87e3302b25f889081ba7fad012b66d03_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

87e3302b25f889081ba7fad012b66d03_JaffaCakes118
Size

24KB
MD5

87e3302b25f889081ba7fad012b66d03
SHA1

4b1605360323a393011c9c49d1c52a90422a547b
SHA256

f9f1a6a3946110301e97710e77c99f91000165a12ecaf4f38cdece6b8b67572e
SHA512

47cc0f0202912c018a7fb5014819da26f073a4bc74741a9569ac96fc0c737c6d1b9f29bceed3c4d7b81ca579c2c77e91e6af6d3021818707f3f24682a15eb150
SSDEEP

384:aHdGpmEM+s50jAF/ABhMQtgjgGnwT7eDYWRvudaE0TKXVv+9ZFP:0dKm4s5tl8hBt2+YBv+aEoKl+35

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87e3302b25f889081ba7fad012b66d03_JaffaCakes118

Files

87e3302b25f889081ba7fad012b66d03_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7ff9eb8d1029925c98544cfa21f490c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowTextW
GetDlgItem
IsWindow
SendMessageW
MessageBoxW
SetDlgItemTextW
EndDialog
ReleaseDC
GetDC
PeekMessageW
CharNextW
CharUpperW
ShowWindow
MsgWaitForMultipleObjects
DestroyWindow
CharPrevW
DialogBoxParamW
SetWindowPos
LoadStringW
GetSystemMetrics
OemToCharA
SendDlgItemMessageW
GetWindowRect
MessageBeep
ExitWindowsEx
CharNextA
GetDesktopWindow
CreateDialogParamW
EnableWindow
UpdateWindow
DispatchMessageW
GetDlgItemTextW

kernel32

GetSystemDefaultUILanguage
ExpandEnvironmentStringsW
LocalFree
GetCurrentProcess
GetVolumeInformationW
SetLastError
GetShortPathNameW
GetProcAddress
GetCurrentProcessId
CompareStringW
GetLocalTime
CloseHandle
FindResourceW
GetProfileStringW
FreeLibrary
HeapAlloc
GetTempFileNameW
UnmapViewOfFile
GetSystemTimeAsFileTime
ReadFile
LoadResource
GetFullPathNameW
MulDiv
MultiByteToWideChar
VirtualAlloc
InterlockedExchange
MapViewOfFileEx
MoveFileW
lstrcmpiW
LocalReAlloc
EnumResourceLanguagesW
lstrcmpW
TerminateProcess
GetDiskFreeSpaceW
GetUserDefaultUILanguage
WriteFile
GetModuleFileNameW
GetLocaleInfoW
CreateProcessW
GetEnvironmentVariableW
FormatMessageW
WritePrivateProfileSectionW
GetFileTime
FindResourceExW
GetTickCount
GetLastError
DisableThreadLibraryCalls
WideCharToMultiByte
GetFileAttributesW
CreateDirectoryW
SearchPathW
LockResource
FindNextFileW
SetFileTime
RemoveDirectoryW
LoadLibraryW
GetFileSize
MapViewOfFile
GetTempPathW
RtlUnwind
MoveFileExW
UnhandledExceptionFilter
InterlockedCompareExchange
LocalAlloc
SetUnhandledExceptionFilter
GetPrivateProfileSectionW
GetCurrentThreadId
CopyFileW
QueryPerformanceCounter
GetSystemInfo
GetWindowsDirectoryW
lstrlenA
SizeofResource
FindClose
HeapFree
LoadLibraryExW
SetFileAttributesW
GetVersionExW
lstrlenW
Sleep
GetDriveTypeW
CreateFileMappingW
GetProcessHeap
GetSystemDirectoryW
DeleteFileW
CreateFileW
lstrcmpiA
SetFilePointer
FindFirstFileW
FreeConsole
GetPrivateProfileStringW

usp10

ScriptGetProperties

shlwapi

StrChrW
PathAppendW
StrRChrW
StrStrIW
PathRemoveFileSpecW
PathCombineW
PathAddBackslashW
PathFileExistsW
PathBuildRootW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ole32

CoTaskMemFree
OleUninitialize
OleInitialize

crypt32

CryptFormatObject

setupapi

SetupTermDefaultQueueCallback
SetupCloseFileQueue
SetupInitDefaultQueueCallbackEx
SetupGetStringFieldW
SetupOpenFileQueue
SetupSetDirectoryIdW
SetupCloseInfFile
SetupOpenAppendInfFileW
SetupCommitFileQueueW
SetupFindFirstLineW
SetupQueueCopyW
SetupGetLineTextW
SetupDefaultQueueCallbackW
SetupFindNextLine
SetupOpenInfFileW
SetupInstallFromInfSectionW

gdi32

GetObjectW
DeleteObject
CreateFontIndirectW
GetStockObject
GetDeviceCaps

advapi32

RegUnLoadKeyW
RegSetValueExW
RegCreateKeyExW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
AllocateAndInitializeSid
RegQueryInfoKeyW
RegOpenKeyExA
RegDeleteKeyW
RegSetValueW
FreeSid
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegEnumKeyW
RegSaveKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyExW
LookupPrivilegeValueW
EqualSid
GetTokenInformation
RegFlushKey

msvcrt

memcpy
_XcptFilter
_wcsnicmp
free
_vsnprintf
_vsnwprintf
memmove
bsearch
_amsg_exit
wcsncmp
malloc
_wcsicmp
_wtoi
_initterm
memset
_wtol
_ultow
_adjust_fdiv
longjmp
_setjmp3

Sections

.text
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ff9eb8d1029925c98544cfa21f490c1

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

usp10

shlwapi

version

ole32

crypt32

setupapi

gdi32

advapi32

msvcrt

Sections

.text Size: 512B - Virtual size: 432B

.rsrc Size: 12KB - Virtual size: 11KB

.idata Size: 6KB - Virtual size: 5KB

.data Size: - Virtual size: 80KB

.rdata Size: 5KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 432B

.rsrc
Size: 12KB - Virtual size: 11KB

.idata
Size: 6KB - Virtual size: 5KB

.data
Size: - Virtual size: 80KB

.rdata
Size: 5KB - Virtual size: 4KB