85878e1e1074b56b3358248984004eb0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

85878e1e1074b56b3358248984004eb0_JaffaCakes118
Size

220KB
MD5

85878e1e1074b56b3358248984004eb0
SHA1

464741a900ba751907d9e5811bac0bf663e29035
SHA256

9585c20ab3e180e0307f66e0226da2884454f388e3389e89020288ef52f9a5ac
SHA512

918625e72cfe1dfd5f57bd62642abb9494adbd8cbbb69f12565ce3932e3921139e765304e5cc557e189988736d1b41e470465552a6250bb4f00b3b1e96cde112
SSDEEP

6144:YkjPDofkM/yKVF+J2jXAavFvxdXrrCab1k:Ykj7MpqKVFbXTJr2aq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85878e1e1074b56b3358248984004eb0_JaffaCakes118

Files

85878e1e1074b56b3358248984004eb0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dcdda2b0d8516eb910f0f85362cbf68a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcess
InterlockedCompareExchange
InterlockedExchange
Sleep
UnhandledExceptionFilter
VirtualAlloc
FreeEnvironmentStringsW
GetProcessAffinityMask
CreateTapePartition
GetQueuedCompletionStatus
GlobalMemoryStatusEx
BeginUpdateResourceW
RtlMoveMemory
FindFirstChangeNotificationW
ReadFileEx
HeapLock
GetPriorityClass
LZOpenFileA
GetThreadPriority
SetEndOfFile
GlobalLock
LocalHandle
GetFileInformationByHandle
SetWaitableTimer
IsValidLanguageGroup
GlobalSize
DeleteAtom
GetDiskFreeSpaceA
EscapeCommFunction
GetSystemWow64DirectoryA
ReadConsoleOutputW
BackupRead
AssignProcessToJobObject
SetConsoleCtrlHandler
LocalSize
FindResourceA
WriteProfileSectionA
SetCurrentDirectoryW
LoadResource
RtlCaptureContext
VDMConsoleOperation
CreateFileMappingW
GetShortPathNameA
OpenSemaphoreW
Thread32First
GetDriveTypeA
CreateDirectoryExW
SetConsoleMode
GetConsoleCharType
GetThreadTimes
OutputDebugStringW
LZRead
WTSGetActiveConsoleSessionId
lstrcmpi
GetWindowsDirectoryW
EnumSystemLocalesA
IsWow64Process
EnterCriticalSection
GetProfileIntA
SetProcessPriorityBoost
HeapSize
LocalLock
GetConsoleCommandHistoryW
InitAtomTable
GetLongPathNameA
IsBadReadPtr
ReadConsoleOutputA
SetLocaleInfoW
SetConsoleIcon
FindFirstChangeNotificationA
LoadLibraryA
GetProcAddress
GetCurrentDirectoryA
LocalAlloc
SetCurrentDirectoryA
GetModuleHandleA

user32

CopyRect
GetClientRect
SendMessageA
PostMessageA
GetWindow
SetWindowPos
LoadCursorW
SystemParametersInfoW
UnloadKeyboardLayout
AllowSetForegroundWindow
SetCursor
SetCaretBlinkTime
GetKeyboardLayoutList
GetCaretPos
MapVirtualKeyA
DlgDirListComboBoxA
BeginPaint
MessageBoxExA
SetMenuItemBitmaps
DrawIcon
TranslateAccelerator
CharNextExA
EnterReaderModeHelper
PostThreadMessageA
SendMessageCallbackW
DrawEdge
SetProgmanWindow
IsServerSideWindow
ShowScrollBar
SetMenuDefaultItem
SetScrollRange
SendMessageTimeoutW
CharToOemBuffW
CountClipboardFormats
GetWindowTextW
CharNextA
GetTabbedTextExtentW
RegisterHotKey
GetClassLongW
DragDetect
WINNLSGetIMEHotkey
GetWindowRect
TileChildWindows
DeleteMenu
SendIMEMessageExA
EnumDisplaySettingsExA
GetDlgCtrlID
RedrawWindow
CloseClipboard
IsDialogMessageA
DdeCmpStringHandles
GetAsyncKeyState
DdeFreeStringHandle
ExcludeUpdateRgn
GetWindowRgnBox
RegisterShellHookWindow
GetScrollRange
SetWindowContextHelpId
OemToCharW
DispatchMessageA
SetParent
SetDlgItemTextA
ChangeMenuA
CreateIconFromResource
DlgDirSelectExW
GetWinStationInfo
MB_GetString
RegisterTasklist
DialogBoxParamW
CallNextHookEx
IMPGetIMEA
ShowStartGlass
ChildWindowFromPointEx
RealGetWindowClass
UserRealizePalette
DdeAddData
CopyAcceleratorTableW
SendNotifyMessageW
CallMsgFilter
ReleaseDC
NotifyWinEvent
GetOpenClipboardWindow
IsCharAlphaA
IsClipboardFormatAvailable
ReasonCodeNeedsComment
MapVirtualKeyExA
RegisterClassA
CloseDesktop
GetMessageA
MessageBoxTimeoutA
RealChildWindowFromPoint
SetLastErrorEx
SetMenuContextHelpId
GetRawInputData
RegisterRawInputDevices
LoadIconA
CreateDialogParamA
CreatePopupMenu
AppendMenuA
SetMenu

