a31bcd0fb5f18b78ba4088440bc8e893_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a31bcd0fb5f18b78ba4088440bc8e893_JaffaCakes118
Size

222KB
MD5

a31bcd0fb5f18b78ba4088440bc8e893
SHA1

ca9c121dbe38424c48fcab97b072ae33af438c99
SHA256

90c85d4b572a4008b2e4913a33e9ed5f5c2a87a08432f0370b8c7d89bf91c7ea
SHA512

e91cce6485888c6f83d12fd62c867300d8db61fa0fc71cab2536dfc3756dd9bd9ec76d14f7006e4ed9cd0e99ea1b537d67d756f0756f20a4443d8473f5135506
SSDEEP

6144:ng7g8hywP0DejhDtbEeyxroGJPV5oSCH:gGwP6elD+e48GJd+lH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a31bcd0fb5f18b78ba4088440bc8e893_JaffaCakes118

Files

a31bcd0fb5f18b78ba4088440bc8e893_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f198a18803524c77ebabdd09efe7a67

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetExitCodeThread
OpenFile
GetFileAttributesW
SetPriorityClass
GetTempFileNameA
CreateEventA
EnumTimeFormatsW
LoadLibraryA
lstrcmp
ExitProcess
SetErrorMode
GetDiskFreeSpaceA
GetDateFormatA
IsBadStringPtrW
GetLastError
IsDebuggerPresent
GetFileTime
GetCalendarInfoA
lstrcmpiW
OpenSemaphoreA
GetNamedPipeInfo
HeapCreate
GetThreadLocale
IsValidCodePage
lstrcmpi
EnumDateFormatsA
OpenEventA
WaitForMultipleObjects
lstrlen
GetFileType
GlobalGetAtomNameA
GetTimeFormatA
EnumCalendarInfoA
GetLocaleInfoA
GetProcAddress
lstrcpyA
ConnectNamedPipe
IsBadWritePtr
EnumTimeFormatsA

user32

GetForegroundWindow
GetDlgItemInt
ActivateKeyboardLayout
InsertMenuItemW
EnumDesktopsW
LoadMenuW
DestroyWindow
CreateAcceleratorTableA
EnumWindows
GetDlgItem
TrackPopupMenu
PostMessageW
MessageBoxW
FillRect
CreateIcon
DrawTextW
GetDesktopWindow
SetWindowPos
GetFocus
GetClassLongA
GetCaretPos
GetMenuState
DialogBoxIndirectParamW
GetAsyncKeyState
CreateWindowExW
GetScrollPos
WinHelpW
GetWindowLongW
CharNextA
SendDlgItemMessageA
LoadIconW
GetParent
DefFrameProcW
IsDlgButtonChecked
GetWindowTextLengthA
LoadCursorA
EndDialog
SetDlgItemInt
GetWindowRect
AppendMenuA
SetMenu
GetDC
RegisterWindowMessageW
GetClassInfoW
DefWindowProcA
GetWindowTextLengthW
PostQuitMessage
SetCursor

gdi32

GetTextExtentPointI
GetICMProfileA
SetMapperFlags
FixBrushOrgEx
GetCharABCWidthsW
CreateDCW
StrokePath
SelectClipRgn
GetRandomRgn
PatBlt
GetDCPenColor
GetBitmapBits

advapi32

RegReplaceKeyW
RegOpenKeyW
RegOpenKeyA
RegRestoreKeyA
RegQueryInfoKeyW
RegRestoreKeyW
RegOpenKeyExW

shlwapi

StrStrIW
PathSearchAndQualifyW
SHQueryInfoKeyA
PathMatchSpecW
StrIsIntlEqualW
SHRegGetUSValueW
ColorAdjustLuma
PathQuoteSpacesA
PathIsLFNFileSpecA
PathStripPathA
PathCreateFromUrlW
AssocQueryStringByKeyW

winspool.drv

SetPrinterA
EnumPortsA
QueryRemoteFonts
PerfClose
GetPrintProcessorDirectoryA
EnumPrintProcessorsW
EnumPrintersA
EnumPrintProcessorDatatypesW
DeviceCapabilities
GetPrinterA

oledlg

OleUIBusyA
OleUIChangeIconA
OleUIInsertObjectA

sqlunirl

_SHGetFileInfo_@20
_GetBinaryType_@8
_SetDlgItemText@12
_ChangeDisplaySettings_@8
_RegCreateKeyEx_@36
_GetTempPath_@8
_ReplaceText_@4
_UnregisterClass_@8
_GetMenuItemInfo_@16
_NDdeGetTrustedShare_@20
_PeekMessage@20
_GetSaveFileName@4
newWideCharFromMultiByte
_SetDefaultCommConfig_@12
_FreeEnvironmentStrings@4
_GetMenuString_@20
__lwrite_@12

crypt32

CertUnregisterSystemStore
CertNameToStrA
CryptMsgUpdate
I_CryptFreeLruCache
CryptSetOIDFunctionValue
CryptQueryObject
CryptSetAsyncParam
CertRemoveStoreFromCollection
CertStrToNameW
CertStrToNameA
CertDuplicateStore
CertAddCertificateLinkToStore
CertDuplicateCRLContext
CryptGetDefaultOIDFunctionAddress
CryptExportPublicKeyInfo

Sections

.j
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SDeKOC
Size: 4KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QSTD
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ER
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DrSkg
Size: 2KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.X
Size: 5KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hxw
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.n
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f198a18803524c77ebabdd09efe7a67

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

winspool.drv

oledlg

sqlunirl

crypt32

Sections

.j Size: 4KB - Virtual size: 4KB

.SDeKOC Size: 4KB - Virtual size: 397KB

.QSTD Size: 85KB - Virtual size: 84KB

.ER Size: 13KB - Virtual size: 13KB

.DrSkg Size: 2KB - Virtual size: 359KB

.X Size: 5KB - Virtual size: 22KB

.hxw Size: 82KB - Virtual size: 82KB

.data Size: 11KB - Virtual size: 59KB

.n Size: 4KB - Virtual size: 12KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 1024B

.j
Size: 4KB - Virtual size: 4KB

.SDeKOC
Size: 4KB - Virtual size: 397KB

.QSTD
Size: 85KB - Virtual size: 84KB

.ER
Size: 13KB - Virtual size: 13KB

.DrSkg
Size: 2KB - Virtual size: 359KB

.X
Size: 5KB - Virtual size: 22KB

.hxw
Size: 82KB - Virtual size: 82KB

.data
Size: 11KB - Virtual size: 59KB

.n
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 1024B