b61c58c900ead2a54d5cc802d43518e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b61c58c900ead2a54d5cc802d43518e5_JaffaCakes118
Size

200KB
MD5

b61c58c900ead2a54d5cc802d43518e5
SHA1

85c4f85c5288c71e1f114fc090e7ff96662c1518
SHA256

f703e2e3bc6258e12e0703d896f5efe2076a427a210da4b7ffffd0be53b2e18d
SHA512

0e91bec973bbc45f1c6c3c51894c524f1817cd2dd2f446d431e8ff288b4d6c5308931af76ffd9c88b3a9f2469914269aac1e5f33780150f0683c6fdd5fc93747
SSDEEP

6144:sN6VCOrGZcdwso8jst7DAzaofBEwrStGAX:jkyGZcFo8jy7QaQ75AX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b61c58c900ead2a54d5cc802d43518e5_JaffaCakes118

Files

b61c58c900ead2a54d5cc802d43518e5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5718ebe556a484c5ce9e10711f1a361c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
LocalAlloc
GetCurrentThread
GetUserDefaultLangID
FindFirstFileW
GetFullPathNameW
GetTempFileNameW
GetModuleFileNameW
GetCurrentDirectoryW
WideCharToMultiByte
GetWindowsDirectoryW
GetModuleHandleA
FormatMessageW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetStdHandle
MoveFileExW
GetCurrentProcess
SetFileAttributesW
RemoveDirectoryW
CopyFileW
MoveFileW
Sleep
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
ReadFile
SetFilePointer
FlushFileBuffers
WriteFile
CreateFileW
FindClose
GetVersionExA
SetThreadLocale
GetLastError
GetCurrentProcessId
GetCommandLineW
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemDirectoryW
GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
InterlockedExchange
GetLocaleInfoA
GetACP
DeleteFileW
SetEndOfFile
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetSystemTimeAsFileTime
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
SetUnhandledExceptionFilter
ExitProcess
GetFileType
SetStdHandle
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
SetHandleCount
GetStartupInfoA
GetOEMCP
GetCPInfo
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
MultiByteToWideChar

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegEnumValueW
RegEnumKeyExW
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid
RevertToSelf
OpenProcessToken
RegOpenKeyExW
RegCloseKey

user32

SendMessageW
GetWindowTextW
GetWindowThreadProcessId
GetClassNameW
EnumWindows

setupapi

CM_Locate_DevNodeW
CM_Reenumerate_DevNode
CMP_WaitNoPendingInstallEvents
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
CM_Get_DevNode_Status
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetDeviceRegistryPropertyW
SetupCloseFileQueue
SetupInitDefaultQueueCallbackEx
SetupCommitFileQueueW
SetupTermDefaultQueueCallback
SetupGetFileCompressionInfoW
SetupDecompressOrCopyFileW
SetupCopyOEMInfW
SetupDefaultQueueCallbackW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupScanFileQueueW
SetupDiDestroyDeviceInfoList
SetupIterateCabinetW
SetupGetFieldCount
SetupFindNextMatchLineW
SetupGetStringFieldW
SetupGetLineTextW
SetupOpenInfFileW
SetupCloseInfFile
SetupGetBinaryField
SetupGetIntField
SetupGetLineByIndexW
SetupFindFirstLineW
SetupGetLineCountW
SetupGetTargetPathW
SetupGetSourceFileLocationW
CM_Get_DevNode_Registry_PropertyW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

WinVerifyTrust

ole32

CoUninitialize
CoCreateInstance
CoInitialize

shell32

SHCreateDirectoryExW

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5718ebe556a484c5ce9e10711f1a361c

Headers

File Characteristics

Imports

kernel32

advapi32

user32

setupapi

version

wintrust

ole32

shell32

Sections

.text Size: 88KB - Virtual size: 86KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 88KB - Virtual size: 86KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 76KB - Virtual size: 76KB