afb0cd86fcbf57896011738cda525bc4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

afb0cd86fcbf57896011738cda525bc4_JaffaCakes118
Size

7.7MB
MD5

afb0cd86fcbf57896011738cda525bc4
SHA1

6044ffda500839002e612781bc322bc1d5ca528a
SHA256

f6cb3affdf48a4df85ed4dd8eef1a0c8dbe605dadc656d2e8cdf47534b8de3d8
SHA512

b1dad5b96440914ae1ed18d7d3d8e2da4f94127b140cec1b10274d4d646be4e0a4459f695f65baf3387272e0edd7c281f1b405bda0d29f69d7173fb95381867c
SSDEEP

196608:7iYbLp8CnMZdEoN+I9bPkuLljXu/z/aEltJx4X8dpjmC1:WiyxZR9bptu/z5ltJKsdIm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afb0cd86fcbf57896011738cda525bc4_JaffaCakes118

Files

afb0cd86fcbf57896011738cda525bc4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ade031786e3a27a85ee106cc382dd179

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
IsProcessorFeaturePresent
CloseHandle
GetEnvironmentVariableW
LoadResource
WritePrivateProfileSectionA
MoveFileExA
InitializeCriticalSection
SystemTimeToFileTime
MoveFileW
AreFileApisANSI
GetSystemTimeAdjustment
GetCommModemStatus
GetTempFileNameA
GlobalAddAtomW
GetCPInfo
GetProfileIntA
SetEnvironmentVariableA
SetProcessWorkingSetSize
GetDriveTypeW
IsBadReadPtr
EndUpdateResourceA
GetFileAttributesExA
GetCurrentProcessId
LoadLibraryExW
GetFullPathNameA
FreeEnvironmentStringsA
DosDateTimeToFileTime
GetCommConfig
GlobalReAlloc
GetCommState
SetErrorMode
lstrcatW
GetTimeZoneInformation
EnumResourceNamesA
GetSystemDirectoryW
GetSystemTime
SetLastError
FileTimeToLocalFileTime
CopyFileExW
CreateDirectoryExA
GetCurrentDirectoryW
GetSystemTimeAsFileTime
GetFileAttributesA
DebugBreak
IsDBCSLeadByteEx
IsValidLocale
UnmapViewOfFile
GetThreadContext
GetLargestConsoleWindowSize
ReleaseMutex
GlobalFlags
FlushConsoleInputBuffer
LocalAlloc
SetSystemTime
FormatMessageA
WaitNamedPipeA
QueryDosDeviceA
ClearCommBreak
GetLogicalDriveStringsA
GetOEMCP
WriteFile
SetThreadAffinityMask
LocalReAlloc
GetStringTypeExW
SetConsoleTitleA
FormatMessageW
GetPrivateProfileSectionW
GetComputerNameW
SetNamedPipeHandleState
SetThreadPriorityBoost
lstrcpyA
GetVolumeInformationW
GetThreadPriority
GetConsoleCursorInfo
CreateIoCompletionPort
QueryDosDeviceW
GetACP
SetCurrentDirectoryA
WriteConsoleOutputW
PeekNamedPipe
VirtualAllocEx
GetDiskFreeSpaceW
SetCommTimeouts
CompareStringA
LCMapStringA
WritePrivateProfileSectionW
CreateMutexW
GetFileType
FindNextChangeNotification
GetTempPathW
EnumResourceNamesW
ExitProcess

user32

GetWindowWord
CreateMenu
SetMenu
WaitForInputIdle
SetWindowContextHelpId
GetMonitorInfoW
GetKeyboardState
IsClipboardFormatAvailable
DestroyCursor
LockWindowUpdate
InsertMenuItemA
ScrollWindowEx
RegisterClassExA
AppendMenuW
GetPropA
GetMenuItemID
ChildWindowFromPointEx
GetDC
GetDlgCtrlID
RegisterClassA
CharUpperA
DrawTextA
GetDlgItemInt
RegisterWindowMessageW
MessageBeep
FindWindowA
GetClipboardData
DrawTextExA
NotifyWinEvent
PostThreadMessageW
LoadMenuA
DrawFrameControl
GetProcessDefaultLayout
LoadImageA

gdi32

DeleteMetaFile
GetCharWidthA
CopyEnhMetaFileA
EnumFontsA
SetAbortProc
CreateRectRgnIndirect
CopyMetaFileW
SetTextCharacterExtra
GetGlyphOutlineA
CreateFontIndirectW
SetMetaFileBitsEx
Pie
PolyBezierTo
SetTextJustification
GetDCOrgEx
GetTextMetricsA
PolyDraw
SetColorAdjustment
LPtoDP
AddFontResourceA

comdlg32

GetSaveFileNameW

advapi32

RegEnumKeyExA
FreeSid
DeleteAce
CryptGetKeyParam
RegCreateKeyExA
IsValidSecurityDescriptor
RegSetValueW
MakeAbsoluteSD
AccessCheckAndAuditAlarmA
CryptGetHashParam
CreateProcessAsUserA
LockServiceDatabase
SetPrivateObjectSecurity
SetTokenInformation
DuplicateTokenEx
CloseServiceHandle

shell32

SHAddToRecentDocs
Shell_NotifyIconA
FindExecutableA
SHGetSpecialFolderPathA

ole32

ProgIDFromCLSID
CoMarshalInterface
GetClassFile
CoRegisterClassObject
CoCreateInstanceEx
CreateStreamOnHGlobal
CoMarshalInterThreadInterfaceInStream
IIDFromString
CoImpersonateClient

oleaut32

VariantChangeType
SysFreeString
SafeArrayRedim
SafeArrayUnaccessData

shlwapi

PathIsSameRootW
UrlCanonicalizeW
PathIsRootA
PathRemoveFileSpecA
PathFindFileNameA
PathGetCharTypeA
PathCompactPathW
SHRegQueryUSValueW
SHSetValueA
SHSetThreadRef
PathQuoteSpacesW
StrStrW
SHAutoComplete
PathIsFileSpecW
SHCopyKeyW
PathAddBackslashW
StrTrimW
PathIsDirectoryW

Sections

.text
Size: 4KB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ade031786e3a27a85ee106cc382dd179

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 4KB - Virtual size: 7.3MB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 7.3MB - Virtual size: 7.3MB

.rsrc Size: 68KB - Virtual size: 66KB

.text
Size: 4KB - Virtual size: 7.3MB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 7.3MB - Virtual size: 7.3MB

.rsrc
Size: 68KB - Virtual size: 66KB