cde8d2f377b768d4b05007576afbc8de_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cde8d2f377b768d4b05007576afbc8de_JaffaCakes118
Size

326KB
MD5

cde8d2f377b768d4b05007576afbc8de
SHA1

f8dc2edf7df0608ea39a2a14623c515ce3ae7df0
SHA256

3c03cd6c4efe7143799db61257eb9577f7ab7b64f1f1122e9b7e55b7ce07f7ec
SHA512

b9b4d81452e8a28118c2df01f6e55921f0ec98db6805e76a43aedfc5aaaeb0cb8205ac3761d1ce127eebec772379223cf952bd2d9532665c9278b93584299c7d
SSDEEP

6144:4J3UFQn/ldS37tFxa4RM8f5pl/2ImRi/TFLupvsosULDV:aJ/HS3xC4RM0X/l0SohDV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cde8d2f377b768d4b05007576afbc8de_JaffaCakes118

Files

cde8d2f377b768d4b05007576afbc8de_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b1fcceeee2ba3854f6cb813f241619fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_time64
_localtime64
iswctype
wcsncpy
memcpy
_wtol
wcsncmp
memset
_except_handler3

kernel32

ExpandEnvironmentStringsA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
GetProcAddress
GetModuleHandleA
lstrcpyA
OpenProcess
GetCurrentThreadId
lstrlenA
WaitForSingleObject
CloseHandle
WriteFile
CreateFileA
GetLastError
lstrcatA
GetTempFileNameA
lstrcmpA
GetTempPathA
FindAtomA
ExitProcess
VirtualAlloc
GlobalAlloc
FreeLibrary
LoadLibraryA
VirtualQueryEx
GetThreadContext
CreateProcessA
GlobalFree
TerminateProcess
ResumeThread
VirtualFree
GetLocaleInfoW
MulDiv
lstrcpynW
CreateFileW
lstrcpyW
LocalFree
GetCommandLineW
lstrcatW
FindClose
FindFirstFileW
lstrcmpW
LocalAlloc
lstrlenW
LocalUnlock
CompareStringW
LocalLock
FoldStringW
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetUserDefaultLCID
WideCharToMultiByte
SetLastError
SetEndOfFile
DeleteFileW
GetACP
UnmapViewOfFile
LocalReAlloc
MultiByteToWideChar
MapViewOfFile
CreateFileMappingW
GetFileInformationByHandle
FormatMessageW
GetUserDefaultLangID
LocalSize
lstrcmpiW
GlobalUnlock
GlobalLock
IsDBCSLeadByte
GetCPInfo

user32

LoadStringW
GetWindowTextW
EnableWindow
CreateDialogParamW
DrawTextExW
CloseDesktop
GetWindowThreadProcessId
FindWindowA
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
wsprintfA
InflateRect
ClientToScreen
GetWindowRect
GetCursorPos
EqualRect
IsWindowVisible
GetFocus
MoveWindow
InvalidateRect
ChildWindowFromPoint
ScreenToClient
WinHelpW
GetDlgCtrlID
SendDlgItemMessageW
SetCursor
ReleaseDC
GetDC
MessageBoxW
GetDesktopWindow
LoadIconW
DialogBoxParamW
SetFocus
EnableMenuItem
GetSubMenu
SendMessageW
GetMenu
PostMessageW
SetActiveWindow
GetKeyboardLayout
GetForegroundWindow
MessageBeep
DestroyWindow
PostQuitMessage
IsIconic
DefWindowProcW
CharNextW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
GetMessageW
GetSystemMetrics
SetWindowTextW
CheckMenuItem
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetMenuState
wsprintfW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
GetWindowLongW
UpdateWindow
SetScrollPos
GetWindowPlacement
PeekMessageW
SetWindowLongW
LoadAcceleratorsW
GetSystemMenu
CharUpperW
ShowWindow
GetClientRect
SetWindowPlacement
CreateWindowExW
LoadCursorW
RegisterWindowMessageW
RegisterClassExW
LoadImageW
CharLowerW

shell32

DragAcceptFiles
ShellAboutW
DragFinish
ShellExecuteA
DragQueryFileW

shlwapi

SHGetValueA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyW
IsTextUnicode
CreateProcessAsUserA

gdi32

SetBkMode
GetTextMetricsW
EndPage
EndDoc
LPtoDP
SetAbortProc
StartDocW
SetWindowExtEx
TextOutW
GetTextExtentPoint32W
SelectObject
GetTextFaceW
EnumFontsW
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
GetBkMode
GetBkColor
SetViewportExtEx
SetMapMode
CreateDCW
StartPage
DeleteDC

comdlg32

FindTextW
PageSetupDlgW
CommDlgExtendedError
ChooseFontW
PrintDlgExW
GetFileTitleW
GetOpenFileNameW
GetSaveFileNameW
ReplaceTextW

winspool.drv

GetPrinterDriverW
ClosePrinter
OpenPrinterW

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 259KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1fcceeee2ba3854f6cb813f241619fa

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

shell32

shlwapi

advapi32

gdi32

comdlg32

winspool.drv

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 259KB - Virtual size: 265KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 259KB - Virtual size: 265KB

.rsrc
Size: 18KB - Virtual size: 17KB