b73434e539a0dbf64148920548dcd015_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b73434e539a0dbf64148920548dcd015_JaffaCakes118
Size

316KB
MD5

b73434e539a0dbf64148920548dcd015
SHA1

fc44cd20cf8c6880c51c2f3795d7036205530469
SHA256

06b32b090f9322723e74c3f8879631d5429088f60314092f2fb6f3bb85b7621e
SHA512

6f9383207744110d26c9a5bb59b3ca1a63380396cdcc91c4d838585e48d3b05319da0c9615e6d23d193cd6d6a582c2436e9356639f7e1bfc0f33f702930a8849
SSDEEP

6144:ar3qUuACN0uFw9D10xew0gM4wR95LuG8Pg4uyG6gOp4QowbmQm4DEX0A:aL7cuuS9D1fFQGDBhimIDEZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b73434e539a0dbf64148920548dcd015_JaffaCakes118

Files

b73434e539a0dbf64148920548dcd015_JaffaCakes118
.exe windows:4 windows x86 arch:x86

07159226fd83392fc524d77c7dffcd93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGenRandom
GetAce
RegQueryValueExW
CryptHashData
BuildExplicitAccessWithNameW
CopySid
SetNamedSecurityInfoW
GetUserNameW
RegCreateKeyW
CryptCreateHash
OpenThreadToken
GetSecurityDescriptorControl
ReportEventA
RegCloseKey
RegEnumKeyExW
GetUserNameA
QueryServiceConfigW

kernel32

SetEnvironmentVariableW
CreateFileA
DuplicateHandle
GetSystemInfo
IsBadReadPtr
VerSetConditionMask
GetCommandLineA
SearchPathA
ReleaseSemaphore
OpenFile
GetComputerNameA
EnumCalendarInfoA
GetCurrentProcess
GetOverlappedResult
TlsSetValue
ReadFile
CompareFileTime
GlobalFree
GetVersionExA
RemoveDirectoryW
WaitForMultipleObjectsEx
Beep
SetEvent
CreateDirectoryA
SetThreadLocale
FindResourceW
FindNextChangeNotification
GetLocaleInfoA
LeaveCriticalSection
CopyFileA
InterlockedCompareExchange
IsDebuggerPresent
IsValidLocale
SetWaitableTimer
QueryDosDeviceA
CopyFileW
_lopen
ResumeThread
FileTimeToDosDateTime
WritePrivateProfileStringA
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
GlobalSize
GetLogicalDriveStringsA
lstrcmpiW
CreateDirectoryW
SetFilePointerEx
CreateEventA
UnlockFile
CreateFileW
GlobalFlags
GetTimeFormatA
_llseek
SetErrorMode
WaitForMultipleObjects
GetACP
ExpandEnvironmentStringsW
HeapAlloc
FormatMessageW
SetConsoleCtrlHandler
GetCurrentDirectoryA
SetCurrentDirectoryW
GlobalDeleteAtom
GetDiskFreeSpaceA
FindNextFileA
CreateToolhelp32Snapshot
GlobalReAlloc
TlsGetValue
GetNumberFormatW
GetPrivateProfileIntA
HeapFree
GetSystemPowerStatus
SetStdHandle
DeleteTimerQueueEx
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
Process32NextW
MoveFileExA
GetTempFileNameA
GetConsoleMode
GetStdHandle
InterlockedDecrement
FindFirstFileA
GetUserGeoID
CreateIoCompletionPort
LocalLock
CreateTimerQueueTimer
GetProcessTimes
lstrlenA
VirtualQueryEx
DeleteFileW
GetQueuedCompletionStatus
GetEnvironmentStrings
OpenProcess
OpenEventW
GetVolumeInformationW
GetTempPathA
VirtualAlloc
GlobalFindAtomA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
GetOEMCP
GetCPInfo
EnterCriticalSection
InitializeCriticalSection
InterlockedIncrement
WriteFile
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetLastError
SetLastError
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
GetProcAddress
ExitProcess
GetVersion
GetStartupInfoA
GetModuleHandleA

oleaut32

SysStringLen

shell32

ShellExecuteExA
Shell_NotifyIconA

comctl32

ImageList_DragMove
ImageList_EndDrag

ole32

CoUninitialize
RegisterDragDrop
IIDFromString
CoMarshalInterface
CreateOleAdviseHolder
WriteClassStm

gdi32

MoveToEx
GetPixel
GetWindowExtEx
MaskBlt
CreateICW
GetBitmapBits
SaveDC
EndPath
EnumFontFamiliesExW
AddFontResourceExW
GetTextExtentExPointW
RoundRect
GetStockObject
GetWinMetaFileBits
Polygon
GetMetaFileBitsEx
SetDIBits
CreateFontIndirectW
CreateICA
EndDoc
RestoreDC
CopyEnhMetaFileA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW

comdlg32

GetOpenFileNameA

user32

LoadKeyboardLayoutA
GetClassNameA
GetMessageA
EnableScrollBar
CharNextA
SetActiveWindow
SetWindowsHookExA
GetCursor
GetMenuStringW
GetUpdateRgn
ReleaseCapture
CreateAcceleratorTableW
RegisterClassA
ScrollWindowEx
OpenClipboard
ClipCursor
SetTimer
GetMenuItemInfoW
VkKeyScanW
LoadStringA
MapVirtualKeyW
GetKeyState
MoveWindow
GetKeyboardLayout
MapVirtualKeyA
IsWindow
SetForegroundWindow

shlwapi

PathIsUNCA
PathCanonicalizeW
PathFileExistsW

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07159226fd83392fc524d77c7dffcd93

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

shell32

comctl32

ole32

gdi32

version

comdlg32

user32

shlwapi

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 20KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 20KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 2KB