844d08173768bc301b0065185b5eb127_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

844d08173768bc301b0065185b5eb127_JaffaCakes118
Size

232KB
MD5

844d08173768bc301b0065185b5eb127
SHA1

28245cf3a608dee5a92f770d44f9ddfdde7d2755
SHA256

8e99c124efd9b118360f7008ad74abcd063ec8b4058e8aff4a7045e3e64c5e72
SHA512

ee684799812cc97d64c38a6519303ada2f36d2d126d766126b27518a47216e2d0d757cd202ae35a92f2eb97b9115f9475821efecb47c42a96e170c7837719281
SSDEEP

3072:hWJnmhjAEwkD0bm5GzzcJw08asg7uukPUDfbC3z0MgyqKLviNlsDa6HJkY6m02VW:yOWkD0Q1J7xFubLPrvKDm02wQr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
844d08173768bc301b0065185b5eb127_JaffaCakes118

Files

844d08173768bc301b0065185b5eb127_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b24272449c565b669e527709054a9806

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

m:\gdapjk\vsome\xnvmb.pdb

Imports

ole32

CoCreateInstance
OleFlushClipboard
GetHGlobalFromILockBytes
OleQueryLinkFromData
CoLockObjectExternal
CLSIDFromProgID
OleIsRunning
CoGetMalloc
CLSIDFromString
OleQueryCreateFromData
OleGetClipboard

oleaut32

LoadTypeLi

user32

GetScrollRange
GetMessagePos
RegisterClassA
LoadCursorA
InvalidateRgn
ShowWindow
CallWindowProcA
DefWindowProcA
TranslateMessage
GetActiveWindow
CreateWindowExA
LoadStringA
DestroyWindow
IsIconic
RegisterClassExA
LoadIconA
MessageBoxA
GetMessageA
MapDialogRect
CopyRect

comctl32

ImageList_GetIcon
ord17
ImageList_Destroy
ImageList_Create
InitCommonControlsEx
ImageList_AddMasked
_TrackMouseEvent
ImageList_GetImageCount
ImageList_DrawEx

shell32

ord155
SHAppBarMessage
SHGetFileInfoA
SHGetMalloc
DragQueryFileA
ShellExecuteA

version

GetFileVersionInfoA
VerLanguageNameA
GetFileVersionInfoSizeA
VerQueryValueA

winspool.drv

OpenPrinterW
ord204
DocumentPropertiesW
ClosePrinter
EnumPrintersW
GetJobW

kernel32

GetStartupInfoA
lstrcpynA
LockResource
GlobalHandle
GetTickCount
DeleteCriticalSection
CreateMutexA
CreateEventA
GetTimeZoneInformation
CompareStringW
PeekNamedPipe
LCMapStringW
SetHandleCount
LocalAlloc
RaiseException
GetVersion
HeapCreate
ResumeThread
GetVolumeInformationA
TlsSetValue
GetFileSize
GetCurrentDirectoryA
EnterCriticalSection
SetEnvironmentVariableA
LocalFree
LoadLibraryA
SetEvent
WaitForSingleObject
GetStdHandle
GetCurrentProcessId
OpenProcess
InterlockedExchange
WinExec
VirtualProtect
LCMapStringA
GetTempPathA
VirtualQuery
GetDateFormatA
GlobalSize
HeapFree
TlsFree
VirtualFree
CopyFileA
ExitProcess
VirtualAlloc
DeleteFileA
FreeLibrary
GetCurrentThreadId
RemoveDirectoryA
GlobalMemoryStatus
FindFirstFileA
FileTimeToLocalFileTime
CompareStringA
GetSystemTime
GlobalDeleteAtom
GetSystemTimeAsFileTime
WriteFile
GetACP
UnmapViewOfFile
CreateThread
FreeResource
WritePrivateProfileStringA
RtlUnwind
GlobalFree
EnumSystemLocalesA
FileTimeToSystemTime
SetEndOfFile
HeapAlloc
CreateProcessA
GetModuleFileNameA
OpenMutexA
GetCurrentProcess
GetOEMCP
IsBadCodePtr
GetCurrentThread
WideCharToMultiByte
TlsGetValue
GetEnvironmentStringsW
GetStringTypeW
GetFileType
HeapReAlloc
GetFileTime
GetPrivateProfileIntA
ReadFile
MulDiv
Sleep
CloseHandle
DeviceIoControl
ReleaseMutex
lstrcmpiA
FlushFileBuffers
InitializeCriticalSection
SizeofResource
GetUserDefaultLCID
HeapDestroy
GetModuleHandleA
GlobalUnlock
HeapSize
CreateFileA
SetLastError
GlobalReAlloc
TerminateThread
SystemTimeToFileTime
GetEnvironmentStrings
MapViewOfFile
QueryPerformanceCounter
GlobalGetAtomNameA
GetLogicalDriveStringsA
GetFileInformationByHandle
GetVersionExA
FreeEnvironmentStringsW
GetDriveTypeA
SetUnhandledExceptionFilter
GlobalLock
InterlockedDecrement
SuspendThread
UnhandledExceptionFilter
TlsAlloc
ConvertDefaultLocale
GetLastError
GetFullPathNameA
IsBadReadPtr
GetCommandLineA
GetLocalTime
GetStringTypeA
GetProcAddress
GetModuleFileNameW
FreeEnvironmentStringsA
SetFilePointer
TerminateProcess
GetCPInfo
InterlockedIncrement
MultiByteToWideChar
GetFileAttributesA
GetSystemDirectoryA
MoveFileA
lstrcpyA
SetStdHandle
LeaveCriticalSection
ExitThread

advapi32

RegOpenKeyExA
GetSidLengthRequired
OpenProcessToken
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
RegCreateKeyA

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b24272449c565b669e527709054a9806

Headers

File Characteristics

PDB Paths

Imports

ole32

oleaut32

user32

comctl32

shell32

version

winspool.drv

kernel32

advapi32

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 80KB - Virtual size: 77KB

.data Size: 56KB - Virtual size: 59KB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 80KB - Virtual size: 77KB

.data
Size: 56KB - Virtual size: 59KB

.rsrc
Size: 28KB - Virtual size: 27KB