d05e290b094ad66fd05a581d7fbe760a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d05e290b094ad66fd05a581d7fbe760a_JaffaCakes118
Size

235KB
MD5

d05e290b094ad66fd05a581d7fbe760a
SHA1

df317145626b2723bfc8077667a1a061d3ba4f7a
SHA256

08ce0c7b8b35c7615bc3c893dce13d2f9657377ffdb4b87b449b72378f266bb5
SHA512

342cd283ade0c33f05f81c7f3a2d6b96fc2fd9b2c904063488b98c237cf879b3fb0bca132f50ecf9187a2eb742112fb6be392cf7d9778fa836d54b0c160af212
SSDEEP

3072:j+UAcb/l5bMYzkoeAAf36rbfgvHPXmwYpQQPc0dE7C3HKdgntVCv+L5xPO/cOjL2:hrKAc6gvv2/pQccFC3Ki51w1jAR7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d05e290b094ad66fd05a581d7fbe760a_JaffaCakes118

Files

d05e290b094ad66fd05a581d7fbe760a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b129b12c241d6c77377093d5b1e05b12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindAtomW
GlobalAlloc
CreateSemaphoreW
IsBadStringPtrW
lstrcmp
GetEnvironmentVariableA
lstrcpy
SetComputerNameA
GetTempPathW
FatalAppExitA
CopyFileA
GetCurrentProcessId
SetCalendarInfoW
GetExpandedNameA
IsDebuggerPresent
lstrcmpiW
CopyFileExW
ExpandEnvironmentStringsW
AddAtomW
GetCurrentDirectoryW
GetSystemDefaultLCID
lstrcmpW
lstrcpyn
ReplaceFileA
BeginUpdateResourceW
lstrcat
lstrcatW
LocalAlloc
GetExitCodeThread
SleepEx
GetSystemTime
GetShortPathNameA
GetSystemDirectoryW
SetLocaleInfoA
SystemTimeToFileTime
CreateMutexA
GetFullPathNameA
GlobalGetAtomNameA
GetModuleHandleA
CreateDirectoryA
GetProcAddress
DosDateTimeToFileTime
GetAtomNameW
GetCurrentProcess
IsBadWritePtr
IsValidLocale
GetTimeFormatW
OpenMutexW
BeginUpdateResourceA
GetWindowsDirectoryA
GetCalendarInfoA
lstrcpyA
CreatePipe
GetEnvironmentVariableW
LoadLibraryExA
DeleteAtom
HeapCreate
SetErrorMode
GetTempPathA
GetTempFileNameA
lstrcpynW
GlobalGetAtomNameW
EnumDateFormatsW
SearchPathW
GetComputerNameA
LoadResource
lstrcpyW

user32

CharUpperA
MessageBoxIndirectW
LoadImageW
CreateDesktopA
IsWindowEnabled
GetCaretPos
RegisterClassExW
LoadMenuW
WaitForInputIdle
GetActiveWindow
LoadMenuIndirectA
SetCapture
GetMessageA
GetForegroundWindow
wvsprintfA
WinHelpW
TrackPopupMenu
GetAsyncKeyState
CreateAcceleratorTableW
CreatePopupMenu
AdjustWindowRect
PostMessageA
SetActiveWindow
GetMessageW
GetDesktopWindow
GetWindowRgn
DialogBoxParamA
GetActiveWindow
GetSystemMetrics
MonitorFromPoint
InvalidateRgn
GetKeyboardType
LoadCursorA
RegisterClassW
RegisterClassExA
mouse_event
CreateDialogIndirectParamA
LoadIconW
TrackPopupMenuEx
EnableWindow
UpdateLayeredWindow
GetMenuInfo
OpenClipboard
FindWindowW
IsIconic
MessageBoxW
InsertMenuItemW
DefWindowProcA
GetMenuItemInfoW
OffsetRect
PeekMessageW
CreateMenu
GetDlgItemTextA
EndDialog
AppendMenuA
CreateWindowExW
MoveWindow
GetKeyState
GetTopWindow
UnregisterClassA
SetWindowTextW
CreateDialogParamW
InvalidateRect
GetMenuState
ShowWindow
wsprintfA
PostQuitMessage
InsertMenuA
GetDlgItemTextW
RegisterClassA
GetKeyboardLayout
wvsprintfW
SetTimer
GetMenuItemInfoA
IsChild
MessageBoxA
GetSysColorBrush

gdi32

GetTextExtentPointW
CreateSolidBrush
CreateBrushIndirect
CreateDIBSection
CreatePolygonRgn
GetEnhMetaFileA
CreateScalableFontResourceW
CreateDIBPatternBrush
GetMetaFileW
DeleteObject
CreateDIBPatternBrushPt
CreateRoundRectRgn
CreateFontW
CreateColorSpaceA

advapi32

LsaSetSecret
SystemFunction018
ElfChangeNotify
LsaQuerySecurityObject
LsaQuerySecret
LookupPrivilegeDisplayNameA
SetNamedSecurityInfoExA
ControlService
GetOldestEventLogRecord
GetTrusteeTypeA
SystemFunction021
LsaEnumerateAccounts
LookupAccountNameW
LsaSetSecurityObject
WmiEnumerateGuids
ObjectCloseAuditAlarmA

shell32

ExtractIconExA
StrChrIA
StrRChrIW
StrStrA

comctl32

CreateStatusWindowA
ImageList_GetIcon
DrawInsert
InitMUILanguage
ImageList_DragEnter

urlmon

IsJITInProgress
RegisterMediaTypeClass
FindMediaTypeClass
URLOpenPullStreamW
GetMarkOfTheWeb
UrlMkBuildVersion
HlinkSimpleNavigateToMoniker
DllRegisterServer
CoInternetCreateZoneManager
CompareSecurityIds
IsLoggingEnabledA

Sections

.tI
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sO
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.MJBqTR
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Zr
Size: 4KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yfUH
Size: 5KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LoRnlJ
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KqrRjt
Size: 9KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uTz
Size: 4KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b129b12c241d6c77377093d5b1e05b12

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

urlmon

Sections

.tI Size: 3KB - Virtual size: 3KB

.sO Size: 90KB - Virtual size: 90KB

.MJBqTR Size: 13KB - Virtual size: 13KB

.Zr Size: 4KB - Virtual size: 415KB

.yfUH Size: 5KB - Virtual size: 42KB

.LoRnlJ Size: 88KB - Virtual size: 88KB

.KqrRjt Size: 9KB - Virtual size: 54KB

.uTz Size: 4KB - Virtual size: 56KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 1024B

.tI
Size: 3KB - Virtual size: 3KB

.sO
Size: 90KB - Virtual size: 90KB

.MJBqTR
Size: 13KB - Virtual size: 13KB

.Zr
Size: 4KB - Virtual size: 415KB

.yfUH
Size: 5KB - Virtual size: 42KB

.LoRnlJ
Size: 88KB - Virtual size: 88KB

.KqrRjt
Size: 9KB - Virtual size: 54KB

.uTz
Size: 4KB - Virtual size: 56KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 1024B