a4dd5e3afd70cb9cea5cbfc7b65ecc83_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a4dd5e3afd70cb9cea5cbfc7b65ecc83_JaffaCakes118
Size

148KB
MD5

a4dd5e3afd70cb9cea5cbfc7b65ecc83
SHA1

81a7147a5324bcf229a897242fceb7af74e2c60e
SHA256

88d0fb2ea032fb828b5f07e6da54e1b269754a14bf48c030396055a21da8196a
SHA512

2e723c52788b64834cab1abbc2ce31471d003a1a2d14922c24b36c3cff11e2c80bba1348411a2bac7ce05285802d6ede61629decb56214c7f0bab8e4a93f8f6e
SSDEEP

3072:/6UksLxxmv61f+kavwzccB1OFgvyLoec:jxS6LzN1qgaL1c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4dd5e3afd70cb9cea5cbfc7b65ecc83_JaffaCakes118

Files

a4dd5e3afd70cb9cea5cbfc7b65ecc83_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0b745f7989f20e144300d519949c0812

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiSetClassInstallParamsA
SetupDiChangeState
SetupDiDestroyDeviceInfoList

kernel32

SetUnhandledExceptionFilter
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetACP
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
HeapReAlloc
HeapSize
ExitProcess
GetStartupInfoA
HeapAlloc
HeapFree
RaiseException
RtlUnwind
FlushFileBuffers
SetFilePointer
GetOEMCP
GetCPInfo
GlobalFlags
lstrcmpA
GetProcessVersion
LoadLibraryA
FreeLibrary
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
GetVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
lstrcpynA
SetLastError
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetCurrentThread
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetModuleFileNameA
lstrlenA
GetCommandLineA
lstrcmpiA
Sleep
GetTickCount
CreateProcessA
WaitForSingleObject
TerminateProcess
CreateFileA
WriteFile
CloseHandle
GetSystemDirectoryA
CreateEventA
InterlockedIncrement
LocalFree
InterlockedDecrement
GetLastError
LeaveCriticalSection
EnterCriticalSection
GetEnvironmentStrings

user32

GrayStringA
DrawTextA
TabbedTextOutA
DestroyMenu
PostQuitMessage
ClientToScreen
PtInRect
GetClassNameA
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorA
SetWindowTextA
LoadIconA
PostMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
CharNextA
LoadStringA
PostThreadMessageA
DispatchMessageA
GetMenuItemID
GetMessageA
GetSubMenu
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
EnableWindow
MessageBoxA
UnhookWindowsHookEx
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA

gdi32

Escape
RectVisible
PtVisible
SetViewportExtEx
ExtTextOutA
ScaleWindowExtEx
SetWindowExtEx
TextOutA
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
ScaleViewportExtEx

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

StartServiceCtrlDispatcherA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
DeleteService
CreateServiceA
OpenSCManagerA
OpenServiceA
StartServiceA
ControlService
QueryServiceStatus
CloseServiceHandle
RegNotifyChangeKeyValue
RegEnumValueA

comctl32

ord17

atl

ord23
ord18
ord57
ord16
ord20
ord17
ord32
ord58
ord30

ole32

CoInitializeSecurity
CoInitialize
CoUninitialize

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantClear
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
LoadRegTypeLi
SysStringLen
SysAllocString

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pvgplmc
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b745f7989f20e144300d519949c0812

Headers

File Characteristics

Imports

setupapi

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

atl

ole32

oleaut32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 36KB - Virtual size: 36KB

pvgplmc Size: - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 36KB - Virtual size: 36KB

pvgplmc
Size: - Virtual size: 4KB