a55b6da37916be6660976e8e5a5123b1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a55b6da37916be6660976e8e5a5123b1_JaffaCakes118
Size

320KB
MD5

a55b6da37916be6660976e8e5a5123b1
SHA1

3866b72e57ca58b80ef102450c7352a82a9d34d8
SHA256

50230b4fa5b218c1eb91c925bbd7bb8b934e1d3e14ab70ac6682e14ae87f883b
SHA512

9837c9763505c5ef42f64859309aa645d71d9679a26f0979c4b52b8dbe07e828d8e308fd02ace85ab2f91afbddd819b15d50e4459abbb0c87c8ace56d1034b62
SSDEEP

6144:hFyfkubHUWrRDcy98qBOaA5H1Ibvj3NmRq1s5csFt/xX:hFXuDUUJO916j99u+sFt/h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a55b6da37916be6660976e8e5a5123b1_JaffaCakes118

Files

a55b6da37916be6660976e8e5a5123b1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e15d31a1382873b0bf89fdea15f598c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
malloc
_ultow
_setjmp3
longjmp
_wtoi
_wtol
_vsnprintf
_vsnwprintf
memcpy
memmove
free
_amsg_exit
_initterm
bsearch
_wcsicmp
wcsncmp
_wcsnicmp
memset

user32

SendMessageW
SetWindowPos
SendDlgItemMessageW
LoadStringW
CharNextW
ReleaseDC
GetDC
GetWindowRect
CharPrevW
CharUpperW
GetSystemMetrics
MessageBoxW
MessageBeep
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
ExitWindowsEx
EndDialog
EnableWindow
GetDlgItem
SetWindowTextW
GetDesktopWindow
GetDlgItemTextW
SetDlgItemTextW
DialogBoxParamW
OemToCharA
IsWindow
ShowWindow
DestroyWindow
UpdateWindow
CreateDialogParamW
CharNextA

gdi32

CreateFontIndirectW
GetObjectW
GetStockObject
GetDeviceCaps
DeleteObject

kernel32

GetDiskFreeSpaceW
MulDiv
EnumResourceLanguagesW
MultiByteToWideChar
WideCharToMultiByte
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
SetFileTime
GetFileTime
ReadFile
WritePrivateProfileSectionW
GetProfileStringW
lstrcmpiA
GetProcessHeap
HeapAlloc
GetLocalTime
HeapFree
GetFullPathNameW
GetSystemInfo
SearchPathW
GetPrivateProfileIntW
FindFirstFileW
FindNextFileW
FindClose
lstrcmpiW
GetCurrentProcess
GetSystemDirectoryW
MoveFileW
MoveFileExW
CopyFileW
GetPrivateProfileSectionW
CreateProcessW
CreateDirectoryW
SetFileAttributesW
GetVolumeInformationW
CompareStringW
ExpandEnvironmentStringsW
GetShortPathNameW
FormatMessageW
RemoveDirectoryW
CreateFileMappingW
GetUserDefaultUILanguage
SetLastError
UnmapViewOfFile
LoadLibraryExW
FindResourceExW
MapViewOfFile
GetLocaleInfoW
GetSystemDefaultUILanguage
Sleep
MapViewOfFileEx
GetLastError
lstrlenW
GetDriveTypeW
LocalFree
GetEnvironmentVariableW
CloseHandle
WriteFile
CreateFileW
WritePrivateProfileStringW
LockResource
LoadResource
SizeofResource
FindResourceW
GetTempFileNameW
GetWindowsDirectoryW
GetTempPathW
LocalAlloc
lstrlenA
SetFilePointer
GetModuleFileNameW
DeleteFileW
LocalReAlloc
GetVersionExW
DisableThreadLibraryCalls
lstrcmpW
GetPrivateProfileStringW
FreeLibrary
GetFileAttributesW
GetProcAddress
GetFileSize
LoadLibraryW

advapi32

RegFlushKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyW
RegUnLoadKeyW
RegLoadKeyW
RegSaveKeyW
RegCloseKey
RegDeleteKeyW
EqualSid
GetTokenInformation
RegDeleteValueW
AllocateAndInitializeSid
FreeSid
RegEnumValueW
RegSetValueW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

ole32

OleInitialize
OleUninitialize
CoTaskMemFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueW

setupapi

SetupCloseInfFile
SetupDefaultQueueCallbackW
SetupOpenAppendInfFileW
SetupOpenInfFileW
SetupSetDirectoryIdW
SetupGetLineTextW
SetupFindNextLine
SetupFindFirstLineW
SetupGetStringFieldW
SetupCloseFileQueue
SetupTermDefaultQueueCallback
SetupCommitFileQueueW
SetupInitDefaultQueueCallbackEx
SetupQueueCopyW
SetupOpenFileQueue
SetupInstallFromInfSectionW

shlwapi

StrStrIW
StrChrW
PathAddBackslashW
ord215
ord217
StrRChrW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathBuildRootW
PathCombineW

Sections

.text
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ffff
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yyup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jyup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gyup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gyep
Size: 512B - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e15d31a1382873b0bf89fdea15f598c9

Headers

File Characteristics

Imports

msvcrt

user32

gdi32

kernel32

advapi32

ole32

version

setupapi

shlwapi

Sections

.text Size: 8KB - Virtual size: 12KB

.rdata Size: 155KB - Virtual size: 156KB

.data Size: 2KB - Virtual size: 4KB

.ffff Size: 149KB - Virtual size: 152KB

.yyup Size: 512B - Virtual size: 4KB

.jyup Size: 512B - Virtual size: 4KB

.gyup Size: 512B - Virtual size: 4KB

.gyep Size: 512B - Virtual size: 60KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 12KB

.rdata
Size: 155KB - Virtual size: 156KB

.data
Size: 2KB - Virtual size: 4KB

.ffff
Size: 149KB - Virtual size: 152KB

.yyup
Size: 512B - Virtual size: 4KB

.jyup
Size: 512B - Virtual size: 4KB

.gyup
Size: 512B - Virtual size: 4KB

.gyep
Size: 512B - Virtual size: 60KB

.rsrc
Size: 2KB - Virtual size: 2KB