cfd899ee5652f908b13894dd5ced8016_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cfd899ee5652f908b13894dd5ced8016_JaffaCakes118
Size

344KB
MD5

cfd899ee5652f908b13894dd5ced8016
SHA1

e9ca90be9da4840a217578457101a807aeb8ccca
SHA256

ce91b698999cbf2994dec02e3f393cc9e37e0abe612ec9f5389cf4156b5922d6
SHA512

1df7ef375a424fae24d457e737a3bf0db6cd3a102a2adaf3dc02a2394cc0ee6dd258e37d321dd3f4da1f1a6e2bc788202051d89c365484d0ebbdd3bc8862eb37
SSDEEP

6144:9+4BYV1hur50YbB4kf6bJn28IxOmGQhP6KoyJsm7vYAe0BM8Kj5R:9+AYf4rKYbB2J2fxnrhPfPvYAe0hKN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfd899ee5652f908b13894dd5ced8016_JaffaCakes118

Files

cfd899ee5652f908b13894dd5ced8016_JaffaCakes118
.exe windows:4 windows x86 arch:x86

414c0c1b2150636af7d6b7c30ee7d155

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\sbu\pobttpgez.PDB

Imports

shell32

RealShellExecuteA
SHGetFileInfo

kernel32

GetProcAddress
GetStringTypeA
GetModuleFileNameA
MultiByteToWideChar
HeapAlloc
LoadLibraryA
LCMapStringA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemDefaultLangID
HeapFree
MoveFileA
WaitCommEvent
InterlockedExchangeAdd
CreateWaitableTimerA
SetThreadAffinityMask
GetCalendarInfoA
GetCurrentProcessId
TlsFree
GetPrivateProfileStringA
TlsGetValue
SetConsoleCursorPosition
InitializeCriticalSection
GetFullPathNameA
ReadFile
GetPrivateProfileSectionNamesW
WriteFile
GlobalReAlloc
GetLongPathNameW
GetCurrencyFormatW
ExitThread
TerminateProcess
GlobalSize
ReadConsoleW
EnterCriticalSection
OpenMutexA
GetConsoleTitleA
GetCurrentProcess
GetCommandLineW
OpenSemaphoreA
GetStartupInfoW
SetSystemTime
WaitNamedPipeW
CloseHandle
UnhandledExceptionFilter
ReadConsoleOutputCharacterW
GetLastError
CompareStringA
CopyFileA
SetCriticalSectionSpinCount
SetHandleCount
LeaveCriticalSection
GetStdHandle
LCMapStringW
GetCommandLineA
CreateProcessA
OutputDebugStringA
WaitForDebugEvent
GetComputerNameW
WritePrivateProfileStringW
SetFilePointer
InterlockedIncrement
HeapDestroy
LocalFree
DeleteCriticalSection
CompareStringW
GetCurrentDirectoryA
TlsAlloc
WideCharToMultiByte
FindFirstFileExW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentThreadId
GetLocalTime
LoadLibraryW
GetSystemTime
GetVersionExW
InterlockedExchange
VirtualAlloc
QueryPerformanceCounter
SetVolumeLabelW
lstrcat
EnumSystemCodePagesA
GetFileType
SetStdHandle
GetTimeZoneInformation
ExitProcess
SetThreadLocale
SetConsoleTitleW
lstrcmpiA
GetCurrentThread
IsBadWritePtr
CreateDirectoryA
RtlUnwind
CreateToolhelp32Snapshot
GetModuleHandleA
FindAtomW
GetModuleFileNameW
SetLastError
EnumSystemCodePagesW
InterlockedDecrement
SetEnvironmentVariableA
GetSystemInfo
HeapReAlloc
DeleteFiber
GetVersion
FindNextFileW
GetStartupInfoA
HeapSize
VirtualFree
GetTempPathW
CreateDirectoryExW
FlushFileBuffers
HeapCreate
FreeLibraryAndExitThread
LocalLock
FreeEnvironmentStringsW
GetCPInfo
GetTickCount
GetStringTypeW
TlsSetValue
Sleep
WriteConsoleInputW
CreateMutexA
FreeEnvironmentStringsA
GetDriveTypeA
GlobalFindAtomW

comdlg32

GetFileTitleW
PrintDlgW

gdi32

GetLayout
GdiPlayScript
RemoveFontResourceW
SetViewportExtEx
GetNearestPaletteIndex
SetPixelV
PatBlt
StartPage
GdiPlayJournal
ExtCreatePen
PathToRegion
SetViewportOrgEx
CreateSolidBrush
SetBkMode
PtInRegion

user32

GetWindowModuleFileNameA
CallMsgFilter
GetMessageA
DefDlgProcW
OemToCharW
GetClassLongW
GetPropW
IsCharUpperW
UpdateWindow
GetScrollRange
SendMessageTimeoutA
ShowWindow
FindWindowW
SetCaretPos
BeginPaint
FindWindowA
GetWindowContextHelpId
MonitorFromRect
RealChildWindowFromPoint
DialogBoxIndirectParamA
SetMenuDefaultItem
DdeAddData
DefWindowProcA
ArrangeIconicWindows
GetClipCursor
OemToCharBuffW
EmptyClipboard
SetWindowContextHelpId
LoadKeyboardLayoutW
IsDlgButtonChecked
SendDlgItemMessageW
MessageBoxA
SendIMEMessageExA
RegisterClassA
IsCharLowerW
ToAscii
GetWindowThreadProcessId
GetDlgItem
GetGUIThreadInfo
UnregisterDeviceNotification
LoadStringW
MapVirtualKeyW
EnumDisplayDevicesA
RegisterClassExA
ChangeMenuW
CreateIconIndirect
DrawEdge
CreateMenu
CreateDialogIndirectParamW
DdeGetData
TrackPopupMenu
MessageBoxExA
InvalidateRgn
CreateAcceleratorTableW
IsCharAlphaW
CopyImage
ReleaseCapture
CreateWindowExA
CreatePopupMenu
UnregisterHotKey
CreateDialogParamA
RegisterHotKey
SetWindowPlacement
OpenDesktopW
GetMenuItemInfoA
DefWindowProcW
UnregisterClassW
DestroyWindow
WINNLSEnableIME
BroadcastSystemMessageA
ValidateRgn
GetMessageTime
CreateWindowStationA

wininet

IsHostInProxyBypassList
DetectAutoProxyUrl
GopherGetLocatorTypeA
InternetOpenW
FreeUrlCacheSpaceW
FindCloseUrlCache
DeleteUrlCacheContainerA
HttpAddRequestHeadersW

comctl32

ImageList_DrawIndirect
ImageList_Duplicate
ImageList_SetDragCursorImage
ImageList_Write
DrawInsert
ImageList_GetImageCount
CreatePropertySheetPageW
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_BeginDrag

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

414c0c1b2150636af7d6b7c30ee7d155

Headers

File Characteristics

PDB Paths

Imports

shell32

kernel32

comdlg32

gdi32

user32

wininet

comctl32

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 96KB - Virtual size: 118KB

.rsrc Size: 56KB - Virtual size: 53KB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 96KB - Virtual size: 118KB

.rsrc
Size: 56KB - Virtual size: 53KB