a06054ffdf26dd6750f1fad28d2b7e9c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a06054ffdf26dd6750f1fad28d2b7e9c_JaffaCakes118
Size

245KB
MD5

a06054ffdf26dd6750f1fad28d2b7e9c
SHA1

87efbf809fe2fc84ce8953a4e6b7757395ebfcc0
SHA256

2d54e9bf6db5f5e1b2e3a6725deb3fb60ef4c32fc2b055d88280a317e65a699b
SHA512

0ba5f43bc7a010e31a843416b66e940cc0c2fbc33e955db1cd3a7ec05afde7e0bef7b96d47967eeddc0fdd13eb0617cd7730c2c9a14c705563b9548d1dd27562
SSDEEP

3072:pIbqxvUpN3Q1CdDQfTLu4qmWgEbuk3Fwr73TeIXt1XtMuLYoEjToAbCUD:pI+hWuCdDWLuzmW1bW9LNKd9D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a06054ffdf26dd6750f1fad28d2b7e9c_JaffaCakes118

Files

a06054ffdf26dd6750f1fad28d2b7e9c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

35823e7e1fd4e92673f29f4845543577

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\acro_root_ns\buildresults\bin\release\AcroScanBroker.pdb

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
HeapFree
RtlUnwind
HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
HeapSize
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GlobalFlags
GetVersion
GetCurrentProcessId
TlsFree
GlobalFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsGetValue
LocalFree
LocalAlloc
GetLastError
WideCharToMultiByte
SetLastError
GetProcAddress
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
LoadLibraryW
lstrcmpW
FreeLibrary
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
GetCommandLineW
SetEvent
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetModuleHandleW
CreateEventW
CreateThread
Sleep
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CloseHandle

user32

EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
CheckMenuItem
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowsHookExW
CallNextHookEx
GetKeyState
PeekMessageW
ValidateRect
SetWindowPos
SetWindowLongW
IsWindow
GetDlgItem
TranslateMessage
DispatchMessageW
GetMessageW
PostThreadMessageW
CharNextW
CharUpperW
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
MessageBoxW
LoadStringW
UnregisterClassA
UnhookWindowsHookEx
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetWindowTextW
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromProgID

oleaut32

VariantChangeType
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

atl80

ord32
ord31
ord58
ord61
ord23
ord64
ord22
ord18
ord20
ord17

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

DeleteObject
SaveDC
RestoreDC
SetBkColor
GetStockObject
SetTextColor
SetMapMode
GetClipBox
CreateBitmap
DeleteDC
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

35823e7e1fd4e92673f29f4845543577

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

atl80

oleacc

gdi32

winspool.drv

Sections

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 8KB - Virtual size: 4KB

.rrdata Size: 72KB - Virtual size: 72KB

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 8KB - Virtual size: 4KB

.rrdata
Size: 72KB - Virtual size: 72KB