d3172c2644f4f409b58f7101f633f27e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d3172c2644f4f409b58f7101f633f27e_JaffaCakes118
Size

173KB
MD5

d3172c2644f4f409b58f7101f633f27e
SHA1

11361874a90b36a39d3c6e3a1bc092b627e45bd7
SHA256

faf490df484c8d68425522f9865ffa1a57d19b96df485162480cd4479c0c0a39
SHA512

ffe2a3297bf2ce48955a4ec73a073d6499261c1954d6b9dab7c655ce0c11cf7b78c3a9e7f71a0b18f4bbb36380bd484d2b22f463730336ca56cbee149287667e
SSDEEP

3072:jQyZqmildJ6p77Y/MthPjZTKfHbJk/OlJtS2Kd/SPXm1Bz5gcW9Eds9jYvS0P:MywxldUp7c0thP9ubJk/cM6PXm/Q+s90

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3172c2644f4f409b58f7101f633f27e_JaffaCakes118

Files

d3172c2644f4f409b58f7101f633f27e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0e9574fc497ca43904159075b42ffabc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVIClearClipboard

user32

GetWindow
SendMessageTimeoutW
DispatchMessageW
GetMessageW
MsgWaitForMultipleObjects
SendDlgItemMessageW
SetTimer
PostMessageW
GetClassNameA
LoadStringW
GetTopWindow
KillTimer
CharLowerW
LoadCursorW
PeekMessageW
CharNextW
GetSystemMetrics
SetCursor
LoadImageW
DestroyIcon
GetDesktopWindow
EndDialog
DialogBoxParamW
TranslateMessage

advapi32

LookupPrivilegeValueW
RegCreateKeyExW
GetTokenInformation
RegQueryInfoKeyW
ConvertStringSidToSidW
RegCloseKey
RegEnumKeyExW
RegEnumKeyW
InitializeSecurityDescriptor
GetLengthSid
CreateProcessAsUserW
RegOpenKeyExW
RegQueryValueExA
CopySid
DuplicateTokenEx
OpenSCManagerW
RevertToSelf
RegEnumValueW
SetFileSecurityW
RegSetValueExW
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExA
RegSaveKeyW
OpenProcessToken
EnumServicesStatusExW
FreeSid
SetSecurityDescriptorOwner
ImpersonateLoggedOnUser
RegDeleteValueW
AdjustTokenPrivileges
CloseServiceHandle
LookupPrivilegeNameW

ole32

CoCreateGuid
CoGetComCatalog
CoInitializeEx
CreateBindCtx
StringFromGUID2
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc

setupapi

SetupGetLineTextW
SetupGetBinaryField
SetupFindFirstLineW
SetupFindNextLine
SetupGetIntField
SetupGetStringFieldW
SetupOpenInfFileW
SetupCloseInfFile

kernel32

SearchPathW
WideCharToMultiByte
GetFileAttributesW
GetModuleHandleW
GetFileSize
CopyFileW
GetComputerNameW
FreeLibrary
OpenEventW
GetPrivateProfileStringW
CreateThread
HeapAlloc
GetFileAttributesExW
InitializeCriticalSectionAndSpinCount
GetVersion
InterlockedExchange
IsDBCSLeadByte
GetLastError
EnterCriticalSection
GetProcessHeap
GlobalFree
GetWindowsDirectoryW
lstrlenA
Sleep
SetLastError
GetSystemDirectoryW
FindClose
GetVersionExA
DisableThreadLibraryCalls
LeaveCriticalSection
WriteFile
WaitForSingleObject
LoadLibraryW
UnhandledExceptionFilter
LoadResource
FlushFileBuffers
FindResourceExW
CompareStringA
ReadFile
GetLocaleInfoW
LocalAlloc
GetLocalTime
SetFilePointer
CloseHandle
GetPrivateProfileSectionW
LockResource
MoveFileExW
GetVersionExW
GetPrivateProfileStringA
DecodePointer
CreateFileW
MapViewOfFile
GetPrivateProfileIntW
ResumeThread
SetUnhandledExceptionFilter
CreateFileMappingW
LocalReAlloc
FindNextFileW
CreateDirectoryW
SetFileAttributesW
LoadLibraryA
SizeofResource
ExpandEnvironmentStringsW
TerminateProcess
FindResourceW
lstrcmpiA
LocalFree
OutputDebugStringA
HeapFree
GetSystemInfo
OutputDebugStringW
lstrlenW
GetCurrentThreadId
LoadLibraryExW
InterlockedCompareExchange
InterlockedDecrement
GetProcAddress
GetModuleFileNameW
EnumUILanguagesW
GetCurrentProcess
GetCurrentProcessId
DeleteFileW
GetTickCount
RtlUnwind
CompareStringW
MultiByteToWideChar
DelayLoadFailureHook
WritePrivateProfileStringW
UnmapViewOfFile
QueryPerformanceCounter
MoveFileW
GetExitCodeThread
GetSystemTimeAsFileTime
RemoveDirectoryW
GetSystemDefaultUILanguage
lstrcmpW
FileTimeToSystemTime
FindFirstFileW
GetUserDefaultUILanguage
VirtualAlloc

Sections

.text
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e9574fc497ca43904159075b42ffabc

Headers

DLL Characteristics

File Characteristics

Imports

avifil32

user32

advapi32

ole32

setupapi

kernel32

Sections

.text Size: 512B - Virtual size: 388B

.data Size: 52KB - Virtual size: 848KB

.reloc Size: 512B - Virtual size: 24B

.rsrc Size: 91KB - Virtual size: 91KB

.rdata Size: 22KB - Virtual size: 21KB

.idata Size: 5KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 388B

.data
Size: 52KB - Virtual size: 848KB

.reloc
Size: 512B - Virtual size: 24B

.rsrc
Size: 91KB - Virtual size: 91KB

.rdata
Size: 22KB - Virtual size: 21KB

.idata
Size: 5KB - Virtual size: 4KB