85893baae6c9bedc878605a7f7759a44_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

85893baae6c9bedc878605a7f7759a44_JaffaCakes118
Size

341KB
MD5

85893baae6c9bedc878605a7f7759a44
SHA1

6bf118daddba16a7d3d5d6f48aaef47505b01f0a
SHA256

f13f61eccefc5e686aeb4de24254615d9b0e2dcd625fb2998401da41b1a8fd19
SHA512

9f944dee4a0ae9292d8445fa232f067e2fbfb55f8949192a636b549524fefc4e9c97ea6918290f222bcf7253cf3c9a0418ebbc3d9dc93715d1f21cb862234fc1
SSDEEP

6144:Bl3Yy2mZWQrrhb9Nh+BP9YBez903r6YwcZtZXWhpskKZAPa/AJbhwT:v3j2mEQRbYPOW07HbhEFmADnwT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85893baae6c9bedc878605a7f7759a44_JaffaCakes118

Files

85893baae6c9bedc878605a7f7759a44_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0701533dac642e9333dd263fae13cb46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

swprintf
_vsnprintf
_onexit
__dllonexit
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
memcpy
strlen
_adjust_fdiv
_initterm
_wtol
_errno
wcsstr
strchr
memset
_wtoi
_wcsnicmp
_ftol
memmove
wcscmp
__RTDynamicCast
strcmp
_purecall
realloc
__CxxFrameHandler
malloc
??2@YAPAXI@Z
free
??3@YAXPAX@Z

ntdll

NtDeleteKey
NtQueryObject
NtFlushBuffersFile
NtGetPlugPlayEvent
NtRemoveIoCompletion
NtGetDevicePowerState
NtReleaseSemaphore
NtQuerySystemInformation

kernel32

GetWindowsDirectoryW
TlsGetValue
GetTempFileNameA
ResetEvent
GetVersion
LocalAlloc
OpenSemaphoreA
LoadLibraryA
GetUserDefaultLCID
lstrlenW
GetModuleHandleW
FormatMessageW
GetLogicalDrives
IsBadWritePtr
GetProcAddress
LoadLibraryW
GetSystemDefaultUILanguage
GetTickCount
InterlockedCompareExchange
CreateSemaphoreA
GetOEMCP
CreateMutexA
GetStdHandle
IsBadReadPtr
GetCurrentProcessId
GlobalMemoryStatusEx
GetTempPathA
FreeLibrary
lstrcpynW
GetACP
TryEnterCriticalSection
GetCommandLineA
lstrcmpW
IsBadStringPtrW
lstrcpyW
OpenMutexW
CreateEventA
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle
GetCurrentDirectoryA
GetSystemTimeAsFileTime
DeleteFileA
GetSystemDefaultLCID
SetEvent
RegisterWaitForSingleObject
UnregisterWait
FindAtomA
GetEnvironmentStringsA
CreateEventW
GetConsoleAliasExesLengthA
GetModuleHandleA
TlsAlloc
OutputDebugStringA
lstrcatA
GetLocalTime
IsSystemResumeAutomatic
GetSystemDefaultLangID
HeapAlloc
WriteFile
AddAtomA
GetAtomNameA
GetProcessHeap
GetConsoleOutputCP
LocalFree
HeapDestroy
SetLastError
HeapFree
Sleep
UnregisterWaitEx
GetCommandLineW
WaitForSingleObject
SetCurrentDirectoryA
WaitForMultipleObjects
CreateThread
QueueUserWorkItem
lstrlenA
SetFilePointer
GetStartupInfoA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
InterlockedDecrement
FindResourceA
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetComputerNameExW
HeapCreate
FindResourceExA
OpenSemaphoreW
GetThreadLocale
PulseEvent
GetCurrentThreadId
ReadFile
GlobalAlloc
EnterCriticalSection
SleepEx
LeaveCriticalSection
DisableThreadLibraryCalls

ole32

CoInitializeEx
CoUninitialize
IIDFromString
StringFromIID
CoCreateFreeThreadedMarshaler
CreateBindCtx
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoCreateInstance
StringFromGUID2

ws2_32

WSAIoctl
WSASocketW

advapi32

RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
GetUserNameW
RegQueryValueExW

user32

GetWindowLongW
GetDC
UnregisterClassW
DestroyWindow
GetForegroundWindow
FindWindowA
GetInputState
DispatchMessageW
GetClipboardOwner
TranslateMessage
LoadMenuA
PeekMessageW
CharNextW
UnregisterDeviceNotification
MsgWaitForMultipleObjectsEx
RegisterDeviceNotificationW
UpdateWindow
GetDoubleClickTime
GetCapture
GetCaretBlinkTime
GetDesktopWindow
GetCursor
CreateWindowExW
SendMessageA
GetSysColor
LoadIconA
RegisterClassW
DefWindowProcW
GetFocus
GetProcessDefaultLayout
PostQuitMessage
LoadStringW
DefWindowProcA
RegisterClassExA
wsprintfA
GetMessageA
SetWindowLongW

winmm

mixerOpen
mixerGetControlDetailsA
timeGetTime

rtutils

TraceRegisterExW
TraceVprintfExA
TraceDeregisterW

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0701533dac642e9333dd263fae13cb46

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

ole32

ws2_32

advapi32

user32

winmm

rtutils

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 203KB - Virtual size: 229KB

.bss Size: - Virtual size: 41KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 203KB - Virtual size: 229KB

.bss
Size: - Virtual size: 41KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 4KB - Virtual size: 3KB