c4f6c46caff0a633015943c076b55e78_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c4f6c46caff0a633015943c076b55e78_JaffaCakes118
Size

906KB
MD5

c4f6c46caff0a633015943c076b55e78
SHA1

edf7c89bfe1d4bf36d17d83e05a895c0f9938e1f
SHA256

fb081199ada745e95dedc88284ba2504ce879cbfc6dd86243bb5bbee6cc153b9
SHA512

77ce40a96bfc3a9e32e346724101c9470e0a8c465a1a3232d8556b5f960ab5c552a5e309480faf1cc6ec7bdc58a4b5c95cafa11b2bb5dfc22e2320bc96af32fa
SSDEEP

12288:v05a/N5c4SeAjKPDKXXhzfNwaW8wkEsI0mhyUQU8UjMG:v00YKPDSzfAkmdbQz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4f6c46caff0a633015943c076b55e78_JaffaCakes118

Files

c4f6c46caff0a633015943c076b55e78_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e5e485d2394ae179aa8cbe2950cf0ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetProcAddress
lstrlenA
lstrcmpA
GlobalWire
ReadConsoleInputExA
SetTimeZoneInformation
DeleteTimerQueueTimer
SetTapePosition
GetDllDirectoryW
SuspendThread
WriteConsoleW
RegisterWowExec

winmm

mixerMessage
mmioFlush
midiInUnprepareHeader
DriverCallback
midiStreamRestart
midiInStart
mmioOpenW
mmioClose
mmioSeek
mciSendStringA
PlaySoundA
mixerGetLineInfoW
waveInReset
mixerGetID

comctl32

ImageList_LoadImageW
ImageList_SetImageCount
FlatSB_SetScrollInfo
DestroyPropertySheetPage
FlatSB_GetScrollPos
CreatePropertySheetPageA
SetWindowSubclass
ImageList_DragEnter
DPA_Sort
ImageList_GetBkColor
ImageList_Write
FlatSB_GetScrollRange
CreateStatusWindowW
DSA_InsertItem
ImageList_SetOverlayImage
DrawStatusTextW
Str_SetPtrW
CreatePropertySheetPage
ImageList_GetDragImage
MenuHelp
InitCommonControls

oledlg

OleUIBusyW
OleUIUpdateLinksW
OleUIObjectPropertiesW
OleUIInsertObjectW
OleUIPromptUserW
OleUIAddVerbMenuW
OleUIConvertW
OleUIEditLinksA
OleUIInsertObjectA
OleUIChangeSourceW
OleUIChangeIconA
OleUIChangeIconW
OleUICanConvertOrActivateAs
OleUIObjectPropertiesA
OleUIPasteSpecialA
OleUIChangeSourceA
OleUIConvertA
OleUIEditLinksW

advapi32

CryptGetKeyParam
RegUnLoadKeyW
GetExplicitEntriesFromAclW
WmiQueryAllDataA
LogonUserA
AccessCheckByTypeResultListAndAuditAlarmByHandleA
LookupSecurityDescriptorPartsA
LookupAccountNameW
AddAccessDeniedAce
BuildImpersonateTrusteeA
EnumDependentServicesW
CryptGenRandom
BuildSecurityDescriptorA
ElfDeregisterEventSource
AddAccessDeniedObjectAce
ElfReadEventLogW
SetAclInformation
RegSaveKeyW

winspool.drv

EnumPrintersW
DeleteFormW
QuerySpoolMode
ResetPrinterW
GetPrinterDataExW
XcvDataW
SpoolerDevQueryPrintW
DocumentPropertySheets
EnumJobsA
AddPortW
DeletePrintProvidorA
EnumPrinterDataExW
AdvancedDocumentPropertiesW
EnumPrinterDriversW
AddPortA
DeletePrinterDataA
PerfClose
PerfOpen

ole32

CoReleaseMarshalData
HMETAFILE_UserSize
GetClassFile
CoInitializeSecurity
ComPs_NdrDllCanUnloadNow
CoGetStandardMarshal
CoUnmarshalInterface
CoMarshalInterThreadInterfaceInStream
GetHookInterface
CLSIDFromProgID
CoRevokeMallocSpy
OleGetAutoConvert
SNB_UserMarshal

comdlg32

GetOpenFileNameW
ChooseColorW
Ssync_ANSI_UNICODE_Struct_For_WOW
FindTextA
GetSaveFileNameW
PrintDlgA
ReplaceTextW
GetOpenFileNameA
GetSaveFileNameA
LoadAlterBitmap
PrintDlgW
GetFileTitleW
dwOKSubclass
ChooseColorA
dwLBSubclass
FindTextW

shell32

SHHelpShortcuts_RunDLL
DoEnvironmentSubstA
ExtractIconW
ILCloneFirst
SHPropStgCreate
RealDriveType
SHGetUnreadMailCountW
PathGetShortPath
DragAcceptFiles
SheChangeDirA
SHFindFiles
FreeIconList
SHGetRealIDL
ExtractIconExA
IsLFNDriveW
PrintersGetCommand_RunDLLA
ShellExecuteExW
DuplicateIcon
SHBrowseForFolder
SHChangeNotification_Unlock
SHFileOperationW
FindExecutableW
SHFormatDrive
DoEnvironmentSubstW
SHCreateDirectoryExA
DllCanUnloadNow
ShellAboutA
IsLFNDrive
SHSetLocalizedName
PifMgr_OpenProperties
StrCmpNA

Sections

.code
Size: 773KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rfty
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e5e485d2394ae179aa8cbe2950cf0ba

Headers

File Characteristics

Imports

kernel32

winmm

comctl32

oledlg

advapi32

winspool.drv

ole32

comdlg32

shell32

Sections

.code Size: 773KB - Virtual size: 772KB

.rdata Size: 46KB - Virtual size: 45KB

.rsrc Size: 22KB - Virtual size: 21KB

.rfty Size: 64KB - Virtual size: 64KB

.code
Size: 773KB - Virtual size: 772KB

.rdata
Size: 46KB - Virtual size: 45KB

.rsrc
Size: 22KB - Virtual size: 21KB

.rfty
Size: 64KB - Virtual size: 64KB