ab0cb79a83c0674b15d168c19f24b3cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab0cb79a83c0674b15d168c19f24b3cd_JaffaCakes118
Size

192KB
MD5

ab0cb79a83c0674b15d168c19f24b3cd
SHA1

7deb5c1ecdb179f569528a9f9257203a74522faa
SHA256

128cf358a11862f63310f9e8e0f75b017e190c5e1a391f3f26dfa7183f55184e
SHA512

507d84b84a31a9eac4bf42274d9b58c8b4a3afe9fe1963c8f0dd9ffb4e85b0eb831115a11742fbf3c54b0ab3ca25ea03e140c97104f29fcad4b993b55e60462c
SSDEEP

3072:WsU1Zv3aB7TxRCdTn/opAFQxLsF95zJlL9eIdMdwXwmtw:tUMBban/opAFQyl9GdwS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab0cb79a83c0674b15d168c19f24b3cd_JaffaCakes118

Files

ab0cb79a83c0674b15d168c19f24b3cd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53d78266d986c4b6e5ffaa80301211eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

wdaccess

_KB_DEVICE_Open@4
_KB_DEVICE_Close@0

kernel32

GetCPInfo
GetOEMCP
InterlockedIncrement
WideCharToMultiByte
GetFileAttributesA
GetFileSize
GetProcessVersion
GetFileTime
SetErrorMode
WritePrivateProfileStringA
TlsGetValue
GlobalFlags
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
RaiseException
HeapAlloc
HeapFree
TerminateProcess
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
EnterCriticalSection
FileTimeToLocalFileTime
LockFile
FileTimeToSystemTime
LocalReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
TlsSetValue
TlsFree
GlobalReAlloc
LeaveCriticalSection
TlsAlloc
GlobalHandle
DeleteCriticalSection
LocalAlloc
InitializeCriticalSection
LocalFree
lstrcmpA
GetCurrentThread
InterlockedDecrement
GetVolumeInformationA
GetFullPathNameA
lstrcpynA
FindClose
MultiByteToWideChar
UnlockFile
SetEndOfFile
FlushFileBuffers
SetCurrentDirectoryA
SetFilePointer
WriteFile
GetCurrentProcess
ReadFile
GetProfileStringA
GetCurrentDirectoryA
CreateFileA
LCMapStringA
GlobalUnlock
DuplicateHandle
GetDriveTypeA
GlobalLock
FindResourceA
SetLastError
GetVersion
LoadResource
GlobalAddAtomA
GetCurrentThreadId
GlobalGetAtomNameA
GetModuleHandleA
GlobalFindAtomA
GlobalDeleteAtom
FindFirstFileA
GetSystemPowerStatus
UnmapViewOfFile
WinExec
GetWindowsDirectoryA
lstrcatA
GetProcAddress
FreeLibrary
LoadLibraryA
lstrcpyA
CreateFileMappingA
MapViewOfFile
GetLastError
lstrcmpiA
CreateMutexA
LCMapStringW
SizeofResource
CreateProcessA
GetModuleFileNameA
CloseHandle
GlobalFree
GlobalAlloc
GetVersionExA
lstrlenA

user32

SetWindowTextA
ShowWindow
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CharUpperA
GetCursorPos
ValidateRect
GetActiveWindow
TranslateMessage
GetMessageA
PostQuitMessage
SetCursor
GetClassNameA
PtInRect
GetSysColorBrush
DestroyMenu
LoadStringA
AdjustWindowRectEx
ScreenToClient
GetClientRect
CopyRect
IsWindowVisible
GetTopWindow
GetParent
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetForegroundWindow
SetForegroundWindow
BringWindowToTop
KillTimer
PostMessageA
keybd_event
SetActiveWindow
MessageBoxA
SetTimer
LoadCursorA
UpdateWindow
EnableWindow
SystemParametersInfoA
FindWindowA
WaitForInputIdle
SendMessageA
LoadIconA
PeekMessageA
MapWindowPoints
GetSysColor
DispatchMessageA
GetFocus
SetFocus
DestroyWindow
DefWindowProcA
SetPropA
UnhookWindowsHookEx
GetDlgItem
CharNextA
ShowCaret
DrawFocusRect
InvalidateRect
UnregisterClassA
HideCaret
InflateRect
ExcludeUpdateRgn
IsWindowUnicode
DefDlgProcA

gdi32

GetTextExtentPointA
CreatePalette
RealizePalette
CreateDIBitmap
CreateCompatibleDC
BitBlt
GetObjectA
GetClipBox
SetTextColor
CreateBitmap
DeleteDC
SetBkColor
SaveDC
RestoreDC
GetStockObject
SelectPalette
SelectObject
SetBkMode
SetMapMode
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
IntersectClipRect
PatBlt
DeleteObject
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
ExtTextOutA
Escape
TextOutA
ScaleWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegEnumKeyExA
RegEnumValueA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
RegCloseKey

shell32

ShellExecuteA

comctl32

ord17

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53d78266d986c4b6e5ffaa80301211eb

Headers

File Characteristics

Imports

wtsapi32

wdaccess

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 48KB - Virtual size: 48KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 48KB - Virtual size: 48KB