83448fc10f297a6968aeda7c02b09051_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

83448fc10f297a6968aeda7c02b09051_JaffaCakes118
Size

200KB
MD5

83448fc10f297a6968aeda7c02b09051
SHA1

7a9fc4f7777c4f3c6732189c4794df46b60e4af7
SHA256

3804f50c6b6284c2de6cc218bb33801a62e2d047c6e8ff44615c14b2dd289356
SHA512

287b32cd81a161d68cc55aa5b6e59e66d6b600f7c45d049e63fb3882514a4ba17e3fbe1a8eb39c0de594771bd8fdcc74c8c7f2331e118579bced34709c1e8027
SSDEEP

3072:ykYaAVq623PW+0VsMDYpXyFIU1V3H729bxqgQeRGttQNaxWSVMIB5R6:f1u+ohMXyFIUn3H7S3BAtQwVMu6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83448fc10f297a6968aeda7c02b09051_JaffaCakes118

Files

83448fc10f297a6968aeda7c02b09051_JaffaCakes118
.exe windows:5 windows x86 arch:x86

96de0c3cd4b13c20a691772518dd3dfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\123\Release\Server.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleW
InterlockedDecrement
SizeofResource
LockResource
LoadResource
FindResourceW
FreeLibrary
GetCurrentProcessId
FormatMessageW
MultiByteToWideChar
InterlockedIncrement
lstrcmpA
lstrlenA
GetVersionExA
lstrcmpW
LoadLibraryA
LoadLibraryW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
TlsFree
GetCurrentProcess
GetModuleHandleA
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
ExitProcess
HeapCreate
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GlobalFree
DeleteCriticalSection
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
SetLastError
GetCurrentThreadId
CreatePipe
WaitForMultipleObjects
DisconnectNamedPipe
GetStartupInfoW
TerminateProcess
GetSystemDirectoryW
CreateProcessW
PeekNamedPipe
SetFileAttributesW
OpenEventW
GetModuleFileNameW
GetVersionExW
GetTickCount
GetComputerNameW
TerminateThread
GetVolumeInformationW
lstrcpyW
LocalFree
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
RemoveDirectoryW
LocalAlloc
FindClose
MoveFileW
GetLastError
CreateFileW
ReadFile
LocalReAlloc
GetFileAttributesW
WriteFile
CreateDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
SetFilePointer
FindFirstFileW
GetFileSize
CloseHandle
CancelIo
CreateEventW
ResetEvent
InterlockedExchange
lstrlenW
Sleep
WideCharToMultiByte
SetEvent
WaitForSingleObject
VirtualAlloc
FlushFileBuffers
VirtualFree

user32

DestroyMenu
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
PostQuitMessage
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
wsprintfW
CharNextW
GetUserObjectInformationW
SetThreadDesktop
PeekMessageW
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
SendMessageW
CloseDesktop
OpenInputDesktop
GetThreadDesktop
ClientToScreen
SetWindowTextW
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetParent
GetWindowLongW

advapi32

GetUserNameW

shell32

SHGetFileInfoW
ShellExecuteW

ws2_32

getsockname
WSAIoctl
connect
WSAStartup
select
htons
setsockopt
WSACleanup
recv
socket
closesocket
gethostbyname
send

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
DeleteObject
ScaleViewportExtEx
ExtTextOutW
SaveDC
RestoreDC
SetMapMode
SetViewportExtEx
OffsetViewportOrgEx
RectVisible
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
PtVisible
TextOutW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96de0c3cd4b13c20a691772518dd3dfe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ws2_32

oleacc

gdi32

winspool.drv

oleaut32

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 14KB - Virtual size: 28KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 14KB - Virtual size: 28KB

.rsrc
Size: 512B - Virtual size: 436B