aa2c4196836614a05bd65c7fd823de4e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

aa2c4196836614a05bd65c7fd823de4e_JaffaCakes118
Size

348KB
MD5

aa2c4196836614a05bd65c7fd823de4e
SHA1

ac34c75533e706c3ee65fb09d4a452e16283fba0
SHA256

411e8c9bff884f79035b9d41c47561b04e21373bbb062149cedb714b93316d0a
SHA512

1121b89e5b78a2d952835f5b15b1633ce2aeb061e7e29162f6cf075af014485d88c0c137c41ea08ba8ccdc39f56dc79d2afee96e164573d8e0f8fbf29aa7b4b3
SSDEEP

6144:WWoOE5kFY40XDyBsCk9iOjg2XU07yNaxgSDqzsPzryVwlKgCUwT76s4HpLUp:RdE5VtRiOEnN0gAAyKgCUwT76s4J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa2c4196836614a05bd65c7fd823de4e_JaffaCakes118

Files

aa2c4196836614a05bd65c7fd823de4e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6bfa99aa25fd270d33430f5fb2474531

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MsgWaitForMultipleObjects
GetWindowThreadProcessId
GetKeyboardType
GetActiveWindow
ExitWindowsEx
CharLowerA
DispatchMessageW
CharUpperW
CharUpperA
CharNextW
PeekMessageW
TranslateMessage
SendMessageW
PostMessageW

shlwapi

PathStripToRootW
PathIsRelativeW
PathIsRootW
PathIsUNCW
PathRemoveBackslashW
StrChrW
StrCmpIW
StrCmpW
StrRChrW
StrStrIW
StrToIntExW
UrlGetPartW
UrlCombineW
StrToIntW
PathFindExtensionW

oleaut32

SysFreeString
VariantInit
VariantClear
VarR8FromI1
SysStringLen
SysAllocString

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoUninitialize
HMETAFILE_UserFree

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LsaQueryInformationPolicy
LsaOpenPolicy
LsaNtStatusToWinError
LsaFreeMemory
LsaClose
LookupPrivilegeValueW
IsValidSid
GetTokenInformation
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetLengthSid
FreeSid
EqualSid
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
AdjustTokenPrivileges
SetNamedSecurityInfoW

kernel32

InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
InterlockedExchange
LoadLibraryExW
HeapAlloc
GlobalFree
InterlockedIncrement
HeapReAlloc
LeaveCriticalSection
lstrlenW
LocalFree
MapViewOfFile
MoveFileW
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ReleaseMutex
RemoveDirectoryW
ResetEvent
SetEndOfFile
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrcmpiW
lstrcpynW
HeapFree
GetExitCodeThread
CloseHandle
CompareFileTime
CompareStringA
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateMutexW
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileW
DisableThreadLibraryCalls
EnterCriticalSection
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeW
GetExitCodeProcess
GlobalAlloc
GetFileSize
GetFileTime
GetFileType
GetLocalTime
GetLocaleInfoW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetSystemDefaultLangID
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultLangID
GetVersionExW
GetVolumeInformationW
lstrlenA

wininet

InternetQueryOptionA
InternetCrackUrlW
InternetGetConnectedState
InternetCanonicalizeUrlW

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

setupapi

CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
SetupCloseFileQueue
SetupCloseInfFile
SetupDiBuildDriverInfoList
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoW
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInstallParamsW
SetupDiInstallDriverFiles
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
SetupDiSetDeviceInstallParamsW
SetupDiSetSelectedDriverW
SetupFindFirstLineW
SetupGetStringFieldW
SetupOpenFileQueue
SetupOpenInfFileW
SetupScanFileQueueW

shell32

SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bfa99aa25fd270d33430f5fb2474531

Headers

File Characteristics

Imports

user32

shlwapi

oleaut32

ole32

advapi32

kernel32

wininet

crypt32

setupapi

shell32

Sections

.text Size: 256KB - Virtual size: 256KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 16KB - Virtual size: 140KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 256KB - Virtual size: 256KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 16KB - Virtual size: 140KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB