9721cb6846fc46274206d011c0ebfb60_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9721cb6846fc46274206d011c0ebfb60_JaffaCakes118
Size

520KB
MD5

9721cb6846fc46274206d011c0ebfb60
SHA1

693c4248458cbcdfee6d0d5165e4ed16993e5359
SHA256

b002ea3a5a80e0e9ddaff8e08976c80ec0fa79149a1088a9008d7905df18c8d5
SHA512

2f709d3fbab9bd555a695be1b8f5261df67b7eff6fa0855dac70269da40d070bcec38c9d2ca19f95c7abdd20f82febd229cf648380dac9385f74011c0794dd3f
SSDEEP

12288:+5qsO2DDggxhZrqiy6LJ/Lm0/XiOj1hbsDJBbVIeceG:+5nD8Wnqi9dC0/DjvbQfb2eu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9721cb6846fc46274206d011c0ebfb60_JaffaCakes118

Files

9721cb6846fc46274206d011c0ebfb60_JaffaCakes118
.exe windows:4 windows x86 arch:x86

31dc20e879f26cbe45c458c27d825afe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ToUnicodeEx
SetPropA
SetFocus
UnregisterDeviceNotification
SetCursor
UnhookWinEvent
PostThreadMessageW
SetMenuContextHelpId
UnhookWindowsHook
DdeFreeStringHandle
CreateDialogIndirectParamA
CreateDesktopW
DdeSetUserHandle
ClipCursor
AdjustWindowRectEx
SendDlgItemMessageW
DrawStateW
GetNextDlgTabItem
SendInput
RegisterHotKey
LoadCursorFromFileA
DdePostAdvise
RegisterClassA
GetClientRect
CopyIcon
GetTopWindow
CharNextW
GetMessageA
GetWindowRgn
GetGuiResources
WINNLSEnableIME
BroadcastSystemMessage
CreateWindowExW
RegisterClassExA
IsDialogMessage
AdjustWindowRect
KillTimer
GetWindowDC
GetMenuStringW
CallWindowProcA
GetDoubleClickTime
CreateDialogIndirectParamW
EnumPropsW
VkKeyScanW
CharPrevW
GetKeyNameTextW
InflateRect
ExcludeUpdateRgn
FindWindowExA
FlashWindow
GetOpenClipboardWindow
IsCharAlphaA
SendIMEMessageExA

kernel32

DeleteCriticalSection
GetSystemTimeAsFileTime
CopyFileExA
GetLastError
GetCurrentThread
FindFirstFileExW
InitializeCriticalSection
GetThreadContext
ReleaseMutex
OpenMutexA
EnterCriticalSection
HeapDestroy
GetLocaleInfoA
GetStartupInfoA
EnumDateFormatsExA
IsValidCodePage
GetVersion
lstrcmpW
TlsAlloc
FlushInstructionCache
GlobalAddAtomA
HeapReAlloc
FindAtomW
EnumDateFormatsA
EnumTimeFormatsA
GetConsoleCP
SetEnvironmentVariableA
UnhandledExceptionFilter
SetThreadLocale
FillConsoleOutputAttribute
TlsGetValue
GetSystemTime
WriteFileEx
GetTimeZoneInformation
CompareStringW
HeapFree
FreeLibraryAndExitThread
VirtualQuery
lstrcpyA
VirtualFree
EnumResourceLanguagesW
FreeEnvironmentStringsW
CreateToolhelp32Snapshot
InterlockedExchange
EnumSystemLocalesA
GetTempFileNameW
EnumResourceNamesW
TerminateThread
IsBadWritePtr
FreeEnvironmentStringsA
GetExitCodeProcess
GetNamedPipeHandleStateA
ReadConsoleOutputCharacterW
GetCurrentProcessId
CreateProcessA
FlushFileBuffers
GetStringTypeW
OpenEventW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateMutexA
RemoveDirectoryW
RtlUnwind
QueryPerformanceCounter
CreateSemaphoreW
GetSystemDirectoryW
lstrcpyW
GetOEMCP
GetCurrencyFormatW
GetEnvironmentStrings
SetConsoleOutputCP
WriteConsoleOutputW
TlsFree
LeaveCriticalSection
InterlockedIncrement
LocalFlags
CreateRemoteThread
HeapCreate
DeleteFiber
GetCommandLineA
SetFilePointer
WaitForMultipleObjects
EnumResourceTypesA
GetCPInfo
GetStringTypeA
CreatePipe
InitializeCriticalSectionAndSpinCount
CreateFileW
HeapAlloc
SetThreadIdealProcessor
OpenWaitableTimerA
GetCurrentProcess
TlsSetValue
LCMapStringW
SetConsoleCP
LoadLibraryA
GetACP
WideCharToMultiByte
GetCompressedFileSizeW
SetHandleCount
LockFileEx
GetPrivateProfileSectionNamesW
lstrcmpiW
FillConsoleOutputCharacterW
GetFullPathNameA
GetWindowsDirectoryW
CloseHandle
GetStdHandle
ExitProcess
TerminateProcess
DeleteFileA
ReadConsoleInputA
CompareStringA
VirtualQueryEx
SetStdHandle
GlobalCompact
SetLastError
GetLocalTime
GetTickCount
CreateSemaphoreA
InterlockedDecrement
AddAtomW
GetVersionExW
GlobalAlloc
GetPrivateProfileIntW
GetModuleFileNameA
GetFileType
LCMapStringA
TransmitCommChar
SetLocalTime
GetCurrentThreadId
SetConsoleCursorInfo
SetCriticalSectionSpinCount
WriteFile
GlobalReAlloc
ReadFile
VirtualAlloc
MultiByteToWideChar
GetProcAddress
WriteConsoleOutputCharacterA
GetModuleHandleA
ConvertDefaultLocale
GetEnvironmentStringsW
GetSystemTimeAdjustment

advapi32

CryptVerifySignatureA
CryptEncrypt
LookupPrivilegeDisplayNameA
CryptAcquireContextA
RegSaveKeyA
LogonUserW
RegCloseKey
DuplicateToken
RegOpenKeyExA
CryptCreateHash
RegQueryInfoKeyW
RegReplaceKeyW
LookupAccountNameA
RegConnectRegistryA
RegSetValueA
CryptSetProviderA
RegSaveKeyW
CryptGenKey
InitializeSecurityDescriptor
RegCreateKeyW
InitiateSystemShutdownA
CryptGenRandom
RegEnumKeyA
RegEnumKeyW
RegQueryValueW

comctl32

InitCommonControlsEx
CreateToolbarEx
ImageList_SetBkColor
_TrackMouseEvent
CreateStatusWindowA
ImageList_ReplaceIcon

comdlg32

GetFileTitleW
GetOpenFileNameW
PrintDlgA
ChooseColorW

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31dc20e879f26cbe45c458c27d825afe

Headers

File Characteristics

Imports

user32

kernel32

advapi32

comctl32

comdlg32

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 248KB - Virtual size: 244KB

.data Size: 112KB - Virtual size: 125KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 248KB - Virtual size: 244KB

.data
Size: 112KB - Virtual size: 125KB

.rsrc
Size: 12KB - Virtual size: 11KB