8e626554c77b5b88eb01cf2dd91a53cd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8e626554c77b5b88eb01cf2dd91a53cd_JaffaCakes118
Size

96KB
MD5

8e626554c77b5b88eb01cf2dd91a53cd
SHA1

e520c6f3b504252f42302aa5487c462a55cf2fa0
SHA256

a07d38d076b47417014efd81c69e6710808968f4812a7589b5960f1c6839e19a
SHA512

683ca3d414788b5b5f8d5eca988415c272e388a1fa8009759f4b173751fa1b4b1832dda3d9574e2c7897fc6dd45f314717b1a85c5bb380ce70000e6ced1dd4f6
SSDEEP

1536:8zC0EKYvCI4IhuwW1X5PWopYJKT5MfrbwzUjsN+7HWNSOvBsCL:8zH4vB4EDeX5uHAT5ArM4sN+zeSOvBsq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e626554c77b5b88eb01cf2dd91a53cd_JaffaCakes118

Files

8e626554c77b5b88eb01cf2dd91a53cd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b62aa871f7bd6599943990632387c1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
CreateICW
CreateRectRgn
CreateSolidBrush
GetDeviceCaps
GetPixel
GetTextExtentPoint32W
GetTextMetricsW
PatBlt
SetLayout
SetPixel
SetRectRgn
UnrealizeObject

kernel32

GetLastError
GetProcAddress
LoadLibraryW
LocalAlloc
LocalFree
LocalReAlloc
OutputDebugStringW
WideCharToMultiByte

user32

BeginPaint
CheckDlgButton
CreateDialogParamW
CreateWindowExW
DestroyWindow
DispatchMessageW
EnableWindow
EndDialog
EndPaint
EnumDisplayDevicesW
FindWindowW
GetDlgCtrlID
GetDlgItem
GetMessageW
GetSysColor
GetSysColorBrush
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
IsDlgButtonChecked
KillTimer
LoadBitmapW
LoadIconW
LoadStringW
MessageBoxW
PostQuitMessage
SendMessageW
SetFocus
SetTimer
SetWindowLongW
SetWindowTextW
ShowWindow
TranslateMessage
wsprintfW

advapi32

GetUserNameW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

ntdll

DbgBreakPoint
DbgPrint
isprint
memmove
NtAdjustPrivilegesToken
NtClose
NtCreateEvent
NtCreateFile
NtDelayExecution
NtDeviceIoControlFile
NtDisplayString
NtFsControlFile
NtLoadDriver
NtOpenFile
NtOpenKey
NtOpenProcessToken
NtOpenSymbolicLinkObject
NtQueryAttributesFile
NtQueryInformationFile
NtQueryInformationThread
NtQueryPerformanceCounter
NtQuerySymbolicLinkObject
NtQuerySystemInformation
NtQuerySystemTime
NtQueryValueKey
NtQueryVirtualMemory
NtQueryVolumeInformationFile
NtReadFile
NtSetEvent
NtSetInformationFile
NtSetThreadExecutionState
NtShutdownSystem
NtTerminateProcess
NtTerminateThread
NtWaitForMultipleObjects
NtWaitForSingleObject
NtWriteFile
qsort
RtlAddAccessAllowedAce
RtlAddAce
RtlAdjustPrivilege
RtlAllocateHeap
RtlAnsiStringToUnicodeString
RtlClearBits
RtlComputeCrc32
RtlCopySid
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlCreateUserThread
RtlDecompressBuffer
RtlDeleteElementGenericTable
RtlDosPathNameToNtPathName_U
RtlEnumerateGenericTableWithoutSplaying
RtlExpandEnvironmentStrings_U
RtlFindMessage
RtlFindSetBits
RtlFormatMessage
RtlFreeHeap
RtlFreeUnicodeString
RtlInitAnsiString
RtlInitializeBitMap
RtlInitializeGenericTable
RtlInitializeSid
RtlInitUnicodeString
RtlInsertElementGenericTable
RtlLengthRequiredSid
RtlLengthSecurityDescriptor
RtlLengthSid
RtlLocalTimeToSystemTime
RtlLookupElementGenericTable
RtlMultiByteToUnicodeN
RtlNewSecurityObject
RtlNormalizeProcessParams
RtlNumberOfSetBits
RtlOemToUnicodeN
RtlPrefixUnicodeString
RtlQueryInformationAcl
RtlQueryRegistryValues
RtlRaiseStatus
RtlSetBits
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSizeHeap
RtlSubAuthoritySid
RtlSystemTimeToLocalTime
RtlTimeFieldsToTime
RtlTimeToTimeFields
RtlUnhandledExceptionFilter
RtlUnicodeStringToAnsiString
RtlUnicodeToMultiByteN
RtlUnicodeToOemN
RtlUnwind
RtlUpcaseUnicodeString
RtlValidRelativeSecurityDescriptor
RtlValidSecurityDescriptor
RtlWriteRegistryValue
sprintf
swprintf
wcscmp
wcscpy
wcslen
wcsncmp
_alldiv
_allmul
_allrem
_aulldiv
_chkstk
_stricmp
_wcsicmp
_wcslwr
_wcsupr

shell32

DragQueryFileW

ole32

CoCreateInstanceEx
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
GetHGlobalFromStream
ReleaseStgMedium
StringFromCLSID
StringFromGUID2

comctl32

PropertySheetA

Sections

.text
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b62aa871f7bd6599943990632387c1b

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

user32

advapi32

ntdll

shell32

ole32

comctl32

Sections

.text Size: 4KB - Virtual size: 796B

.rdata Size: 4KB - Virtual size: 482B

.data Size: 68KB - Virtual size: 72KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 4KB - Virtual size: 796B

.rdata
Size: 4KB - Virtual size: 482B

.data
Size: 68KB - Virtual size: 72KB

.rsrc
Size: 12KB - Virtual size: 12KB