a90bc839d75832a6857c21c0fd5fb47b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a90bc839d75832a6857c21c0fd5fb47b_JaffaCakes118
Size

291KB
MD5

a90bc839d75832a6857c21c0fd5fb47b
SHA1

a51f64cdce935062c09f185f0a2fd64d6f3e6c46
SHA256

3cdc827674562c706f2814876afab6b43bb4af1a8e373ed766f7094668f5504e
SHA512

0369fba8560d08be585b7bf40cce8c5a2a8dd705b3678f1c5387021154791cffa8bfafec0acdd216175554957333639016a37ab11778ed073860b5a5444e47ec
SSDEEP

6144:eDn2X3yhGvg+LKinzwDfnCV3uoOEKh507k/7iE:Fvg+LKizwrS3htKvl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a90bc839d75832a6857c21c0fd5fb47b_JaffaCakes118

Files

a90bc839d75832a6857c21c0fd5fb47b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c2e6bbcf8c043d17c74c1e20d80c9247

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\dd\xcp\Silverlight\Desktop_RET\Silverlight.Configuration.pdb

Imports

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
CryptGenRandom
CryptAcquireContextW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegQueryValueExA
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
CryptReleaseContext

kernel32

FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CloseHandle
GetVersionExW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
RtlUnwind
InitializeCriticalSection
LoadLibraryA
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentProcess
GetModuleHandleW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetProcAddress
InterlockedCompareExchange
LoadLibraryW
LocalFree
GetCommandLineW
GetLastError
GetModuleFileNameW
CreateProcessW
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
DuplicateHandle
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateThread
WaitForMultipleObjectsEx
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultUILanguage
GetLocaleInfoW
CreateEventW
SetEvent
WaitForMultipleObjects
WriteFile
CreateFileW
GetFileSize
ReadFile
SetFilePointer
RemoveDirectoryW
DeleteFileW
GetEnvironmentVariableW
FreeResource
FindResourceExW
FindResourceW
LoadResource
GlobalLock
GlobalAlloc
SizeofResource
GlobalUnlock
RaiseException
InterlockedExchange
GlobalFree
LockResource
GetSystemDefaultLCID
GetSystemTimeAsFileTime
DosDateTimeToFileTime
SetEndOfFile
GetFileAttributesExW
CreateDirectoryW
GetCommandLineA
GetVersionExA
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
LocalAlloc

gdi32

GetObjectW
CreateFontIndirectW
DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
CreateSolidBrush
SelectObject
SetStretchBltMode
StretchBlt
GetStockObject
SetDIBColorTable

msimg32

GradientFill

shlwapi

SHDeleteKeyW
PathAppendW
SHGetValueW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW

shell32

SHFileOperationW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

comctl32

ord17
PropertySheetW
InitCommonControlsEx

user32

DialogBoxParamW
GetWindowLongW
EndDialog
HideCaret
ReleaseDC
LoadIconW
GetDlgItem
EnableWindow
PostQuitMessage
SetWindowTextW
GetWindowRect
MapWindowPoints
InvalidateRect
GetDC
ShowWindow
BeginPaint
EndPaint
IsDlgButtonChecked
IsWindowEnabled
GetMonitorInfoW
SetWindowPos
PostMessageW
LoadStringW
GetParent
FillRect
GetSysColor
MonitorFromWindow
SystemParametersInfoW
MsgWaitForMultipleObjects
DestroyWindow
SetWindowLongW
SendMessageW

ole32

CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
VarBstrCmp
SysFreeString
VariantInit

Sections

.text
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ndata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2e6bbcf8c043d17c74c1e20d80c9247

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

msimg32

shlwapi

shell32

comctl32

user32

ole32

oleaut32

Sections

.text Size: 203KB - Virtual size: 202KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.ndata Size: 60KB - Virtual size: 60KB

.text
Size: 203KB - Virtual size: 202KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB

.ndata
Size: 60KB - Virtual size: 60KB