ae5c4131d6fc760c6e8066f5d42824e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae5c4131d6fc760c6e8066f5d42824e1_JaffaCakes118
Size

568KB
MD5

ae5c4131d6fc760c6e8066f5d42824e1
SHA1

4fcfef3d9bb66836b1adfae49a8b6aba8b92fab1
SHA256

1de50212a050bd0e22623c8d74633709b9031cb4cd29320856e6782c70129000
SHA512

5fad5d5e542cb40266be58dc03ebd6598c7a2244b9946d0c0f102c2243e2b9c3562e2d90017f4a2ce3af4585d3378ee1cf888389bfb86df770b3c0ec6a2243dd
SSDEEP

12288:PLE5YbGrUrfZ3CWi8DRqJizacw/c3q9lffLO74NQMNcy8Y2c:UY2UV3CWTDRVWcw/6qrffaihN0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae5c4131d6fc760c6e8066f5d42824e1_JaffaCakes118

Files

ae5c4131d6fc760c6e8066f5d42824e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0978567f70bc8328afdc679f71ba7f6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\qyldosycno.pdb

Imports

wininet

FtpGetCurrentDirectoryA
InternetOpenUrlA
InternetShowSecurityInfoByURL
InternetFindNextFileA
GopherGetLocatorTypeA

user32

GetWindowInfo
DestroyAcceleratorTable
GetKeyboardLayoutNameW
DialogBoxParamW
GetMenuBarInfo
SendDlgItemMessageA
RegisterClassA
ShowWindow
GetMenuDefaultItem
RegisterClassExA
DdeCmpStringHandles
EnumDisplaySettingsExW
GetWindowDC
EnumDesktopsA
GetDlgItem
EnumDesktopWindows
SetLastErrorEx
wvsprintfW
CreateCaret
PackDDElParam
OffsetRect
CreateIconFromResource
DestroyWindow
GetClassNameA
SetProcessDefaultLayout
IsCharLowerW
CreateWindowExA
DdeAccessData
CreateAcceleratorTableA
GetDCEx
LoadMenuA
EditWndProc
MessageBoxW
DefWindowProcA
LoadMenuIndirectA
InsertMenuItemA
CreateAcceleratorTableW
UpdateWindow
DdeCreateStringHandleA
MessageBoxIndirectW
EndDeferWindowPos
SetPropA
ChangeMenuW

comctl32

InitCommonControlsEx
ImageList_LoadImageW
ImageList_Add
ImageList_GetIcon
ImageList_SetOverlayImage
_TrackMouseEvent
ImageList_SetIconSize
GetEffectiveClientRect
DrawInsert
CreateMappedBitmap
ImageList_BeginDrag
CreateToolbar
ImageList_Destroy
ImageList_DragMove
ImageList_SetFlags
ImageList_GetFlags
CreateToolbarEx
ImageList_SetBkColor
ImageList_Read
ImageList_Write
ImageList_GetImageInfo
ImageList_GetImageCount

kernel32

IsValidLocale
lstrcpyn
LeaveCriticalSection
GetStartupInfoW
VirtualAlloc
VirtualFree
VirtualProtect
GetLastError
SetHandleCount
GetModuleFileNameW
GetModuleHandleA
HeapAlloc
InterlockedExchange
GetStartupInfoA
GetTickCount
GetTempFileNameA
TlsGetValue
GetCommandLineA
GetCurrentThreadId
GetStdHandle
GetEnvironmentStringsW
GetTimeZoneInformation
GetCurrentThread
GlobalGetAtomNameA
HeapReAlloc
GetLocaleInfoW
HeapDestroy
HeapCreate
GetCurrentProcess
DeleteCriticalSection
GetStringTypeW
HeapSize
LCMapStringW
QueryPerformanceCounter
GetEnvironmentStrings
CompareStringA
GetStringTypeA
VirtualQuery
FlushFileBuffers
GetCommandLineW
SetCurrentDirectoryA
GetCurrentProcessId
GetACP
CreateEventW
GetLocaleInfoA
GetModuleFileNameA
TerminateProcess
MultiByteToWideChar
DeleteFiber
LCMapStringA
IsValidCodePage
EnumSystemCodePagesA
GetFileType
OpenProcess
FreeEnvironmentStringsA
OpenMutexA
LoadLibraryA
GetOEMCP
IsBadWritePtr
FindAtomA
WriteFile
SetEnvironmentVariableA
GetSystemInfo
GetTimeFormatA
UnhandledExceptionFilter
GetProcAddress
SetLastError
GetUserDefaultLCID
FindClose
GetVersionExA
ReadFile
RtlUnwind
InitializeCriticalSection
ExitProcess
TlsFree
GetSystemTimeAsFileTime
UnlockFileEx
WideCharToMultiByte
GetDateFormatA
CloseHandle
SetStdHandle
CreateMutexA
CompareStringW
EnumSystemLocalesA
FreeEnvironmentStringsW
GetProfileIntA
HeapFree
TlsAlloc
TlsSetValue
EnterCriticalSection
GetCPInfo
SetFilePointer
CreateWaitableTimerA

shell32

CommandLineToArgvW
ShellExecuteEx
SHGetSpecialFolderLocation
DragQueryFileW

comdlg32

ChooseColorW
ChooseColorA

advapi32

CryptExportKey
CryptGetDefaultProviderA
LookupPrivilegeValueW
RegDeleteKeyW

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0978567f70bc8328afdc679f71ba7f6d

Headers

File Characteristics

PDB Paths

Imports

wininet

user32

comctl32

kernel32

shell32

comdlg32

advapi32

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 252KB - Virtual size: 250KB

.data Size: 112KB - Virtual size: 115KB

.rsrc Size: 40KB - Virtual size: 38KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 252KB - Virtual size: 250KB

.data
Size: 112KB - Virtual size: 115KB

.rsrc
Size: 40KB - Virtual size: 38KB