be769fe8d013a1ad118c4cc797e053c4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be769fe8d013a1ad118c4cc797e053c4_JaffaCakes118
Size

392KB
MD5

be769fe8d013a1ad118c4cc797e053c4
SHA1

4574b6de68b4089479eb6da22263e61c4085c87a
SHA256

f89724fcb31acf6f33091305a9b0fe3f289cbf404fdd35eb4113066ae2e67120
SHA512

7db7df5f18f624d8e8c4b76444695ff5ac952242088dfc4f326e521226ddd5ac9ace851b67063c6e6dc602b013b6ff09b4f03bde260d0ac2c7f4286e34fab729
SSDEEP

6144:rWdXb4q4RbVzNaROeWsT3Hq5mT0ikI9voACFWpSg4sgkjT+:rYb4nRyCaHS69wniSPs7jT+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be769fe8d013a1ad118c4cc797e053c4_JaffaCakes118

Files

be769fe8d013a1ad118c4cc797e053c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c20dde8851e0b5be35717303e02f0f27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

m:\oes.pdb

Imports

user32

CharUpperBuffA
TileChildWindows
DrawStateA
FindWindowW
GetNextDlgTabItem
DestroyIcon
CreateWindowExA
LoadImageA
SetMenu
DrawFocusRect
LoadAcceleratorsA
DdeKeepStringHandle
SetMenuDefaultItem
GetScrollBarInfo
SendDlgItemMessageA
SetWindowTextA
IsCharAlphaNumericW
DefDlgProcW
ShowWindow
GetQueueStatus
IsClipboardFormatAvailable
DdeConnectList
BroadcastSystemMessageW
GetClipboardFormatNameA
CharNextExA
DefWindowProcW
InvalidateRgn
IsWindowVisible
GetKeyboardType
SetShellWindow
WindowFromDC
DdeQueryNextServer
SendDlgItemMessageW
CloseWindow
GetMonitorInfoA
MessageBoxW
RegisterClassExA
PtInRect
DdeGetLastError
MessageBeep
UnregisterHotKey
IsCharAlphaNumericA
CopyRect
CallWindowProcA
DdeQueryStringA
EnumDisplayDevicesA
CreateWindowStationW
SetActiveWindow
RegisterClassA
ChangeDisplaySettingsW
DdeInitializeW
DestroyWindow
DefFrameProcA
DrawCaption

kernel32

GetCurrentProcess
TerminateProcess
FreeEnvironmentStringsW
GetLocaleInfoA
EnumSystemLocalesA
VirtualAlloc
TlsFree
CompareStringA
GetLocaleInfoW
GetModuleFileNameW
DeleteCriticalSection
VirtualQuery
ReadFile
HeapAlloc
EnumCalendarInfoExA
LCMapStringA
GetVersionExA
GetAtomNameW
GetPrivateProfileIntW
HeapFree
GetCommandLineA
ResetEvent
GetCalendarInfoW
GetStartupInfoA
WideCharToMultiByte
CreateMutexA
HeapCreate
GetTickCount
SetConsoleCursorInfo
GetTimeZoneInformation
MultiByteToWideChar
GetEnvironmentStrings
CreateSemaphoreW
IsValidLocale
GetPrivateProfileSectionNamesA
GetSystemTimeAsFileTime
GetModuleFileNameA
GetCPInfo
GetTimeFormatA
SetHandleCount
FlushInstructionCache
IsBadWritePtr
LocalFileTimeToFileTime
InitializeCriticalSection
UnhandledExceptionFilter
WriteFile
FreeEnvironmentStringsA
GetSystemInfo
LocalReAlloc
RtlMoveMemory
GetDateFormatA
CloseHandle
EnumSystemLocalesW
SetEnvironmentVariableA
GetCurrentThread
ExitProcess
IsValidCodePage
GetACP
QueryPerformanceCounter
GetCurrentThreadId
SetConsoleTitleW
LCMapStringW
GetStdHandle
GetFileType
TlsSetValue
VirtualFree
WriteConsoleOutputCharacterA
GetVolumeInformationA
OpenProcess
GetProcAddress
FillConsoleOutputCharacterA
SetLastError
HeapSize
GetOEMCP
GetCurrentProcessId
TlsAlloc
lstrcatW
SetFilePointer
FormatMessageW
GetStringTypeW
LoadLibraryA
HeapReAlloc
GetLastError
GetConsoleCursorInfo
GetUserDefaultLCID
ConnectNamedPipe
LeaveCriticalSection
TlsGetValue
GetEnvironmentStringsW
GetStringTypeA
GetConsoleCP
FlushFileBuffers
ReadConsoleInputW
GetCurrentDirectoryW
EnterCriticalSection
ExitThread
OpenMutexA
WriteProfileSectionW
EnumResourceTypesW
SetStdHandle
GetModuleHandleA
HeapDestroy
InterlockedExchange
SetComputerNameW
AddAtomA
FindFirstFileExW
EnumResourceTypesA
CompareStringW
VirtualProtect
RtlUnwind

wininet

InternetCombineUrlW

comctl32

CreateStatusWindowA
ImageList_SetBkColor
GetEffectiveClientRect
ImageList_LoadImage
MakeDragList
ImageList_GetImageInfo
CreatePropertySheetPage
ImageList_EndDrag
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_SetDragCursorImage
ImageList_GetIconSize
ImageList_GetFlags
CreateUpDownControl
ImageList_Copy
ImageList_Create
_TrackMouseEvent
InitCommonControlsEx
ImageList_Remove
CreateToolbar

comdlg32

FindTextA
ChooseFontA
LoadAlterBitmap
GetOpenFileNameA

shell32

RealShellExecuteExA
SHGetPathFromIDListW

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c20dde8851e0b5be35717303e02f0f27

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

wininet

comctl32

comdlg32

shell32

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 92KB - Virtual size: 115KB

.rsrc Size: 68KB - Virtual size: 66KB

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 92KB - Virtual size: 115KB

.rsrc
Size: 68KB - Virtual size: 66KB