8e749227b35978382a357f7ef449e1a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8e749227b35978382a357f7ef449e1a4_JaffaCakes118
Size

348KB
MD5

8e749227b35978382a357f7ef449e1a4
SHA1

9ac46cb862536e0b665175120a8840090ca8cb25
SHA256

aa27b933ddba84193fd7da93c6a40205aeb095fa038d9201110e5f01cc24c5d1
SHA512

3772602b44d35f39588b34b2154d420e2956b0ced026124dcacefcbfe9e7282fda2d70a9c43b6796c01ae6b23791ce185dae3b936a241a9349a0e52be15fce43
SSDEEP

6144:HvIWfuGa5CumLUiwhQDaKrTMWDWPmgdI51qa0SkaSGBXARVrS9jG5uWagWH76s4l:HwWfO/tbaDavWSPmKGxPkSn9jGUgWH7Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e749227b35978382a357f7ef449e1a4_JaffaCakes118

Files

8e749227b35978382a357f7ef449e1a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6bfa99aa25fd270d33430f5fb2474531

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MsgWaitForMultipleObjects
GetWindowThreadProcessId
GetKeyboardType
GetActiveWindow
ExitWindowsEx
CharLowerA
DispatchMessageW
CharUpperW
CharUpperA
CharNextW
PeekMessageW
TranslateMessage
SendMessageW
PostMessageW

shlwapi

PathStripToRootW
PathIsRelativeW
PathIsRootW
PathIsUNCW
PathRemoveBackslashW
StrChrW
StrCmpIW
StrCmpW
StrRChrW
StrStrIW
StrToIntExW
UrlGetPartW
UrlCombineW
StrToIntW
PathFindExtensionW

oleaut32

SysFreeString
VariantInit
VariantClear
VarR8FromI1
SysStringLen
SysAllocString

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoUninitialize
HMETAFILE_UserFree

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LsaQueryInformationPolicy
LsaOpenPolicy
LsaNtStatusToWinError
LsaFreeMemory
LsaClose
LookupPrivilegeValueW
IsValidSid
GetTokenInformation
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetLengthSid
FreeSid
EqualSid
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
AdjustTokenPrivileges
SetNamedSecurityInfoW

kernel32

InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
InterlockedExchange
LoadLibraryExW
HeapAlloc
GlobalFree
InterlockedIncrement
HeapReAlloc
LeaveCriticalSection
lstrlenW
LocalFree
MapViewOfFile
MoveFileW
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ReleaseMutex
RemoveDirectoryW
ResetEvent
SetEndOfFile
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrcmpiW
lstrcpynW
HeapFree
GetExitCodeThread
CloseHandle
CompareFileTime
CompareStringA
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateMutexW
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileW
DisableThreadLibraryCalls
EnterCriticalSection
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeW
GetExitCodeProcess
GlobalAlloc
GetFileSize
GetFileTime
GetFileType
GetLocalTime
GetLocaleInfoW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetSystemDefaultLangID
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultLangID
GetVersionExW
GetVolumeInformationW
lstrlenA

wininet

InternetQueryOptionA
InternetCrackUrlW
InternetGetConnectedState
InternetCanonicalizeUrlW

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

setupapi

CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
SetupCloseFileQueue
SetupCloseInfFile
SetupDiBuildDriverInfoList
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoW
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInstallParamsW
SetupDiInstallDriverFiles
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
SetupDiSetDeviceInstallParamsW
SetupDiSetSelectedDriverW
SetupFindFirstLineW
SetupGetStringFieldW
SetupOpenFileQueue
SetupOpenInfFileW
SetupScanFileQueueW

shell32

SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bfa99aa25fd270d33430f5fb2474531

Headers

File Characteristics

Imports

user32

shlwapi

oleaut32

ole32

advapi32

kernel32

wininet

crypt32

setupapi

shell32

Sections

.text Size: 256KB - Virtual size: 256KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 16KB - Virtual size: 140KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 256KB - Virtual size: 256KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 16KB - Virtual size: 140KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB