFree
GetStartupInfoA
UnhandledExceptionFilter
QueryPerformanceCounter
SetHandleCount
InitializeCriticalSection
SetPriorityClass
GetVersion
SetStdHandle
GetFileType
CreateMutexA
GetLastError
FreeEnvironmentStringsA
HeapReAlloc
GetWindowsDirectoryW
GetConsoleOutputCP
SetFilePointer
GetStdHandle
TlsSetValue
InterlockedDecrement
FlushFileBuffers
TerminateThread
LoadLibraryA
OutputDebugStringA
LockFileEx
WriteProfileSectionW
GetSystemTime
SetLocaleInfoW
CompareStringW
GetDateFormatW
GetEnvironmentStringsW
HeapAlloc
GetLocalTime
EnterCriticalSection
GetCurrentProcess
WriteFile
DeleteCriticalSection
LeaveCriticalSection
TlsAlloc
CloseHandle
RtlUnwind
VirtualAlloc
CreateFileMappingA
GetSystemTimeAsFileTime
WideCharToMultiByte
SetLastError
ExitProcess
LCMapStringW
GetProcAddress
IsBadWritePtr
InterlockedIncrement
ReleaseSemaphore
HeapFree
VirtualQuery
ReadFile
HeapCreate
GetCurrentThread
GetCommandLineA
HeapDestroy
GetModuleFileNameA
FindNextFileA
ConnectNamedPipe
GetTimeZoneInformation
GetTickCount
GetStringTypeW
OpenSemaphoreW
AddAtomA
TlsGetValue
GetModuleFileNameW
FreeEnvironmentStringsW
MultiByteToWideChar
GetStringTypeA
OpenMutexA
GetStartupInfoW

comctl32

ImageList_DrawIndirect
MakeDragList
InitCommonControlsEx
ImageList_SetOverlayImage
ImageList_BeginDrag
ImageList_Read
ImageList_SetDragCursorImage
ImageList_AddMasked
DrawStatusText
ImageList_SetIconSize
ImageList_DragMove

comdlg32

ReplaceTextW

gdi32

SelectObject
GetDeviceCaps
GetObjectW
SetGraphicsMode
CreateDCW
CreateRoundRectRgn
GetGlyphOutline
EndPage
PatBlt
GetTextFaceW
DeleteDC
GetBoundsRect
DeleteObject
GetTextExtentExPointW

user32

ShowWindow
LoadCursorA
RegisterClassA
MessageBoxA
DefWindowProcW
DestroyWindow
RegisterClassExA
CreateWindowExW
ReleaseDC

advapi32

RegReplaceKeyW
CryptSetProvParam
CryptSetProviderW
RegSetValueA
CryptGetKeyParam
StartServiceA
RegSaveKeyA
CryptReleaseContext
RegQueryValueW
CryptSetProviderA
RegLoadKeyW
CryptGetUserKey
RegRestoreKeyW

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d6036bc1f5e7615bbac03879c401a86

Headers

File Characteristics

PDB Paths

Imports

kernel32

comctl32

comdlg32

gdi32

user32

advapi32

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 79KB - Virtual size: 89KB

.data Size: 91KB - Virtual size: 90KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 79KB - Virtual size: 89KB

.data
Size: 91KB - Virtual size: 90KB

.rsrc
Size: 15KB - Virtual size: 15KB