b1870c91a214074bf1e3b2f01c7c10cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1870c91a214074bf1e3b2f01c7c10cf_JaffaCakes118
Size

167KB
MD5

b1870c91a214074bf1e3b2f01c7c10cf
SHA1

fb9fbe3413935efda41076c44ce1e529c17ea0f6
SHA256

03a8a8d8bc1736bfb23583017b2dfeeef7fbd6e9ad28e27f5f2fa7ff86a532a0
SHA512

0f4e050c2b38f8d0a561d2d0f026bd0f7ba13a316940f8459946e213b9a4f45bc9c8302eda575918c8af85b84bb9fe2d0218e9cfeb85d3f86380d680f73219a4
SSDEEP

3072:wTnCw9hPcodlJXKoHudbYY1VxaQhXKsGY/4nOyHlZDdITNoIwWKbQgfa:YnZ92ErZudcY1vXKsGTRHjxIjO2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1870c91a214074bf1e3b2f01c7c10cf_JaffaCakes118

Files

b1870c91a214074bf1e3b2f01c7c10cf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f257f1afe2c8d9433e23dcccae2129d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromString
CoGetCallContext
CoUninitialize
CoQueryProxyBlanket
CoImpersonateClient
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoInitializeSecurity
CoGetClassObject
CoCreateGuid
CoInitializeEx
StringFromIID
CoDisconnectObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoSetProxyBlanket
StringFromCLSID
CoRevertToSelf
CoRevokeClassObject

oleacc

LresultFromObject
AccessibleObjectFromWindow

user32

IsWindowVisible
DispatchMessageA
MessageBoxA
GetWindowTextA
PeekMessageA
wsprintfW
CharNextA
PostThreadMessageA
EnumWindows
LoadStringA
SetTimer
KillTimer
CharUpperA
GetMessageA
GetWindowThreadProcessId
wsprintfA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

CreateEventA
LCMapStringW
QueryPerformanceCounter
DeleteCriticalSection
IsBadCodePtr
lstrcpyA
CreateFileA
SetLastError
HeapFree
IsBadReadPtr
GetThreadLocale
GetModuleFileNameW
FreeLibrary
LoadLibraryExA
LeaveCriticalSection
HeapReAlloc
GetCurrentProcess
InterlockedIncrement
LoadResource
GetVersion
WritePrivateProfileStringA
GetEnvironmentStringsW
LoadLibraryA
CreateProcessA
HeapAlloc
LoadLibraryW
FindResourceA
GetProcAddress
GetSystemInfo
HeapDestroy
CompareStringA
SetUnhandledExceptionFilter
GetACP
GetStringTypeA
InterlockedDecrement
HeapCreate
SetEvent
GetProfileStringA
lstrlenW
GetCPInfo
GetStringTypeW
GetSystemTimeAsFileTime
CreateFileMappingA
SetEnvironmentVariableA
GetPrivateProfileStringA
ReleaseMutex
WideCharToMultiByte
LocalSize
CreateDirectoryA
OpenProcess
VirtualQuery
FindClose
VirtualProtect
IsBadWritePtr
GetCommandLineA
FindFirstFileA
TlsGetValue
TerminateThread
WriteProfileStringA
GetProcessTimes
LockResource
GetModuleFileNameA
GetLastError
GetLocaleInfoA
FormatMessageA
UnhandledExceptionFilter
GetVersionExA
SetErrorMode
CreateMutexA
GetPrivateProfileSectionA
EnumSystemLanguageGroupsW
GetComputerNameA
GetStdHandle
lstrcatA
lstrlenA
Sleep
GetPrivateProfileSectionNamesA
FindResourceExA
MultiByteToWideChar
SetStdHandle
GetOEMCP
VirtualFree
SetEndOfFile
RaiseException
WaitForSingleObject
ReadFile
RtlUnwind
GetCurrentProcessId
GetSystemDirectoryA
VirtualAlloc
CreateProcessW
GetPrivateProfileIntA
SetHandleCount
WriteFile
InitializeCriticalSection
GetFileAttributesA
GetEnvironmentStrings
FreeEnvironmentStringsA
CompareStringW
UnmapViewOfFile
GetModuleHandleA
SetFilePointer
HeapSize
ResetWriteWatch
LocalFree
GetProcessHeap
lstrcpynA
MapViewOfFile
GetTickCount
IsDBCSLeadByte
SizeofResource
InterlockedCompareExchange
TlsAlloc
CreateThread
FlushFileBuffers
CloseHandle
lstrcmpiA
LCMapStringA
GetModuleHandleW
DuplicateHandle
TlsSetValue
GetCurrentThread
GetCurrentThreadId
TerminateProcess
ReadProcessMemory
GetFileType
EnterCriticalSection
GetStartupInfoA
GetExitCodeProcess
TlsFree
FreeEnvironmentStringsW
InterlockedExchange
ExitProcess
LocalAlloc
HeapFree

rpcrt4

RpcStringBindingComposeA
NdrClientCall
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
RpcStringFreeA

advapi32

SetThreadToken
GetTokenInformation
RegQueryValueExA
RegQueryValueExW
DeregisterEventSource
DeleteService
RegEnumKeyExA
ChangeServiceConfigA
RegisterServiceCtrlHandlerA
OpenProcessToken
CloseServiceHandle
StartServiceCtrlDispatcherA
CreateServiceA
OpenThreadToken
RegCloseKey
RegQueryInfoKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
SetServiceStatus
RegisterEventSourceA
OpenServiceA
RegEnumKeyA
RegEnumValueA
RegDeleteKeyA
AdjustTokenPrivileges
ReportEventA
ControlService
LookupPrivilegeValueA
RegDeleteValueA
OpenSCManagerA
RegCreateKeyA

shlwapi

PathFindExtensionA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f257f1afe2c8d9433e23dcccae2129d5

Headers

File Characteristics

Imports

ole32

oleacc

user32

version

kernel32

rpcrt4

advapi32

shlwapi

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 6KB - Virtual size: 405KB

.data Size: 99KB - Virtual size: 99KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 6KB - Virtual size: 405KB

.data
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 512B - Virtual size: 4KB