88061f32b82301fe8464ad8ca0384d08_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88061f32b82301fe8464ad8ca0384d08_JaffaCakes118
Size

584KB
MD5

88061f32b82301fe8464ad8ca0384d08
SHA1

72fe8e64c00977f67ed1f41e9332891005e306b5
SHA256

18fd78ff4361c2bcb29436b9f124e21f8121eec4918609bc34952a6b01224921
SHA512

c806ab141f0c21bd6654c1e2871ab0a64363125d6fbf407498f83cf2875984276b8d081f8683b0140ea70086cfb5291b66be7dbc0b8753c0521ddbd3941e46b2
SSDEEP

12288:6R9/KT9fHMT/S9HX8U+/MvEV6rZHdXAN+iqT4Kj8PaP:KKheK9cI66rZeI9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88061f32b82301fe8464ad8ca0384d08_JaffaCakes118

Files

88061f32b82301fe8464ad8ca0384d08_JaffaCakes118
.exe windows:4 windows x86 arch:x86

967708ab49d803be02dc56fead071809

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

m:\tljioxe\

Imports

comctl32

DestroyPropertySheetPage
ImageList_LoadImage
InitMUILanguage
InitCommonControlsEx
ImageList_GetIcon

shell32

RealShellExecuteExW
ShellAboutA
InternalExtractIconListW
SHFileOperationW

kernel32

WriteConsoleW
GetConsoleMode
GetVersionExA
VirtualFree
SetConsoleActiveScreenBuffer
GetProcAddress
TlsGetValue
CompareStringW
CreateFileA
InterlockedIncrement
LCMapStringW
GetLocalTime
GetProcessHeap
GlobalFindAtomW
MultiByteToWideChar
ReadFile
CreateMutexA
LoadResource
GetCommandLineA
IsValidLocale
GetOEMCP
Sleep
RtlUnwind
LeaveCriticalSection
SetConsoleCtrlHandler
GetCurrentThreadId
FlushFileBuffers
TlsSetValue
SetLastError
WaitForSingleObjectEx
CloseHandle
GetAtomNameW
SetUnhandledExceptionFilter
HeapSize
GetStringTypeA
GetACP
GetConsoleOutputCP
GetCurrentProcess
FreeLibrary
UnhandledExceptionFilter
GetTimeFormatA
GetFileType
OpenFileMappingW
GetStringTypeW
InitializeCriticalSection
GetModuleFileNameA
GetStartupInfoA
EnumSystemLocalesA
FreeEnvironmentStringsA
GetConsoleCP
TlsFree
HeapReAlloc
SetConsoleTitleA
SetEnvironmentVariableA
GetUserDefaultLCID
GetCurrentProcessId
GetModuleHandleA
HeapAlloc
WideCharToMultiByte
TlsAlloc
SetFilePointer
LCMapStringA
VirtualQuery
SetHandleCount
GetStdHandle
GetLocaleInfoW
VirtualAlloc
InterlockedDecrement
HeapCreate
DeleteCriticalSection
HeapFree
GlobalDeleteAtom
CompareStringA
InterlockedExchange
FreeEnvironmentStringsW
GetTimeZoneInformation
GetTickCount
QueryPerformanceCounter
GetCurrentThread
HeapDestroy
OpenMutexA
WriteFile
IsDebuggerPresent
ExitProcess
TerminateProcess
GetCPInfo
SetStdHandle
GetDateFormatA
GetEnvironmentStrings
GetLocaleInfoA
EnterCriticalSection
GetLastError
WriteConsoleA
GetSystemTimeAsFileTime
GetModuleHandleW
LocalUnlock
IsValidCodePage
LoadLibraryA
GetEnvironmentStringsW

gdi32

GetCurrentObject
SetBrushOrgEx
CreatePolygonRgn
CreatePen
RemoveFontResourceA
gdiPlaySpoolStream
CombineRgn
MoveToEx
CloseEnhMetaFile
GetCharABCWidthsFloatA
GetMetaFileW
CreateFontW
LPtoDP
CreateColorSpaceA
GetICMProfileW
DeleteEnhMetaFile
GetGlyphOutlineW
EnumFontFamiliesExW

user32

DrawStateA
InflateRect
DdeQueryConvInfo
EndDeferWindowPos
GetPropA
SetShellWindow
AppendMenuW
RegisterClassExA
EnableWindow
CharPrevW
GetMenuStringA
DefWindowProcA
AnimateWindow
CreateWindowExA
CharToOemA
InternalGetWindowText
EqualRect
GetMonitorInfoW
MessageBoxW
GetUpdateRect
MapVirtualKeyExW
CopyRect
TrackPopupMenuEx
IsCharUpperA
ShowWindow
CreatePopupMenu
CreateDesktopA
UnregisterDeviceNotification
UnhookWindowsHook
GetCursorPos
DestroyWindow
MoveWindow
RegisterClassA
CheckMenuItem

comdlg32

ChooseFontA
GetFileTitleA
ReplaceTextW
GetSaveFileNameA

advapi32

RegRestoreKeyW
CryptImportKey
StartServiceA
RegQueryValueExA
RegDeleteKeyA
CryptAcquireContextW
LogonUserW
CryptGetKeyParam
RegRestoreKeyA
CryptCreateHash

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

967708ab49d803be02dc56fead071809

Headers

File Characteristics

PDB Paths

Imports

comctl32

shell32

kernel32

gdi32

user32

comdlg32

advapi32

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 256KB - Virtual size: 253KB

.data Size: 116KB - Virtual size: 131KB

.rsrc Size: 44KB - Virtual size: 40KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 256KB - Virtual size: 253KB

.data
Size: 116KB - Virtual size: 131KB

.rsrc
Size: 44KB - Virtual size: 40KB