969e65a20c0a5577dac448a6a1bb6860_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

969e65a20c0a5577dac448a6a1bb6860_JaffaCakes118
Size

2.2MB
MD5

969e65a20c0a5577dac448a6a1bb6860
SHA1

ef3034433b3e941eec62139803f5a23c0bdb0d64
SHA256

237160a55898adc346ef7ecd0465e9d759789e8f41736a98b1797be8859af03d
SHA512

9cf1a70b99f4c207b45d410b434b3fc5614be270b5cd851f98535b6ff7282bea4ebced46de63e87c8160cee8777a8ba6844f9562d08665d2db785063945f18f9
SSDEEP

49152:1KvzhjGux45Vqys00vvH4IkE+s7305ibIxArdTBo4yn+F:1KzhYDE00vgIkLsw5ibIxAhJyn+F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
969e65a20c0a5577dac448a6a1bb6860_JaffaCakes118

Files

969e65a20c0a5577dac448a6a1bb6860_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5ce42bf5812460411050900a96d5fdfd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueW
VerInstallFileW
GetFileVersionInfoA
VerFindFileW
VerFindFileA
GetFileVersionInfoW

winmm

mixerMessage
mixerGetLineControlsA

comdlg32

PageSetupDlgW
PageSetupDlgA
LoadAlterBitmap
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW
GetFileTitleA
FindTextW
CommDlgExtendedError

setupapi

SetupDiOpenDeviceInfoA
SetupDiGetDeviceInfoListDetailW
SetupDiDestroyDeviceInfoList
CM_Locate_DevNode_ExA
CM_Get_DevNode_Registry_PropertyW

kernel32

lstrcmpiW
lstrcmpA
WriteProfileStringW
VerLanguageNameW
VerLanguageNameA
UnregisterWait
SetLastError
SetCommConfig
RequestDeviceWakeup
OpenJobObjectW
HeapAlloc
GetTickCount
GetThreadLocale
GetSystemTimeAsFileTime
GetStringTypeW
GetProcAddress
GetPrivateProfileSectionNamesW
GetNamedPipeHandleStateA
GetFileSize
GetDateFormatW
GetComputerNameW
GetCommandLineA
ExitProcess
EnumResourceNamesA
BackupWrite
CancelIo
ChangeTimerQueueTimer
CommConfigDialogW
CopyFileW
CreateFileA
CreateJobObjectW
CreateTimerQueueTimer
DeleteFileA
DeleteTimerQueueTimer
EndUpdateResourceW
EnumResourceLanguagesA

ntdll

DbgPrintReturnControlC
ZwPlugPlayControl
ZwImpersonateClientOfPort
ZwDeleteObjectAuditAlarm
ZwCreateTimer
ZwCreateIoCompletion
RtlpNtSetValueKey
RtlUpperChar
RtlSetUserFlagsHeap
RtlNtStatusToDosError
RtlNormalizeProcessParams
RtlLargeIntegerToChar
CsrClientConnectToServer
NtAlertResumeThread
NtCreateThread
NtPowerInformation
NtRegisterThreadTerminatePort
NtYieldExecution
RtlAppendStringToString
RtlConvertExclusiveToShared
RtlDelete
RtlEqualString
RtlFindMostSignificantBit
RtlFindSetBits
RtlImpersonateSelf
RtlInitializeCriticalSection
RtlInitializeHandleTable
RtlLargeIntegerArithmeticShift

user32

ShowCursor
SendMessageA
PostMessageA
OemToCharW
IsCharUpperA
GetDlgItem
EnableMenuItem
EmptyClipboard
DrawCaption
DialogBoxParamA
CreateIcon
UpdateWindow
CharLowerA
CharToOemA
CharToOemBuffA
CloseWindow
CreateDialogParamA

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 487KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ce42bf5812460411050900a96d5fdfd

Headers

File Characteristics

Imports

version

winmm

comdlg32

setupapi

kernel32

ntdll

user32

Sections

.text Size: 60KB - Virtual size: 60KB

.data Size: 487KB - Virtual size: 1.1MB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 487KB - Virtual size: 1.1MB

.rsrc
Size: 48KB - Virtual size: 47KB