bc39561b831f234a4aa262865a1afbc9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bc39561b831f234a4aa262865a1afbc9_JaffaCakes118
Size

501KB
MD5

bc39561b831f234a4aa262865a1afbc9
SHA1

eae2c53ada886f444da6b02a7ce8570bb1d3dada
SHA256

c9cd3d8b8a8913bdcb93820f51632ba25d031e13cbdf37c29c8f925f2e0d0652
SHA512

b7caeb781d6b27feb142be126f6e7cd333babe0693bbbf01298ea548b6272b1283294c821b69d23ed61ecd62ed797d17165d222357a5bef3c4ce1c5f2327efd9
SSDEEP

12288:QYd1BffstMAwD34j9Q8hxoyItmlNq3xGeAD8wv3SjNhUnMMnMMMMMOrjQLV/:QYd1BND3S9Q8hxoyItwoxBwKJhUnMMnq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc39561b831f234a4aa262865a1afbc9_JaffaCakes118

Files

bc39561b831f234a4aa262865a1afbc9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a02fd58383cb371303dd5a776ac1dd94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
GetProfileStringA
FindFirstFileA
FindNextFileA
MulDiv
_lclose
GetUserDefaultLangID
WideCharToMultiByte
IsBadCodePtr
Sleep
GetExitCodeProcess
SetHandleCount
GetEnvironmentStringsW
GetTimeZoneInformation
SetLastError
GetVersionExA
GlobalFree
InterlockedIncrement
VirtualFree
ReadFile
lstrlenA
HeapDestroy
CreateFileA
SystemTimeToFileTime
GetSystemTime
ReleaseSemaphore
LockResource
_lwrite
GetUserDefaultLCID
CompareStringA
GetStringTypeW
HeapReAlloc
VirtualProtect
CompareStringW
OpenProcess
GetCommandLineA
FileTimeToLocalFileTime
FormatMessageA
GetSystemInfo
FreeEnvironmentStringsA
GetWindowsDirectoryA
GetStdHandle
VirtualAlloc
WriteFile
LoadLibraryA
UnlockFile
SetLocalTime
FindClose
CreateThread
InitializeCriticalSection
GetTickCount
MoveFileA
SetEndOfFile
GetVersion
LCMapStringW
GetEnvironmentStrings
GlobalLock
GetSystemDefaultLangID
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
_lread
LockFile
GetACP
GlobalDeleteAtom
GetLastError
GetProcAddress
SetFileTime
SetCurrentDirectoryA
InterlockedDecrement
lstrcpyA
GlobalHandle
FreeResource
GetShortPathNameA
SetEnvironmentVariableA
FlushFileBuffers
FileTimeToSystemTime
GetLocalTime
ResumeThread
FreeEnvironmentStringsW
GetCurrentThreadId
GetLocaleInfoA
TlsGetValue
HeapSize
lstrcpynA
RtlUnwind
GetTempFileNameA
TlsAlloc
GetFileTime
CreateProcessW
EnterCriticalSection
_llseek
FlushInstructionCache
ResetEvent
SizeofResource
lstrcmpiW
RemoveDirectoryA
GetFullPathNameA
GlobalAddAtomA
LoadLibraryExA
GetModuleFileNameW
GetCurrentProcessId
GetVolumeInformationA
SetFileAttributesA
SetErrorMode
SetFilePointer
GetTempPathA
SetStdHandle
CreateSemaphoreA
GlobalReAlloc
LeaveCriticalSection
GetModuleFileNameA
lstrcatA
GlobalSize
DeleteCriticalSection
CreateDirectoryA
GetStringTypeExA
GetCurrentDirectoryA
CloseHandle
GetStartupInfoA
IsBadReadPtr
VirtualQuery
GetSystemDirectoryA
HeapCreate
TlsFree
GetDriveTypeA
GetFileType
lstrcmpiA
DuplicateHandle
CreateEventA
LoadResource
IsDBCSLeadByte
GlobalUnlock
GetDateFormatA
FormatMessageW
GetStringTypeA
GetCPInfo
ExitProcess
lstrcmpA
TlsSetValue
WinExec
HeapFree
CreateProcessA
WaitForSingleObject
RaiseException
DeleteFileA
GetFileAttributesA
SearchPathA
ExitThread
HeapAlloc
FindResourceA
SetEvent
GetOEMCP
GetModuleHandleA
LCMapStringA
GetSystemDefaultLCID

user32

GetMenuStringA
SetActiveWindow
CopyAcceleratorTableA
LoadCursorA
LoadStringA
GetMenuItemID
SendMessageA
CallWindowProcA
SetWindowsHookExA
LoadIconA
SetDlgItemTextA
AdjustWindowRect
DestroyIcon
GetSystemMenu
GetCaretPos
IsRectEmpty
EnableWindow
IsZoomed
EnumThreadWindows
SetCursor
IsWindowVisible
SetCaretPos
RemovePropA
SetWindowLongA
GetDCEx
DeferWindowPos
DestroyCaret
ClientToScreen
ToAscii
DdeGetLastError
DestroyAcceleratorTable
CharUpperA
SetClipboardData
AppendMenuA
BringWindowToTop

advapi32

RegisterEventSourceA
RegDeleteValueA
RegQueryValueExW
RegDeleteKeyW
RegEnumValueA
RegCreateKeyW
RegOpenKeyA
RegCloseKey
RegEnumValueW
RegSetValueExW
RegEnumKeyA
DeregisterEventSource
ReportEventA
RegOpenKeyW
RegCreateKeyA
RegEnumKeyW
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
OpenProcessToken
RegQueryValueA
RegQueryValueExA
RegSetValueA
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
LookupPrivilegeValueA
RegDeleteValueW

samlib

SamConnectWithCreds
SamConnect
SamLookupNamesInDomain

ws2_32

setsockopt
WSAConnect

ddraw

DirectDrawEnumerateA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a02fd58383cb371303dd5a776ac1dd94

Headers

File Characteristics

Imports

kernel32

user32

advapi32

samlib

ws2_32

ddraw

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 155KB - Virtual size: 1024KB

.rsrc Size: 131KB - Virtual size: 131KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 155KB - Virtual size: 1024KB

.rsrc
Size: 131KB - Virtual size: 131KB