9675c90f4f177ed54b306e71ae7db048_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9675c90f4f177ed54b306e71ae7db048_JaffaCakes118
Size

1.1MB
MD5

9675c90f4f177ed54b306e71ae7db048
SHA1

5f89f5b60e51461a5f7d04cccea3e3bbeb5ee584
SHA256

59bf528b1230512b4820598f7c13474c495222db0e0a3003914a2d54219b9703
SHA512

856d9e5872d573f6a1102f766f523b98c6e97bb443a7591566424975a917d8b568523c9291ddb5b838e9fae5e336c06643a3b4d0e7d19d61943ef522e0701fea
SSDEEP

24576:aN0Rts5j4SOfPTVJHYC/+9Gvnj9K7dlc8hvoS6V61DKFdu9N6pTrm:aaRZgTKFdu9N6pTa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9675c90f4f177ed54b306e71ae7db048_JaffaCakes118

Files

9675c90f4f177ed54b306e71ae7db048_JaffaCakes118
.exe windows:4 windows x86 arch:x86

efdd6d6f94a94ac38fdd5f1050c8572f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DispatchMessageW
SetWindowsHookExW
UnhookWindowsHookEx
DestroyWindow
UnregisterClassW
RegisterClassW
CreateWindowExW
SetWindowLongW
TranslateMessage
DefWindowProcW
KillTimer
GetQueueStatus
CallNextHookEx
SetTimer
PostMessageW
PeekMessageW
CharNextExA
MessageBoxA
GetWindowLongW
MsgWaitForMultipleObjectsEx

shell32

ShellExecuteA

kernel32

MapViewOfFile
SetErrorMode
GetLogicalDrives
GetFileTime
DeviceIoControl
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
MoveFileW
CopyFileW
DeleteFileW
GetFullPathNameW
SetEndOfFile
CreateFileW
LoadLibraryW
GetProcAddress
GetCurrentDirectoryW
WriteFile
ReadFile
SetFilePointerEx
GetFileAttributesExW
FindFirstFileW
FindClose
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
GetModuleHandleW
GetModuleFileNameW
TlsGetValue
GetCurrentProcess
DuplicateHandle
CreateEventW
SetEvent
WaitForMultipleObjects
GetThreadPriority
ResumeThread
TlsSetValue
SetThreadPriority
TerminateThread
GetCurrentThread
TlsAlloc
Sleep
GetSystemInfo
TlsFree
GetCurrentThreadId
GetVersionExW
FormatMessageW
LocalFree
GetTimeFormatW
GetDateFormatW
GetLocaleInfoW
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
CloseHandle
GetCurrentProcessId
MultiByteToWideChar
GetUserDefaultLCID
CompareStringW
WideCharToMultiByte
GetLastError
UnmapViewOfFile
ResetEvent
FindNextFileW
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
IsBadReadPtr
WritePrivateProfileStringA
GetModuleHandleA
CreateFileMappingW

msvcp80

?uncaught_exception@std@@YA_NXZ

msvcr80

_vsnprintf_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_invoke_watson
?terminate@@YAXXZ
__CxxFrameHandler3
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
__p__fmode
__p__commode
_adjust_fdiv
??3@YAXPAX@Z
_controlfp_s
_unlock
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_wchmod
_open_osfhandle
_getdrive
_wgetdcwd
_filelengthi64
_get_osfhandle
_gmtime64_s
_localtime64_s
_mktime64
_beginthread
_beginthreadex
_endthreadex
_getpid
fwrite
_write
fgets
fread
feof
_fseeki64
_read
fclose
_close
_errno
_fileno
__iob_func
fprintf
fflush
exit
getenv_s
rand
??0exception@std@@QAE@ABQBDH@Z
strcpy_s
_clearfp
_control87
_tzset
_get_tzname
isspace
isdigit
isalpha
isupper
strchr
_waccess
_lseeki64
_ftelli64
_purecall
memchr
memmove
??_V@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
memcpy
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
realloc
free
malloc
strncmp
memset
_CxxThrowException
_except_handler4_common

ws2_32

WSAAsyncSelect

ole32

CoUninitialize
CoInitialize
CoCreateInstance

advapi32

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegFlushKey
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW

Sections

.text
Size: 676KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 404KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efdd6d6f94a94ac38fdd5f1050c8572f

Headers

File Characteristics

Imports

user32

shell32

kernel32

msvcp80

msvcr80

ws2_32

ole32

advapi32

Sections

.text Size: 676KB - Virtual size: 674KB

.rdata Size: 404KB - Virtual size: 400KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 428B

.text
Size: 676KB - Virtual size: 674KB

.rdata
Size: 404KB - Virtual size: 400KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 428B