8e7df7d04f89906e709a8ecd29fb469d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8e7df7d04f89906e709a8ecd29fb469d_JaffaCakes118
Size

344KB
MD5

8e7df7d04f89906e709a8ecd29fb469d
SHA1

864fcce57ec9ac066dab477ae6c023bb38d50395
SHA256

5ead5ae8f41e7097e3c3257d732eb002596949dff0819317a59e9a7c302ca02c
SHA512

702435b429f8bd996c250cef4611558baa14ca9275565514103c2f6dcc912365a2fe0f7e4f7d76928b43ad58ecd8bb59fecb0c3f1f477f5c93b62c5662e5252e
SSDEEP

6144:47H5eQZOuhfeh9osL6BHXt7ZEkqJlx8KFNWgMB7I5sWAkeCMhMe:4zkqfeAscd7ZK8KFU9dEro

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e7df7d04f89906e709a8ecd29fb469d_JaffaCakes118

Files

8e7df7d04f89906e709a8ecd29fb469d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf869eb0e287ee109d598aec2668e72c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleInformation
FileTimeToDosDateTime
DefineDosDeviceW
LoadLibraryExW
CreateSemaphoreW
WriteFileEx
GetLocaleInfoW
DosDateTimeToFileTime
UpdateResourceA
ResumeThread
GetProcAddress
WriteProfileStringA
EscapeCommFunction
GetLocalTime
GetWindowsDirectoryW
GetDriveTypeA
OpenFile
CopyFileW
QueueUserAPC
GetEnvironmentStrings
CreateNamedPipeA
LCMapStringA
GetStringTypeExW
SetThreadPriorityBoost
CreateDirectoryA
TerminateProcess
lstrlenW
CallNamedPipeW
GetProcessHeap
EnumDateFormatsW
VirtualProtect
GetVersionExA
PulseEvent
GetPrivateProfileSectionA
EndUpdateResourceA
DuplicateHandle
ReadConsoleOutputAttribute
SetupComm
LockFileEx
GetPrivateProfileIntW
AddAtomW
SwitchToThread
GetComputerNameA
lstrcatW
GetOEMCP
SetCommMask
DeleteFiber
FreeConsole
GetPrivateProfileIntA
GetVolumeInformationA
WriteConsoleOutputW
WriteProcessMemory
FindFirstFileExW
PurgeComm
ReadDirectoryChangesW
SwitchToFiber
SetCommTimeouts
FindClose
GetVersion
FlushInstructionCache
GetVolumeInformationW
IsValidLocale
OpenFileMappingA
GetProcessAffinityMask
AllocConsole
GlobalFindAtomW
TlsFree
GetCommandLineA
GetPrivateProfileStringA
ExitProcess

user32

InsertMenuItemA
CopyIcon
RedrawWindow
wsprintfA
GetCaretPos
EndDeferWindowPos
GetDlgItemTextW
OemToCharBuffW
GetClientRect
BroadcastSystemMessageW
IsCharLowerW
GetUpdateRgn
EqualRect
GetTopWindow
GetWindowWord
SendMessageW
GetCapture
EnumWindows
SetForegroundWindow
CreateAcceleratorTableA
MsgWaitForMultipleObjectsEx
IsCharAlphaA
SubtractRect
SetParent
GetMessageExtraInfo
AppendMenuA
SetScrollRange
GetKeyboardLayoutList
LockWindowUpdate
SendMessageCallbackW

gdi32

Escape
Polygon
SetColorAdjustment
GetObjectType
GetTextMetricsW
SetMapperFlags
SetPolyFillMode
CreateCompatibleDC
GetStretchBltMode
IntersectClipRect
CreatePatternBrush
CreateCompatibleBitmap
CreateHatchBrush
CreateMetaFileW
PlayMetaFileRecord
GetEnhMetaFileHeader
GdiComment
GetCharacterPlacementW
SetBitmapDimensionEx
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
FindTextW
GetFileTitleA

advapi32

StartServiceCtrlDispatcherA
IsValidSecurityDescriptor
CloseServiceHandle
GetSidSubAuthorityCount
OpenThreadToken
ChangeServiceConfigW
GetSecurityDescriptorLength
DuplicateTokenEx
CryptHashData
GetSecurityDescriptorDacl
UnlockServiceDatabase

shell32

DragAcceptFiles
ShellAboutA
SHBrowseForFolderA

ole32

CoTreatAsClass
CoSuspendClassObjects
CoRegisterMallocSpy
CoCreateGuid
OleRegGetMiscStatus
WriteFmtUserTypeStg

oleaut32

SafeArrayPtrOfIndex
VariantCopy
SysFreeString
GetErrorInfo
SafeArrayAccessData
SysStringLen
CreateErrorInfo
LoadTypeLi

comctl32

ImageList_DragLeave
ImageList_SetBkColor
ImageList_Add
CreatePropertySheetPageA

shlwapi

PathAddBackslashW
UrlGetPartW
PathIsDirectoryEmptyW
SHRegSetUSValueW
PathGetDriveNumberA
PathCombineW
StrDupA
StrCmpLogicalW
SHOpenRegStream2W
PathIsPrefixW
StrFormatByteSize64A
PathUnquoteSpacesW
SHSetThreadRef
PathFileExistsA
StrStrA
PathCommonPrefixW
AssocCreate
PathRemoveBackslashA
StrRetToStrW

setupapi

SetupInstallFromInfSectionW
SetupDiGetClassDevsW
SetupDiDestroyDriverInfoList

Sections

34xadok
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

74x7i
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

32T3A
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

QJS515
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf869eb0e287ee109d598aec2668e72c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

setupapi

Sections

34xadok Size: 288KB - Virtual size: 287KB

74x7i Size: 8KB - Virtual size: 5KB

32T3A Size: 28KB - Virtual size: 25KB

QJS515 Size: 16KB - Virtual size: 13KB

34xadok
Size: 288KB - Virtual size: 287KB

74x7i
Size: 8KB - Virtual size: 5KB

32T3A
Size: 28KB - Virtual size: 25KB

QJS515
Size: 16KB - Virtual size: 13KB