ba6cc19719ddd0c992ca52c32254c554_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ba6cc19719ddd0c992ca52c32254c554_JaffaCakes118
Size

329KB
MD5

ba6cc19719ddd0c992ca52c32254c554
SHA1

310c99fb953515c859cd81a10ee0126b17408138
SHA256

025cb2bb5c6bd382455d1dc5878198b22adb8ad83b8d41e9deb6f1e92fa9eaee
SHA512

3f260eb4ed9705604e9ccb92394f3e4a6d13ed83bdb45b4dd78aa80bd6fe1064ba55338da6c5d0c7afd31a142f9aa7b0a1ae93876494b29224bde770ee1910b5
SSDEEP

6144:7et2+ZSmfP0eQuSQ2CHh+/Xb6nA7uK3wOzX2oQkzeuNu:K0bA7QuSZ6+/XUA7GvrT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba6cc19719ddd0c992ca52c32254c554_JaffaCakes118

Files

ba6cc19719ddd0c992ca52c32254c554_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4135c2c163808db0f3240435dcaa5ed3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
LoadLibraryExW
GetUserDefaultLCID
Sleep
CreateThread
CreateEventW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetEvent
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WideCharToMultiByte
GetFileSize
CreateFileW
SetEndOfFile
ReadFile
WriteFile
DeleteFileW
GetLongPathNameW
RemoveDirectoryW
CreateDirectoryW
GetModuleFileNameW
FindClose
FindFirstFileW
SetFileAttributesW
CopyFileW
FindNextFileW
LocalFree
LocalAlloc
lstrlenA
GetTempPathW
GetFullPathNameW
GetDriveTypeW
SwitchToThread
TlsSetValue
CreateSemaphoreA
SetLastError
LoadLibraryW
lstrcmpiW
WaitForSingleObject
CloseHandle
FreeLibrary
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
lstrlenW
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
SetFilePointer
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
TlsAlloc
InitializeCriticalSection
TlsGetValue
TlsFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSetInformation
GetStartupInfoW
TerminateProcess
LoadLibraryA
GetFileType
IsProcessorFeaturePresent
SetFileTime
MapViewOfFile
UnmapViewOfFile
VirtualAlloc
GetModuleFileNameA
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
FindFirstFileA
FindNextFileA
SystemTimeToFileTime
ExitProcess
CreateFileMappingA
OpenFileMappingA

user32

GetMessageW
MessageBoxW
LoadStringW
TranslateMessage
CharNextW
PostThreadMessageW
DispatchMessageW
EndPaint
BeginPaint
SetActiveWindow
ReuseDDElParam

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

CryptGenRandom
CryptReleaseContext
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExW
RegOpenKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptAcquireContextW

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance
CoResumeClassObjects

oleaut32

VarUI4FromStr
SafeArrayCreateVector
SysAllocString
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VarR8FromDec

shlwapi

AssocQueryStringW

gdi32

EndPage
GetPolyFillMode

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4135c2c163808db0f3240435dcaa5ed3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

gdi32

Sections

.text Size: 190KB - Virtual size: 189KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 89KB - Virtual size: 88KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 190KB - Virtual size: 189KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 89KB - Virtual size: 88KB

.reloc
Size: 9KB - Virtual size: 8KB