8c528b50796053319916cc3758f7d3f1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8c528b50796053319916cc3758f7d3f1_JaffaCakes118
Size

253KB
MD5

8c528b50796053319916cc3758f7d3f1
SHA1

0bb99b6b280616a490648606dcba4f0ce6b16fcf
SHA256

13894d0a49af6483baf3fd2cf72e43cd18f7823b5ed42fd36df7c655fe579b28
SHA512

e0171b625a02b0c0351c62a016398fd5df2f39fc931e31e239905aa759951c4785610c219f932b10bd40c5fe8a4ef8e7a5592d11273954755322541e9ccf3760
SSDEEP

6144:53UaFS58Q+Sij0nVGtnQfNmPvwQ5rQidwByQotV:535E2FjTnOCIQ5rn3QoP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c528b50796053319916cc3758f7d3f1_JaffaCakes118

Files

8c528b50796053319916cc3758f7d3f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9f31ef69c7d04d1765cc1b5265073e4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyW
PathAppendW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

gdi32

CreateSolidBrush

comctl32

ord17

shell32

SHGetFolderPathW

kernel32

DeleteCriticalSection
GetStdHandle
TlsSetValue
WaitForSingleObject
GetTempFileNameW
lstrcmpW
EnterCriticalSection
CreateMutexW
FindClose
lstrlenW
GetShortPathNameW
GetLocalTime
IsValidCodePage
FreeLibrary
RemoveDirectoryW
GetConsoleMode
GetACP
ReadFile
TlsGetValue
SetFilePointer
CreateFileW
FreeEnvironmentStringsA
GetTempPathW
lstrcpyW
SetLastError
GetConsoleOutputCP
RaiseException
ResumeThread
MoveFileExW
RtlUnwind
LoadResource
VirtualFree
GetCommandLineW
GetCurrentThreadId
FormatMessageW
OutputDebugStringW
FindFirstFileW
lstrcmpiW
GetFileType
FreeEnvironmentStringsW
IsDebuggerPresent
CreateFileA
WriteConsoleW
lstrcatW
GetSystemTimeAsFileTime
VirtualAlloc
UnhandledExceptionFilter
CopyFileW
HeapReAlloc
SizeofResource
GetSystemTime
CloseHandle
LCMapStringW
LeaveCriticalSection
GetDateFormatW
HeapAlloc
TlsAlloc
TlsFree
HeapDestroy
GetConsoleCP
lstrcpynW
CreateProcessW
IsBadStringPtrW
SetEndOfFile
GetProcessHeap
GetThreadLocale
LCMapStringA
TerminateThread
SetStdHandle
FindResourceW
DeleteFileW
FindNextFileW
lstrlenA
GetSystemDirectoryW
WriteConsoleA
SetHandleCount
GetModuleHandleW
HeapFree
CreateDirectoryW
GetTimeFormatW
WriteFile
SetFileAttributesW
GetOEMCP
WideCharToMultiByte
ReleaseMutex
GetCommandLineA
FlushFileBuffers
SetUnhandledExceptionFilter
HeapSize
GetModuleHandleA
GetStartupInfoW
VirtualAllocEx

ole32

CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance

advapi32

SetSecurityDescriptorOwner
OpenSCManagerW
AdjustTokenPrivileges
RegCloseKey
InitializeAcl
RegDeleteValueW
DeleteService
QueryServiceLockStatusW
OpenProcessToken
GetLengthSid
RegEnumKeyExW
RegOpenKeyExW
SetNamedSecurityInfoW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
GetTokenInformation
RegSetKeySecurity
CreateServiceW
RegCreateKeyExW
CloseServiceHandle
InitializeSecurityDescriptor
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
OpenServiceW
AddAccessAllowedAce

oleaut32

SysAllocStringByteLen
SysAllocString
SysStringByteLen
VariantClear
VariantInit
SysFreeString
VariantChangeType

user32

LoadStringW
RegisterWindowMessageW
IsWindow
PostQuitMessage
SendMessageW
GetMessageW
PeekMessageW
TranslateMessage
DefWindowProcW
CharNextW
GetActiveWindow
LoadCursorW
MessageBoxW
GetWindowRect
wvsprintfW
LoadIconW
CharPrevW
ShowWindow
SetDlgItemTextW
SetWindowPos
UpdateWindow
RegisterClassW
CreateDialogParamW
GetSysColor
GetSystemMetrics
DispatchMessageW
GetDlgItem
MsgWaitForMultipleObjects
PostMessageW

mscms

CreateColorTransformW
IsColorProfileTagPresent
GetStandardColorSpaceProfileA
GetColorProfileFromHandle
InstallColorProfileW
InternalGetPS2CSAFromLCS
IsColorProfileValid

advpack

RegSaveRestoreOnINF
RegRestoreAll

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.G
Size: 1KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HXQoOM
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TypvbJ
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 213KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NH
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f31ef69c7d04d1765cc1b5265073e4d

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

gdi32

comctl32

shell32

kernel32

ole32

advapi32

oleaut32

user32

mscms

advpack

Sections

.text Size: 17KB - Virtual size: 17KB

.G Size: 1KB - Virtual size: 15KB

.rdata Size: 5KB - Virtual size: 4KB

.HXQoOM Size: 1KB - Virtual size: 2KB

.TypvbJ Size: 2KB - Virtual size: 2KB

.data Size: 213KB - Virtual size: 219KB

.NH Size: 512B - Virtual size: 3KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 17KB - Virtual size: 17KB

.G
Size: 1KB - Virtual size: 15KB

.rdata
Size: 5KB - Virtual size: 4KB

.HXQoOM
Size: 1KB - Virtual size: 2KB

.TypvbJ
Size: 2KB - Virtual size: 2KB

.data
Size: 213KB - Virtual size: 219KB

.NH
Size: 512B - Virtual size: 3KB

.rsrc
Size: 10KB - Virtual size: 10KB