d2e36580b6c008e5cc9bb76b37720282_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d2e36580b6c008e5cc9bb76b37720282_JaffaCakes118
Size

188KB
MD5

d2e36580b6c008e5cc9bb76b37720282
SHA1

36a00c3a13e34df9db7b81079c43ac5fe6e6520a
SHA256

d8d8c90e60616559b817d48486baed41c7c2622e6d02ba7498cd00432e89f55f
SHA512

dea504c86ef525f90d66c17f00f2d0e202cccb5ffd73d3918ea4b76b94ce5ee30dece665c2bd7e4ae8c02f3c3c35db792a0157af3f979585605739cc1d151f4e
SSDEEP

3072:Q6CgbC8u90cPN8khP0w9Oow2am1UIBBW5G5dTD0a0apnPXAX8lXCgRcaCAL+:3g0cPvThxR1DXW5GDcaTFPXAX8lXCXTF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2e36580b6c008e5cc9bb76b37720282_JaffaCakes118

Files

d2e36580b6c008e5cc9bb76b37720282_JaffaCakes118
.exe windows:5 windows x86 arch:x86

390fb04dcea972e9fa2eae048a1a40a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msn6.exe.pdb

Imports

advapi32

RegCloseKey
CryptReleaseContext
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCreateKeyExA

gdi32

GetPaletteEntries
DeleteObject
GetDeviceCaps

kernel32

LockResource
LoadResource
FindResourceA
CreateEventW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
FindFirstFileA
FindFirstFileW
LocalReAlloc
GetFileAttributesA
GetModuleFileNameW
GetModuleHandleW
SetFileAttributesA
SetFileAttributesW
SizeofResource
GetPrivateProfileIntW
GetTempPathA
GetTempPathW
SetLastError
CopyFileA
CopyFileW
RemoveDirectoryA
RemoveDirectoryW
CreateMutexW
LoadLibraryW
GetPrivateProfileStringA
GetPrivateProfileStringW
CreateProcessW
FindClose
SetErrorMode
InterlockedExchange
GlobalAddAtomA
GlobalDeleteAtom
GetSystemTimeAsFileTime
GetACP
GetVersionExW
QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedIncrement
InterlockedDecrement
CreateFileMappingW
IsDBCSLeadByte
GetProcessTimes
GetLocalTime
FlushFileBuffers
GetAtomNameA
lstrcmpA
FindNextFileW
FindNextFileA
GetTickCount
DeleteCriticalSection
IsBadReadPtr
DebugBreak
TerminateProcess
LoadLibraryA
GetVersionExA
RaiseException
GetCurrentThreadId
EnterCriticalSection
GetModuleFileNameA
CreateFileMappingA
MapViewOfFile
CreateEventA
CreateMutexA
GetCurrentProcess
DuplicateHandle
lstrcpynA
GetPrivateProfileIntA
CreateProcessA
SetEvent
UnmapViewOfFile
LeaveCriticalSection
GetProcAddress
FreeLibrary
SetFilePointer
WriteFile
GetModuleHandleA
InitializeCriticalSection
SetUnhandledExceptionFilter
GetCommandLineW
LocalAlloc
GetCommandLineA
MultiByteToWideChar
LocalFree
Sleep
GetLastError
ExitProcess
lstrlenA
lstrlenW
WaitForSingleObject
ReleaseMutex
CloseHandle
GetCurrentProcessId
WideCharToMultiByte

user32

RegisterWindowMessageA
GetCursorPos
GetDoubleClickTime
LoadMenuA
GetSubMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
DestroyIcon
SetFocus
KillTimer
SetTimer
DestroyWindow
TranslateMessage
LoadStringA
MessageBoxA
DefWindowProcA
DefWindowProcW
DispatchMessageA
DispatchMessageW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
LoadCursorA
LoadCursorW
CreateIconFromResource
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
LoadImageA
DestroyMenu
TrackPopupMenuEx
LoadStringW
PostMessageA
PostMessageW
PostThreadMessageA
PostThreadMessageW
CharNextA
SetWindowLongA
SetWindowLongW
CreateWindowExA
CreateWindowExW
FindWindowExA
FindWindowExW
MessageBoxW
LoadImageW
RegisterWindowMessageW
SendMessageTimeoutA
SystemParametersInfoA
SystemParametersInfoW
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
FindWindowW
SendMessageTimeoutW
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
wvsprintfA
GetWindowTextA
IsWindow

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

390fb04dcea972e9fa2eae048a1a40a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

user32

Sections

.text Size: 44KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 136KB - Virtual size: 133KB

.text
Size: 44KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 136KB - Virtual size: 133KB