af805a58ec7d3e100af58694c555afd5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af805a58ec7d3e100af58694c555afd5_JaffaCakes118
Size

220KB
MD5

af805a58ec7d3e100af58694c555afd5
SHA1

25815613cfc49b4deb3b1b9e8dd85bad55d87d74
SHA256

0765013f0fde32756f35001e42ef0f6b646124ff37bb69e3277762f641d7dbc6
SHA512

610d81ae0ccaaebbaddeff446397b07e19d1a24dfc32c21341f28cc10977ce09c8f75102bedd6421741793fa4809186fd45b271b5a7bf50dfcba201d273e1d56
SSDEEP

6144:XNd6GxG+J3hrvpwqL4zbA3ULhUCFJrsqO9vlIxWU:ddE+Jlvpwq43FJrsqY9U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af805a58ec7d3e100af58694c555afd5_JaffaCakes118

Files

af805a58ec7d3e100af58694c555afd5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5026bb7c5ac1206b1e586555cf9e1b34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
TlsAlloc
GetCurrentProcess
SetLastError
AddAtomW
GetTimeFormatA
GetModuleHandleW
OpenWaitableTimerW
GetLocaleInfoA
GetModuleFileNameA
lstrcpyW
GetACP
CreateEventA
GetTempPathA
lstrcmpi
GetShortPathNameW
OpenSemaphoreA
GetCalendarInfoA
LoadLibraryA
IsBadStringPtrW
GetStartupInfoW
QueryPerformanceCounter
OpenEventW
GetExpandedNameA
QueryPerformanceFrequency

user32

GetDlgItemTextW
GetDC
DialogBoxParamW
RegisterWindowMessageA
SetDlgItemTextW
GetClassNameA
SendDlgItemMessageW
GetForegroundWindow
mouse_event
GetScrollPos
CheckRadioButton
SetWindowTextA
CreateDialogIndirectParamW
LoadMenuA
LoadIconW
GetCaretPos
GetAsyncKeyState
SetWindowTextW

gdi32

EnumICMProfilesA
GetTextFaceW
GetCharABCWidthsW
GetRegionData
RoundRect
GetBoundsRect
ResetDCW

advapi32

RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyW
RegRestoreKeyW
RegOpenKeyW
RegOpenKeyExA
RegCloseKey
RegSaveKeyW
RegReplaceKeyA
RegDeleteValueW
RegRestoreKeyA

shell32

StrCmpNA
StrRStrA
StrCmpNW
SHBrowseForFolder
StrRStrIA
StrChrW
ShellExecuteEx
StrChrIW
StrStrA
SHGetDataFromIDListA
Shell_NotifyIconA
SHGetFileInfoA
StrNCmpA

shlwapi

StrCmpLogicalW
StrToIntExA
UrlCanonicalizeA
SHEnumKeyExW
PathIsContentTypeW
SHQueryValueExW
StrIsIntlEqualA
UrlEscapeW

comctl32

FlatSB_SetScrollProp
ImageList_Remove
ImageList_Read
GetMUILanguage
CreateStatusWindowA
FlatSB_SetScrollInfo
InitCommonControls
DrawStatusText
ImageList_GetIcon
ImageList_BeginDrag

ole32

CoDosDateTimeToFileTime
CoGetClassObject

oledlg

OleUIChangeIconW
OleUIBusyW
OleUIUpdateLinksW
OleUIConvertW
OleUIPromptUserW

sqlunirl

_PostThreadMessage_@16
_GetPrivateProfileString_@24
_NDdeIsValidShareName_@4
_ChangeDisplaySettings_@8
_GetCharABCWidthsFloat_@16
_RegisterClassEx_@4
_GetKerningPairs_@12

wsock32

getpeername
WSACancelBlockingCall
getservbyport
WSAAsyncGetHostByName
getprotobynumber
WSARecvEx
WSAAsyncGetServByName
socket
rresvport
gethostname

crypt32

CryptSignMessageWithKey
CryptEncryptMessage
CertComparePublicKeyInfo
CryptAcquireContextU
I_CertUpdateStore
CertFreeCertificateChain
CertCreateCTLContext
CryptVerifyMessageSignature
CryptSignAndEncodeCertificate
I_CryptAllocTls
CryptDecodeObjectEx
CertGetIntendedKeyUsage
CryptEnumKeyIdentifierProperties
CryptMsgClose
CryptGetOIDFunctionValue
I_CryptFindSmartCardCertInStore

Sections

.cuwXCm
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TMcCoG
Size: 4KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.k
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uogAfG
Size: 4KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.MycKBu
Size: 512B - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NJY
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fMwity
Size: 5KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sv
Size: 1024B - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LrRe
Size: 3KB - Virtual size: 497KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PA
Size: 512B - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5026bb7c5ac1206b1e586555cf9e1b34

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

ole32

oledlg

sqlunirl

wsock32

crypt32

Sections

.cuwXCm Size: 8KB - Virtual size: 8KB

.TMcCoG Size: 4KB - Virtual size: 202KB

.k Size: 8KB - Virtual size: 8KB

.uogAfG Size: 4KB - Virtual size: 449KB

.MycKBu Size: 512B - Virtual size: 498KB

.NJY Size: 4KB - Virtual size: 36KB

.fMwity Size: 5KB - Virtual size: 197KB

.sv Size: 1024B - Virtual size: 351KB

.LrRe Size: 3KB - Virtual size: 497KB

.data Size: 94KB - Virtual size: 173KB

.PA Size: 512B - Virtual size: 246KB

.rsrc Size: 84KB - Virtual size: 83KB

.reloc Size: 1024B - Virtual size: 646B

.cuwXCm
Size: 8KB - Virtual size: 8KB

.TMcCoG
Size: 4KB - Virtual size: 202KB

.k
Size: 8KB - Virtual size: 8KB

.uogAfG
Size: 4KB - Virtual size: 449KB

.MycKBu
Size: 512B - Virtual size: 498KB

.NJY
Size: 4KB - Virtual size: 36KB

.fMwity
Size: 5KB - Virtual size: 197KB

.sv
Size: 1024B - Virtual size: 351KB

.LrRe
Size: 3KB - Virtual size: 497KB

.data
Size: 94KB - Virtual size: 173KB

.PA
Size: 512B - Virtual size: 246KB

.rsrc
Size: 84KB - Virtual size: 83KB

.reloc
Size: 1024B - Virtual size: 646B