b95d7e560915ba1f899a811c9a08ad06_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b95d7e560915ba1f899a811c9a08ad06_JaffaCakes118
Size

546KB
MD5

b95d7e560915ba1f899a811c9a08ad06
SHA1

1e8211ecbb256ccc3e05ea3e671f6a1b95a787b4
SHA256

464c129232aa987141d3ddfbf99128eaf9842a7993615e01bbcd2ab4c1cde2e2
SHA512

dab6f7e75be10686d0078a3803c63e8368eca7ba702da0c3e6362e966f14bcf5c0a2946558f3a542eb1d6d66c65896156c3e7fce813a2455bc20eeb3c6370403
SSDEEP

12288:SEPLty9IQ/ByTRbWUG5/dsh2d+mo85z8fWFeFmk5Z0QdBo38O:BBy9IQ/ByToUG7shQ+YGoGZLf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b95d7e560915ba1f899a811c9a08ad06_JaffaCakes118

Files

b95d7e560915ba1f899a811c9a08ad06_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16652ab52518cf3a8652278c6cd48cb2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sdnebn\ftlbomzleb\waq

Imports

kernel32

SetEnvironmentVariableA
FreeEnvironmentStringsW
LoadLibraryA
GetModuleFileNameA
HeapAlloc
FlushFileBuffers
VirtualAlloc
VirtualQuery
LCMapStringW
TlsGetValue
LCMapStringA
GetStartupInfoA
GetLocaleInfoA
CloseHandle
InitializeCriticalSection
OpenMutexA
QueryPerformanceCounter
GetCurrentThreadId
GetModuleFileNameW
UnhandledExceptionFilter
IsBadWritePtr
GetCurrentProcessId
SetLastError
GetCommandLineW
WideCharToMultiByte
ReadFile
CreateEventW
WriteFile
IsValidCodePage
GetLastError
GetStartupInfoW
GetEnvironmentStrings
GetDateFormatA
VirtualFree
SetFilePointer
EnumSystemLocalesA
GetProcessHeaps
HeapDestroy
GetVersionExA
EnterCriticalSection
InterlockedExchange
GetStringTypeA
GetSystemTimeAsFileTime
IsValidLocale
DeleteCriticalSection
GetUserDefaultLCID
HeapCreate
TlsSetValue
GetCommandLineA
HeapFree
TerminateProcess
HeapSize
GetFileType
GetCurrentThread
GetModuleHandleA
SetStdHandle
GetACP
GetEnvironmentStringsW
GetCPInfo
GetSystemInfo
GetTimeFormatA
SetHandleCount
GetTimeZoneInformation
VirtualProtect
CreateSemaphoreW
CompareStringA
GetSystemDirectoryA
HeapReAlloc
ReleaseMutex
FreeEnvironmentStringsA
GetCurrentProcess
TlsAlloc
CompareStringW
SetConsoleTitleA
GetLocaleInfoW
MultiByteToWideChar
CreateMutexA
GetOEMCP
PulseEvent
GetStringTypeW
LeaveCriticalSection
GetStdHandle
GetProcAddress
GetTickCount
RtlUnwind
TlsFree
ExitProcess

comctl32

ImageList_LoadImageA
DrawStatusTextW
CreateUpDownControl
ImageList_EndDrag
ImageList_Remove
ImageList_DragEnter
ImageList_SetFilter
CreatePropertySheetPage
ImageList_DragLeave
ImageList_Draw
CreateStatusWindowW
GetEffectiveClientRect
InitCommonControlsEx

user32

DdeQueryStringW
ReuseDDElParam
GetInputDesktop
DestroyWindow
GetNextDlgTabItem
DialogBoxIndirectParamA
OpenDesktopA
DrawEdge
InvertRect
SendInput
ShowWindow
EmptyClipboard
SetWindowPlacement
RegisterClipboardFormatA
GetComboBoxInfo
SetWindowLongW
CallMsgFilterW
DefMDIChildProcW
DrawAnimatedRects
SetScrollInfo
SetClipboardData
WaitMessage
CopyIcon
ScrollWindowEx
DefWindowProcA
SetScrollPos
CreateWindowExA
InvalidateRgn
EndDeferWindowPos
GetMenuItemRect
ClipCursor
SetRectEmpty
DefDlgProcW
DdePostAdvise
WINNLSGetIMEHotkey
GetScrollBarInfo
EndMenu
RegisterClassExA
GetSystemMetrics
LoadImageA
MessageBoxA
EnumWindows
CreateIconFromResource
GetDlgItemTextA
CreateAcceleratorTableW
RegisterClassA
SetDebugErrorLevel
IsDlgButtonChecked
UnhookWindowsHookEx
FindWindowA
SetCursorPos
GetCursorPos
SetMenuItemInfoW
CheckMenuItem
SendMessageTimeoutW
GetWindowInfo
DdeCmpStringHandles
GetProcessDefaultLayout
InflateRect
SetWindowContextHelpId
SetClassLongW
ModifyMenuA
GetPriorityClipboardFormat
MapVirtualKeyA
BroadcastSystemMessageA

wininet

RetrieveUrlCacheEntryFileA
InternetSetDialStateA
InternetConfirmZoneCrossingA
FtpGetCurrentDirectoryA
GopherOpenFileA
FtpGetFileA
InternetDialA

shell32

DragQueryFileA
SHLoadInProc

comdlg32

LoadAlterBitmap
ChooseColorA
GetFileTitleW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16652ab52518cf3a8652278c6cd48cb2

Headers

File Characteristics

PDB Paths

Imports

kernel32

comctl32

user32

wininet

shell32

comdlg32

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 261KB - Virtual size: 260KB

.data Size: 110KB - Virtual size: 126KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 261KB - Virtual size: 260KB

.data
Size: 110KB - Virtual size: 126KB

.rsrc
Size: 11KB - Virtual size: 11KB