b214149d9231a7acb19f18e8f2d50660_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b214149d9231a7acb19f18e8f2d50660_JaffaCakes118
Size

248KB
MD5

b214149d9231a7acb19f18e8f2d50660
SHA1

ef71d48b4cc805590e561980cd3fee2b9b5350e8
SHA256

483ab5ba8fca15484be14041065e8307631b3bd100dac92530fd77f5728616fb
SHA512

85a6dce0dc3dcb20fea76eab1b23758a4611408ab4061670a546c978ef0c5954fc8c215a1d431306ea11c5f1983e4cdc47b6f3e24327bec18323251390800ead
SSDEEP

3072:o6ikrzkTAWImZwdTFf1sJGoDf9woSMmAdiAQkwdTg0gQ:ofZkbBzgr3SMmwZQFB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b214149d9231a7acb19f18e8f2d50660_JaffaCakes118

Files

b214149d9231a7acb19f18e8f2d50660_JaffaCakes118
.exe windows:4 windows x86 arch:x86

73a4a79e9d711c2519f8b94dd592967b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

mfc42u

ord5286
ord3397
ord4418
ord3634
ord567
ord692
ord2294
ord4270
ord956
ord3798
ord3614
ord3716
ord809
ord795
ord2606
ord556
ord3621
ord3658
ord2406
ord5871
ord1088
ord2114
ord1634
ord2855
ord6195
ord3871
ord3792
ord6354
ord858
ord535
ord6193
ord2854
ord6871
ord2859
ord942
ord5568
ord2910
ord927
ord2810
ord6451
ord823
ord537
ord538
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord4395
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord561
ord6865
ord6920
ord6867
ord922
ord925
ord2613
ord1131
ord1196
ord1244
ord4272
ord4124
ord5679
ord5706
ord818
ord663
ord6279
ord6278
ord2755
ord6330
ord2634
ord940
ord3566
ord1143
ord1165
ord348
ord2127
ord1172
ord4219
ord4155
ord2858
ord6211
ord2371
ord1569
ord470
ord4294
ord2078
ord2680
ord3806
ord2637
ord536
ord1941
ord4029
ord1768
ord6051
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord3087
ord4229
ord2362
ord825
ord324
ord540
ord861
ord641
ord800
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord1089
ord755

msvcrt

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
swscanf
_beginthreadex
__p__wpgmptr
_wcsicmp
_wcsnicmp
wcscmp
vswprintf
swprintf
fwrite
fflush
wcscpy
_wfopen
fseek
fclose
wcsstr
wcslen
wcscat
__CxxFrameHandler
ftell

kernel32

ReadProcessMemory
CloseHandle
GetModuleHandleW
Sleep
GetLocalTime
WideCharToMultiByte
GetModuleFileNameW
InitializeCriticalSection
EnterCriticalSection
GetPrivateProfileIntW
GetLastError
FormatMessageW
LocalFree
LeaveCriticalSection
DeleteCriticalSection
lstrcatW
lstrcpyW
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
GetVersion
GetCommandLineA
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryExW
SetErrorMode
ExitProcess
GetModuleFileNameA
CreateProcessW
MoveFileExW
DeleteFileW
CopyFileW
GetCommandLineW
GetPrivateProfileSectionW
GetPrivateProfileStringW
TerminateThread
WaitForSingleObject
SetEvent
ResetEvent
GetStartupInfoW
GetCurrentProcess
OpenProcess
lstrcpynW
TerminateProcess
GetShortPathNameW

user32

GetWindowRect
GetParent
LoadCursorW
RedrawWindow
GetCursorPos
KillTimer
FindWindowExW
FindWindowW
SetCursorPos
GetWindowThreadProcessId
EnumWindows
MessageBoxA
GetActiveWindow
SetForegroundWindow
IntersectRect
GetWindow
LoadIconW
GetSystemMetrics
LoadBitmapW
AppendMenuW
GetSystemMenu
DrawIcon
IsIconic
PostMessageW
GetDC
ReleaseDC
InflateRect
InvalidateRect
IsWindow
SetWindowTextW
EnableWindow
SendMessageW
PtInRect
SetWindowLongW
GetClientRect
SetTimer
SetCursor
DestroyCursor
CopyIcon

gdi32

GetTextExtentPoint32W
GetObjectW
CreateFontIndirectW
GetStockObject

advapi32

LookupPrivilegeValueW
RegQueryValueExW
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueW

shell32

CommandLineToArgvW
ShellExecuteW

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73a4a79e9d711c2519f8b94dd592967b

Headers

File Characteristics

Imports

shlwapi

psapi

version

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 164KB - Virtual size: 162KB

.text Size: 12KB - Virtual size: 9KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 164KB - Virtual size: 162KB

.text
Size: 12KB - Virtual size: 9KB