c8bb015380b98386dbdf530df9edf3c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8bb015380b98386dbdf530df9edf3c1_JaffaCakes118
Size

205KB
MD5

c8bb015380b98386dbdf530df9edf3c1
SHA1

a9f69e12474e2e90c89e419dbf7e8b66eb4319d4
SHA256

db118a2df78efe7461b981babe5e4a36225af52c17753462b4129f3609e3b453
SHA512

5a6060db59d14248d57c1d9b6d5ffa3ad968043170437f78b8fe8398dc45643068d6e39efc1e9c77a904320194926e080874c75a5576152a91070381ca8195c0
SSDEEP

3072:h+jlxTv4AqussHK/De2rMAjWqa78/fZrQuXTlxIVMMdIvBlQ18IVQ+RKrTE:ikAqu7q/NjWqP3VrIVMMd6618IHMTE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8bb015380b98386dbdf530df9edf3c1_JaffaCakes118

Files

c8bb015380b98386dbdf530df9edf3c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cabdd5ecca9961437153c80261f331c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
CreateFileW
GetCurrentThread
CreateThread
GetStartupInfoW
OpenProcess
GetExitCodeThread
MoveFileA
MoveFileW
DeleteAtom
ReplaceFileW
GetStringTypeW
GetWindowsDirectoryA
GetShortPathNameA
GetModuleHandleA
GetStartupInfoA
IsValidCodePage
BeginUpdateResourceA
ReadFile
GetCurrentProcessId
GetLongPathNameW
GetProcAddress
CreateEventA
SuspendThread
RaiseException

user32

EnumClipboardFormats
GetClassInfoExA
GetTopWindow
CheckMenuItem
DialogBoxIndirectParamW
EnumDesktopsW
EnumDesktopWindows
LoadCursorA
keybd_event
DrawTextA
SetWindowTextA
CheckRadioButton
GetMessageW
GetClassNameW
CheckDlgButton
UpdateWindow
GetSystemMetrics
IsDlgButtonChecked
CascadeWindows
MessageBoxIndirectA
DefWindowProcA
RegisterWindowMessageW
GetKeyState
AdjustWindowRect
PeekMessageW

gdi32

CreateFontIndirectA
GetColorAdjustment
SetColorAdjustment
CreateDCW
EnumObjects
CreateSolidBrush
SelectBrushLocal
EnumICMProfilesA
StartDocW
SetArcDirection
GetViewportExtEx
MoveToEx
GetLogColorSpaceW
GetBkMode

advapi32

RegSaveKeyW
RegOpenKeyExA
RegOpenKeyA
RegOpenKeyExW

shlwapi

StrChrW
SHRegCreateUSKeyW
PathUnExpandEnvStringsW
PathUndecorateA
PathIsFileSpecW
PathRemoveFileSpecW

comdlg32

ReplaceTextA

opengl32

glColor4ubv

setupapi

SetupDiMoveDuplicateDevice
pSetupStringTableSetExtraData
SetupAddSectionToDiskSpaceListA

urlmon

CoInternetGetSession
CoGetClassObjectFromURL
HlinkNavigateString
CoInternetCreateZoneManager
DllInstall
FindMimeFromData
CDLGetLongPathNameW
HlinkSimpleNavigateToMoniker
RegisterMediaTypes
URLDownloadToCacheFileA
CoInternetCreateSecurityManager

sqlunirl

_SetEnvironmentVariable_@8
_EnumFontFamiliesEx_@20
_SetFileAttributes_@8

crypt32

CertCreateSelfSignCertificate
CryptMsgDuplicate
CryptGetDefaultOIDDllList
RegSetValueExU
CertDeleteCTLFromStore
CertSerializeCertificateStoreElement
I_CryptRegisterSmartCardStore
CertFreeCertificateChainEngine
I_CryptInsertLruEntry
CertDeleteCRLFromStore
CryptSIPRemoveProvider
CertRDNValueToStrW
CryptInstallOIDFunctionAddress
CryptSignMessageWithKey
CertOpenSystemStoreA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.s
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d
Size: 1KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VKFBmZ
Size: 1024B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xJ
Size: 1024B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OQKfGO
Size: 3KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.OF
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.J
Size: 1024B - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wu
Size: 512B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cabdd5ecca9961437153c80261f331c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comdlg32

opengl32

setupapi

urlmon

sqlunirl

crypt32

Sections

.text Size: 11KB - Virtual size: 10KB

.s Size: 512B - Virtual size: 11KB

.d Size: 1KB - Virtual size: 36KB

.VKFBmZ Size: 1024B - Virtual size: 39KB

.xJ Size: 1024B - Virtual size: 18KB

.OQKfGO Size: 3KB - Virtual size: 43KB

.data Size: 12KB - Virtual size: 12KB

.OF Size: 512B - Virtual size: 7KB

.J Size: 1024B - Virtual size: 42KB

.wu Size: 512B - Virtual size: 152KB

.rsrc Size: 170KB - Virtual size: 170KB

.reloc Size: 1024B - Virtual size: 1004B

.text
Size: 11KB - Virtual size: 10KB

.s
Size: 512B - Virtual size: 11KB

.d
Size: 1KB - Virtual size: 36KB

.VKFBmZ
Size: 1024B - Virtual size: 39KB

.xJ
Size: 1024B - Virtual size: 18KB

.OQKfGO
Size: 3KB - Virtual size: 43KB

.data
Size: 12KB - Virtual size: 12KB

.OF
Size: 512B - Virtual size: 7KB

.J
Size: 1024B - Virtual size: 42KB

.wu
Size: 512B - Virtual size: 152KB

.rsrc
Size: 170KB - Virtual size: 170KB

.reloc
Size: 1024B - Virtual size: 1004B