890da89d221370dd77fb7419de2b2fb3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

890da89d221370dd77fb7419de2b2fb3_JaffaCakes118
Size

333KB
MD5

890da89d221370dd77fb7419de2b2fb3
SHA1

47311c8c6e5736fb6e144f9cda9a42e5632c0d4b
SHA256

6ace6d054787e8afed4fa57781afbab0e6a0abceca9eec57d19b40694379dba2
SHA512

6c799e179318f54bfb15f157750beb9018733a68567fbae735eb9880be86a686fa1379712feca375e684580b26977583eea0812ffe652a11076f4557f6e36f74
SSDEEP

6144:/KcfVdMaDUbWprfw+Pm2/TXuyltsFoKKuI+nPC/NQ:lGiroN2rRtKKuIoPg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
890da89d221370dd77fb7419de2b2fb3_JaffaCakes118

Files

890da89d221370dd77fb7419de2b2fb3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

25c20b050bac2a5e60d749542fcabe74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSettings

rpcrt4

UuidCreate

ole32

CoTaskMemFree
CoTaskMemAlloc

dbghelp

ImagehlpApiVersion
FindExecutableImage
ImageRvaToVa
ImageRvaToSection
GetTimestampForLoadedLibrary
FindExecutableImageEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

GetDC
GetKeyboardLayout
GetKeyboardLayoutList
GetMenuCheckMarkDimensions
GetMonitorInfoA
GetSysColor
GetSystemMetrics
ReleaseDC
SystemParametersInfoA
EnumDisplayMonitors

kernel32

FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetProcessTimes
GetShortPathNameA
GetStringTypeExW
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
DeleteCriticalSection
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapReAlloc
HeapSize
HeapUnlock
FindNextFileW
InterlockedCompareExchange
InterlockedExchange
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
SetFileAttributesW
SetLastError
SetLocalTime
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
WaitForSingleObject
WideCharToMultiByte
WriteFile
CreateSemaphoreA
CreateMutexA
CreateFileW
CreateDirectoryW
CloseHandle
FindFirstFileW
FindClose
ExpandEnvironmentStringsW
EnterCriticalSection
InitializeCriticalSection
DeleteFileW
GetTempPathW

advapi32

GetTraceEnableLevel
AddAccessDeniedAce
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid
FreeSid
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorW
UnregisterTraceGuids
TraceEvent
SetSecurityDescriptorDacl
RegisterTraceGuidsA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyW
RegCreateKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTraceLoggerHandle
ConvertSidToStringSidA
CheckTokenMembership
AllocateAndInitializeSid
AddAccessAllowedAce

shlwapi

StrCmpNA
StrChrA
PathFileExistsA
ChrCmpIA

gdi32

DeleteObject
DeleteDC
CreateSolidBrush
CreateDCA
GetDeviceCaps

dsound

ord9

Exports

Exports

CloseFeed
GetPort
IsReadyToRead
OpenFeed
ReadData
RunScript
SendData
WSAStart

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25c20b050bac2a5e60d749542fcabe74

Headers

File Characteristics

Imports

shell32

rpcrt4

ole32

dbghelp

version

user32

kernel32

advapi32

shlwapi

gdi32

dsound

Exports

Exports

Sections

.text Size: 263KB - Virtual size: 263KB

.rdata Size: 38KB - Virtual size: 40KB

.data Size: 17KB - Virtual size: 72KB

.idata Size: 5KB - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 8KB

.text
Size: 263KB - Virtual size: 263KB

.rdata
Size: 38KB - Virtual size: 40KB

.data
Size: 17KB - Virtual size: 72KB

.idata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 8KB