gdi32

GdiAddGlsBounds
OffsetViewportOrgEx
EngBitBlt
PolyPolyline
EndDoc
GetCharacterPlacementW
GetCharWidthInfo
CopyEnhMetaFileW
GetBoundsRect
SetMiterLimit
MaskBlt
SetSystemPaletteUse
CreateRectRgn
DdEntry25
IntersectClipRect
SetICMProfileW
QueryFontAssocStatus
SelectClipRgn
ExtCreatePen
EngStretchBlt
GetObjectA
EngCreateDeviceSurface
GdiEntry15
GetNearestColor
DeleteObject
ExtTextOutA
DdEntry31
DdEntry16
GetFontUnicodeRanges
PolyPolygon
GetTextExtentPointI
BitBlt
UpdateICMRegKeyW
EngQueryLocalTime
GdiFlush
GetCharABCWidthsFloatW
Polygon
CreateFontIndirectA
FONTOBJ_pxoGetXform
EnumFontFamiliesExW
FillRgn
GetCharWidthI
GetCharABCWidthsFloatA
MoveToEx
GetMetaFileA
EngDeleteSurface
CreateRoundRectRgn
DdEntry14
GetTextCharacterExtra
GdiConvertBitmap
FixBrushOrgEx
CreateEllipticRgnIndirect
ExtCreateRegion
STROBJ_vEnumStart
GetStringBitmapA
MirrorRgn
CreateFontW
AbortDoc
GdiEntry9
GdiInitSpool
RemoveFontMemResourceEx
PolyTextOutW
FrameRgn
SetBitmapDimensionEx
XLATEOBJ_iXlate
GetBkMode
GetMetaFileBitsEx
GdiConvertEnhMetaFile
Polyline
HT_Get8BPPFormatPalette
GdiPlayPageEMF
SetICMProfileA
CreateFontIndirectExA
CreateFontIndirectExW
SetBitmapAttributes

advapi32

DeleteAce
EnumServicesStatusExW
QueryServiceConfig2A
GetSidSubAuthority
GetOldestEventLogRecord
RegOpenKeyExW
WmiSetSingleItemW
CreateServiceA
DestroyPrivateObjectSecurity
SystemFunction023
UnregisterTraceGuids
WmiQuerySingleInstanceMultipleW
SystemFunction002
AbortSystemShutdownA
EnumDependentServicesA
ConvertSecurityDescriptorToAccessA
SystemFunction031
MD5Final
StartTraceW
CloseEventLog
BuildImpersonateTrusteeW
SaferiIsExecutableFileType
CryptSetProviderExA
SystemFunction012
LsaEnumeratePrivilegesOfAccount
AccessCheckAndAuditAlarmW
RevertToSelf
SystemFunction025
LsaClearAuditLog
LsaLookupPrivilegeDisplayName
SetTokenInformation
LsaGetRemoteUserName
CredReadW
CredGetSessionTypes
TrusteeAccessToObjectW
ImpersonateNamedPipeClient
LsaICLookupSidsWithCreds
TraceMessageVa
OpenTraceW
SetSecurityDescriptorDacl
RegSetValueW
StartServiceA
AccessCheckByTypeResultListAndAuditAlarmA
SaferiPopulateDefaultsInRegistry
LsaSetSystemAccessAccount
MakeSelfRelativeSD
RegRestoreKeyA
ElfCloseEventLog
LsaDeleteTrustedDomain
SystemFunction035
ElfDeregisterEventSource
BuildImpersonateExplicitAccessWithNameA
SetSecurityDescriptorGroup
AccessCheckByTypeAndAuditAlarmA
CredWriteA
CredMarshalCredentialW

Sections

T&\�0��
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CODE
Size: 4KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 177KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcdda2b0d8516eb910f0f85362cbf68a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

T&\�0��� Size: 21KB - Virtual size: 21KB

.idata Size: 3KB - Virtual size: 3.8MB

CODE Size: 4KB - Virtual size: 3.4MB

.rdata Size: 9KB - Virtual size: 8KB

DATA Size: 177KB - Virtual size: 355KB

.rsrc Size: 1024B - Virtual size: 748B

T&\�0��
Size: 21KB - Virtual size: 21KB

.idata
Size: 3KB - Virtual size: 3.8MB

CODE
Size: 4KB - Virtual size: 3.4MB

.rdata
Size: 9KB - Virtual size: 8KB

DATA
Size: 177KB - Virtual size: 355KB

.rsrc
Size: 1024B - Virtual size: 748B