b8f4ac521d98ae8cca727cb6aef4d6bf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b8f4ac521d98ae8cca727cb6aef4d6bf_JaffaCakes118
Size

29KB
MD5

b8f4ac521d98ae8cca727cb6aef4d6bf
SHA1

cb70ed289a79a0d7f24410176c17e4570fc3e545
SHA256

c6528a80d33935889303e4ccdd283f4881079da9b065792fae355c72b5072230
SHA512

30dde87e88a89ecb739afa49393fa785c37292042f37a9e7692dfada98fe9a3c61f3519ac914349d760030cae694e97ba9db855bc5273e25dc770819c8f97768
SSDEEP

384:HPmTeb4jYTkPwIuJ6MdXJy8b3sYOXJ5dOMYuBGxOwuIwzgb2el0wYcwWIv9SeCBi:HeluoUZx3sYWp+RwwIgbUwYcwS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8f4ac521d98ae8cca727cb6aef4d6bf_JaffaCakes118

Files

b8f4ac521d98ae8cca727cb6aef4d6bf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

443f855c79392034952ebd6480afb447

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextW
GetDesktopWindow
CharPrevW
GetDlgItem
SendDlgItemMessageW
SetDlgItemTextW
DialogBoxParamW
CreateDialogParamW
OemToCharA
DispatchMessageW
SetWindowTextW
GetDC
SendMessageW
MessageBoxW
IsWindow
MsgWaitForMultipleObjects
ShowWindow
ReleaseDC
CharNextA
ExitWindowsEx
EndDialog
CharUpperW
GetWindowRect
GetSystemMetrics
LoadStringW
DestroyWindow
SetWindowPos
EnableWindow
PeekMessageW
MessageBeep
GetDlgItemTextW
UpdateWindow

msvcrt

_adjust_fdiv
_XcptFilter
memset
_wtoi
_wtol
_wcsicmp
longjmp
_ultow
bsearch
_vsnprintf
_setjmp3
memcpy
_wcsnicmp
_vsnwprintf
malloc
_initterm
memmove
_amsg_exit
free

ntdll

RtlAdjustPrivilege
NtAllocateVirtualMemory

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathAddBackslashW
StrStrIW
StrRChrW
PathAppendW
PathFileExistsW
StrChrW
PathBuildRootW
PathCombineW
PathRemoveFileSpecW

ole32

CoTaskMemFree
OleInitialize
OleUninitialize

kernel32

GetPrivateProfileStringW
GetTempPathW
SearchPathW
SetFileTime
QueryPerformanceCounter
MultiByteToWideChar
GetWindowsDirectoryW
ExpandEnvironmentStringsW
FindResourceExW
lstrcmpiA
lstrlenA
lstrcmpiW
LocalAlloc
GetLastError
EnumResourceLanguagesW
LocalFree
GetPrivateProfileIntW
FindResourceW
CompareStringW
FindClose
LoadResource
GetFileSize
LockResource
LocalReAlloc
SetUnhandledExceptionFilter
FindNextFileW
GetVolumeInformationW
MulDiv
WritePrivateProfileSectionW
MoveFileExW
GetSystemDefaultUILanguage
GetModuleFileNameW
FreeLibrary
GetProcAddress
CopyFileW
GetFullPathNameW
FindFirstFileW
lstrlenW
FormatMessageW
GetFileTime
GetPrivateProfileSectionW
SetLastError
GetTickCount
UnmapViewOfFile
RtlUnwind
CreateFileW
GetFileAttributesW
InterlockedExchange
DeleteFileW
GetSystemTimeAsFileTime
CreateFileMappingW
lstrcmpW
WriteFile
DisableThreadLibraryCalls
GetCurrentProcess
MapViewOfFileEx
GetSystemDirectoryW
SizeofResource
CreateProcessW
RemoveDirectoryW
UnhandledExceptionFilter
GetCurrentProcessId
GetDriveTypeW
InterlockedCompareExchange
GetLocalTime
LoadLibraryExW
GetEnvironmentVariableW
MapViewOfFile
GetTempFileNameW
GetStartupInfoA
WritePrivateProfileStringW
MoveFileW
LoadLibraryW
GetSystemInfo
Sleep
GetUserDefaultUILanguage
CloseHandle
GetShortPathNameW
WideCharToMultiByte
SetFileAttributesW
GetDiskFreeSpaceW
TerminateProcess
ReadFile
GetCurrentThreadId
GetVersionExW
CreateDirectoryW
GetProfileStringW

advapi32

CreateServiceW
ConvertSidToStringSidA
EqualSid
RegEnumValueW
CredRenameW
RegCreateKeyExW
BuildTrusteeWithNameA
ControlTraceA
RegDeleteKeyW
RegLoadKeyW
AllocateAndInitializeSid
RegQueryValueExA
CancelOverlappedAccess
RegOpenKeyExA
RegFlushKey
RegSaveKeyW
LookupPrivilegeValueW
RegEnumKeyW
RegQueryInfoKeyW
AdjustTokenPrivileges
RegSetValueW
OpenProcessToken
FreeSid
RegSetValueExW

gdi32

CreateFontIndirectW
DeleteObject
GetStockObject
GetObjectW
GetDeviceCaps

rpcrt4

RpcStringFreeW

setupapi

SetupOpenAppendInfFileW
SetupFindNextLine
SetupGetLineTextW
SetupSetDirectoryIdW
SetupOpenInfFileW
SetupQueueCopyW
SetupFindFirstLineW
SetupDefaultQueueCallbackW
SetupOpenFileQueue
SetupCloseFileQueue
SetupInitDefaultQueueCallbackEx
SetupInstallFromInfSectionW
SetupTermDefaultQueueCallback
SetupGetStringFieldW
SetupCommitFileQueueW
SetupCloseInfFile

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

443f855c79392034952ebd6480afb447

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

ntdll

version

shlwapi

ole32

kernel32

advapi32

gdi32

rpcrt4

setupapi

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 11KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 40KB

.rdata Size: 5KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 11KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 40KB

.rdata
Size: 5KB - Virtual size: 4KB