a7d5ada7bc6f750c2e71452a4f408f89_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7d5ada7bc6f750c2e71452a4f408f89_JaffaCakes118
Size

216KB
MD5

a7d5ada7bc6f750c2e71452a4f408f89
SHA1

490f1e5cb3cfb635875dc88705b1ae5656243f18
SHA256

8aea244225fab75cbc7e60cd289fa664b59a7ed4ce7ac94de1d1808e1e451264
SHA512

bfc99066125f42d1c545359d8b61708943765085a30a8af50687ffaad80b6a12150f9a6cb67cb50efa38a720cd5eba8f8a97fbdeb2a2e99224dfc97d9b899db8
SSDEEP

6144:cST7je8+E5bxnWE5qWoWscE6fiNXUebj1InbOFQV4w:cST7jL+E5bxnWgo7cvi7j6n+QL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7d5ada7bc6f750c2e71452a4f408f89_JaffaCakes118

Files

a7d5ada7bc6f750c2e71452a4f408f89_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6a832570c2e507f503e1a15d6b87e56e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
CreateFileMappingA
SleepEx
HeapFree
HeapAlloc
GetCurrentThreadId
OpenProcess
GetFullPathNameA
lstrcmpiA
GetWindowsDirectoryA
GetSystemDefaultLangID
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultUILanguage
CompareStringW
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetSystemDirectoryA
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
RtlUnwind
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
TlsGetValue
TlsSetValue
GetLocalTime
GetSystemTime
GetTimeZoneInformation
InterlockedIncrement
InterlockedDecrement
OpenFile
GetLastError
lstrcpynA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
LocalFree
lstrcatA
FindFirstFileA
lstrcmpA
LocalAlloc
CompareStringA
FindNextFileA
SetEnvironmentVariableA
FindClose
MultiByteToWideChar
lstrcpyA
GetVersionExA
Sleep
CreateMutexA
OpenFileMappingA
MapViewOfFile
OpenEventA
WaitForSingleObject
SetEvent
ReleaseMutex
CloseHandle
UnmapViewOfFile
GetEnvironmentStringsW
SetLastError

user32

GetSysColorBrush
GetDC
RegisterWindowMessageA
PostQuitMessage
DestroyWindow
SetCursorPos
PostMessageA
GetSysColor
GetTopWindow
GetWindow
IsWindowVisible
CreateIconIndirect
SendInput
SendMessageA
FillRect
LoadBitmapA
GetWindowThreadProcessId
ShowCursor
SetCursor
SetWindowRgn
DrawIconEx
DestroyIcon
SetSystemCursor
GetDesktopWindow
wsprintfA
CopyIcon
FindWindowExA
DefWindowProcA
GetSystemMetrics
LoadImageA
LoadCursorA
RegisterClassA
CreateWindowExA
SetDoubleClickTime
GetMessageA
TranslateMessage
DispatchMessageA
GetAncestor
KillTimer
SetTimer
LoadMenuA
GetSubMenu
InsertMenuA
DeleteMenu
DrawMenuBar
CheckMenuItem
TrackPopupMenu
GetClassNameA
GetWindowTextA
mouse_event
MessageBeep
LoadStringA
GetForegroundWindow
GetParent
IsWindow
GetWindowDC
GetWindowRect
ReleaseDC
GetCursorPos
ClipCursor
SetRect
GetAsyncKeyState
SystemParametersInfoA
SetForegroundWindow
TrackPopupMenuEx
GetWindowLongA
WindowFromPoint
CreatePopupMenu
DestroyMenu
InsertMenuItemA
GetMenuItemCount
GetMenuItemInfoA
FindWindowA
MessageBoxA
AttachThreadInput

gdi32

SetTextAlign
TextOutA
PatBlt
GetMapMode
CreateCompatibleBitmap
SetTextColor
DPtoLP
GetObjectA
CombineRgn
GetPixel
CreateRectRgn
SetBkColor
GetTextExtentPoint32A
SelectObject
GetStockObject
DeleteDC
DeleteObject
CreateCompatibleDC
CreateBitmap
SetMapMode
BitBlt

advapi32

RegQueryInfoKeyA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA

shell32

Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteExA
SHGetFileInfoA
ShellExecuteA

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExA

winmm

PlaySoundA

shlwapi

PathFileExistsA

setupapi

SetupGetLineTextA
SetupCloseInfFile
SetupOpenInfFileA

powrprof

CallNtPowerInformation

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tsdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6a832570c2e507f503e1a15d6b87e56e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

psapi

winmm

shlwapi

setupapi

powrprof

Sections

.text Size: 88KB - Virtual size: 86KB

.sdata Size: 4KB - Virtual size: 312B

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 24KB - Virtual size: 41KB

.rsrc Size: 28KB - Virtual size: 24KB

.tsdata Size: 60KB - Virtual size: 60KB

.text
Size: 88KB - Virtual size: 86KB

.sdata
Size: 4KB - Virtual size: 312B

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 24KB - Virtual size: 41KB

.rsrc
Size: 28KB - Virtual size: 24KB

.tsdata
Size: 60KB - Virtual size: 60KB