adc95c4fd0b36d4ce5887651fe1c93f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

adc95c4fd0b36d4ce5887651fe1c93f5_JaffaCakes118
Size

77KB
MD5

adc95c4fd0b36d4ce5887651fe1c93f5
SHA1

c00efa071e69c6927c9d1b9f34a6980b4b78a379
SHA256

5ac05fcc4944fc29a4c07b790a2cace8cec55add81e7b048a269ad31bcbf10c1
SHA512

b729d5ab7dac0e9f7ca5af5debd3e19028bd9999a3fc9b25f5518fb3555312811ca2e2367ccd36e04a21d7410f1072423abc8fbd9f0467566bd5abc5e22de286
SSDEEP

1536:BNFBqnYgBrRWaw6b+EQq17FF0Ldub5gftaRagKu1g8bL2O:BNvqnvpRDw2+E68bMaMAHbLL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adc95c4fd0b36d4ce5887651fe1c93f5_JaffaCakes118

Files

adc95c4fd0b36d4ce5887651fe1c93f5_JaffaCakes118
.exe windows:6 windows x86 arch:x86

5e54965269cfb045271eb6946b72fba3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

runonce.pdb

Imports

advapi32

EventRegister
EventUnregister
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
EventWrite
EventEnabled
EnableTraceEx
StopTraceW
StartTraceW
RegQueryInfoKeyW
RegCreateKeyExW

kernel32

GetProcAddress
SetTermsrvAppInstallMode
ExitProcess
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
DeleteFileW
HeapSetInformation
WaitForMultipleObjects
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetPrivateProfileIntW
GetWindowsDirectoryW
SetInformationJobObject
AssignProcessToJobObject
lstrlenW
LocalFree
LocalAlloc
CreateProcessW
CreateThread
WaitForSingleObjectEx
CloseHandle
LoadLibraryW
SetEvent
CreateEventW
CompareStringOrdinal
GetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
GetProcessId
TerminateThread
ResumeThread
GetSystemDirectoryW
GetVersionExW
LoadLibraryA
CreateJobObjectW
Sleep

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
SetBkColor
GetObjectW
CreateFontIndirectW
CreateSolidBrush
GetTextExtentPointW
BitBlt
ExtTextOutW
GetLayout

user32

GetWindowTextW
MessageBoxW
MessageBeep
GetSysColor
GetParent
LoadBitmapW
CreatePopupMenu
DestroyMenu
GetMenuDefaultItem
GetDlgItem
EndDialog
PostMessageW
SendMessageW
ExitWindowsEx
TranslateMessage
DispatchMessageW
PeekMessageW
PostQuitMessage
MsgWaitForMultipleObjects
SetCursor
LoadCursorW
LoadStringW
GetWindowRect
ReleaseDC
GetDC
GetSystemMetrics
DialogBoxParamW
SetWindowPos
DrawTextW

msvcrt

_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
_vsnwprintf
?terminate@@YAXXZ
_controlfp
memset
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler4_common

shlwapi

ord460
ord388
SHGetValueW
PathFindFileNameW
ord199
ord174
ord176
ord217
ord219
SHRegGetValueW
SHDeleteValueW
PathQuoteSpacesW
ord437
ord158

ole32

CoTaskMemFree
CoInitialize
CoUninitialize

api-ms-win-core-path-l1-1-0

PathCchAddExtension
PathCchAppend

comctl32

ord329
ord334
ord328

shell32

SHParseDisplayName
ord155
ord165
ord885
ord723
ord100
SHEvaluateSystemCommandTemplate
SHBindToParent

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fzkwsrn
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5e54965269cfb045271eb6946b72fba3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

shlwapi

ole32

api-ms-win-core-path-l1-1-0

comctl32

shell32

Sections

.text Size: 42KB - Virtual size: 41KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 30KB - Virtual size: 31KB

fzkwsrn Size: - Virtual size: 4KB

.text
Size: 42KB - Virtual size: 41KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 30KB - Virtual size: 31KB

fzkwsrn
Size: - Virtual size: 4KB