add26dfc343242a1eb496d716d10b38a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

add26dfc343242a1eb496d716d10b38a_JaffaCakes118
Size

236KB
MD5

add26dfc343242a1eb496d716d10b38a
SHA1

5cde610448c696419ec8b6e88c1899737d51234c
SHA256

32cba7a5c36e6ae8391c17cd5186caa93b66dddfa3eb1345e67807ae25716fd1
SHA512

718eb4dbb29442efce0ab767de9da2fd6a4597e129419ecd928746cb8bdc1c63e0c4f67e3f7255e62b1ab2358e2b336f407e5f6db3f04bd2d99ea3421ae2767b
SSDEEP

3072:nYtkwP3n3j4oNx0iJKmmzuVaVvOTwl/lAwSLRjhRx/hru2+44H7PLC6I9hT2so4e:nY+wP3nJql/uNRjhR7d+4e1Qo4e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
add26dfc343242a1eb496d716d10b38a_JaffaCakes118

Files

add26dfc343242a1eb496d716d10b38a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

876462491a90458b4a726d9305aff8b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

unregmp2.pdb

Imports

msvcrt

iswalnum
strstr
strchr
memmove
malloc
_itow
_wtol
strncpy
iswalpha
_wtoi
_vsnprintf
_wcsicmp
wcslen
??3@YAXPAX@Z
??2@YAPAXI@Z
wcsstr
wcsrchr
_wcslwr
_wcsupr
strncat
wcsncmp
_wcsnicmp
wcschr
wcscmp
mbstowcs
free
wcsncat
wcsncpy
swscanf
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_vsnwprintf

advapi32

RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyExA
RegQueryValueExW
RegSetValueExW
RegSetValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyW
RegEnumKeyA
RegCreateKeyExA
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CreateProcessW
CreateProcessA
GetShortPathNameW
GetShortPathNameA
GetWindowsDirectoryW
GetCurrentThreadId
CreateFileMappingW
CreateFileMappingA
GetVersionExW
WritePrivateProfileStringW
WritePrivateProfileStringA
SetFileAttributesW
SetFileAttributesA
IsBadWritePtr
MoveFileW
MoveFileA
MoveFileExW
MoveFileExA
LoadLibraryExW
LoadLibraryExA
LoadLibraryA
GetTempPathW
GetTempPathA
GetPrivateProfileStringW
GetPrivateProfileStringA
lstrcpynW
GetModuleHandleW
GetFileAttributesW
GetCurrentDirectoryW
GetCurrentDirectoryA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
GetProfileStringA
GetProfileStringW
GetSystemDirectoryA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
DeleteFileW
DeleteFileA
CreateFileW
CreateDirectoryW
CopyFileW
CopyFileA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
WriteFile
MapViewOfFile
UnmapViewOfFile
GetTickCount
QueryPerformanceCounter
FreeLibrary
FindClose
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetLastError
GetModuleHandleA
GetProcAddress
SetLastError
LocalFree
GetSystemDirectoryW
RemoveDirectoryA
RemoveDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
WriteProfileStringA
WriteProfileStringW
GetStartupInfoA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LoadLibraryW
GetCurrentProcessId
CloseHandle
GetFileAttributesA
GetVersionExA
GetTimeZoneInformation
GetFileTime
GetExitCodeProcess
WaitForMultipleObjects
GetCommandLineW
GetFileSize
CreateFileA
GetWindowsDirectoryA
CreateDirectoryA
SetEndOfFile
SetFilePointer

ole32

CoCreateGuid
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
CoCreateInstance
StringFromGUID2

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteW
SHGetSpecialFolderPathA
SHGetMalloc

shlwapi

PathRemoveBlanksW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW

user32

LoadStringA
LoadStringW
PostMessageA
PostMessageW
RegisterWindowMessageA
SendMessageA
IsWindow
CharNextA

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

afllqwm
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

876462491a90458b4a726d9305aff8b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

oleaut32

shell32

shlwapi

user32

version

Sections

.text Size: 180KB - Virtual size: 178KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 44KB - Virtual size: 44KB

afllqwm Size: 4KB - Virtual size: 32KB

.text
Size: 180KB - Virtual size: 178KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 44KB - Virtual size: 44KB

afllqwm
Size: 4KB - Virtual size: 32KB