d0b3babd33b6369a0fad052d2a81c188_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d0b3babd33b6369a0fad052d2a81c188_JaffaCakes118
Size

400KB
MD5

d0b3babd33b6369a0fad052d2a81c188
SHA1

239d6cd01bb6997bc63285892d1239cfde0f5244
SHA256

000b25a4a78b0cf90d744942dbb61e1193e0adbde1b3d9acae25172924336396
SHA512

ff2cd5a44e661fafec5641a79d6797d2ded0c7738ee98c612765de7b1e942f6fe45ea6fa515e0c17e396b54c680ec67b2872a4644c63982127d137f53f1971c0
SSDEEP

6144:Z6EEVUlqZZ4LXlzNQmqx0bA7Y84uzxeUyBl/CQx17Qmya+:AE/4ZmLXlhQmcY8h95Iqtmya

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0b3babd33b6369a0fad052d2a81c188_JaffaCakes118

Files

d0b3babd33b6369a0fad052d2a81c188_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc195d8680e8025be2bf72a2e1fe37c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\knsmil\ggmev\teen\hoem

Imports

user32

GetSystemMenu
GrayStringA
OffsetRect
DdeGetLastError
RegisterClassA
RegisterClassExA
ShowWindow
DefDlgProcW
DestroyWindow
LoadKeyboardLayoutW
DrawStateA
MoveWindow
MessageBoxA
CreateWindowExA
DragObject
FindWindowA
CharUpperBuffA
DefWindowProcW
GetGUIThreadInfo
SetUserObjectInformationA
GetWindowLongW
GetDlgCtrlID
MessageBoxExA
SetScrollInfo
IsWindow
MapDialogRect
LoadMenuW
GetSysColorBrush
GetDlgItemTextA
InSendMessage
MessageBeep

kernel32

SetStdHandle
GetCurrentThreadId
CloseHandle
GetTimeZoneInformation
RemoveDirectoryW
HeapAlloc
WideCharToMultiByte
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
GetPrivateProfileSectionNamesA
GetACP
GetEnvironmentStringsW
lstrcmpiW
UnlockFileEx
VirtualFree
LockFile
InitializeCriticalSection
EnumSystemLocalesA
GetLastError
ReadConsoleOutputAttribute
WriteFile
GetPrivateProfileStructA
SetHandleCount
IsValidCodePage
FlushConsoleInputBuffer
GetCommandLineW
GetCPInfo
GetLocaleInfoW
TlsAlloc
GetOEMCP
CreateNamedPipeW
VirtualQuery
IsValidLocale
SetLastError
GetFileType
HeapLock
CreateFileA
GetSystemInfo
LCMapStringW
GlobalUnfix
CompareStringW
OpenSemaphoreW
FlushFileBuffers
GetEnvironmentStrings
GetCurrentProcess
TerminateProcess
GetStdHandle
FreeEnvironmentStringsW
GetVersionExA
GetConsoleMode
GetStartupInfoA
LoadLibraryA
EnterCriticalSection
DeleteFileW
GetThreadContext
SetFilePointer
GetModuleHandleA
GetStringTypeA
FileTimeToDosDateTime
TlsGetValue
HeapDestroy
ReadFile
DeleteFiber
GetModuleFileNameA
lstrcpyA
LocalUnlock
GetLocaleInfoA
GetStringTypeW
InterlockedExchange
GetProfileSectionA
GetModuleFileNameW
HeapSize
CreateMutexA
EnumDateFormatsA
ReadConsoleOutputA
MultiByteToWideChar
FreeEnvironmentStringsA
GetCurrentProcessId
SetEnvironmentVariableA
IsBadWritePtr
QueryPerformanceCounter
SetPriorityClass
RtlUnwind
ReadConsoleOutputW
GetCommandLineA
LCMapStringA
CompareStringA
ExitProcess
SetFileAttributesA
LeaveCriticalSection
HeapReAlloc
WaitNamedPipeW
VirtualProtect
VirtualAlloc
GetUserDefaultLCID
GetTickCount
SleepEx
HeapCreate
DeleteCriticalSection
HeapFree
GetSystemTimeAdjustment
GetStartupInfoW
GetProcAddress
TlsSetValue
UnhandledExceptionFilter
FreeResource
OpenMutexA
GetCurrentThread
TlsFree
GetThreadLocale

comdlg32

GetOpenFileNameW
PageSetupDlgA
ChooseFontW

shell32

SHGetDiskFreeSpaceA
SHEmptyRecycleBinA
ShellExecuteW

gdi32

DeleteObject
GetObjectW
OffsetRgn
GetMetaRgn
PtInRegion
DeleteDC
GetDeviceCaps
GetKerningPairsW
GetEnhMetaFileBits
CreateDCA

comctl32

ImageList_BeginDrag
ImageList_GetBkColor
ImageList_Duplicate
CreateToolbarEx
ImageList_DragMove
ImageList_Create
ImageList_SetBkColor
DrawStatusTextA
ImageList_DragEnter
ImageList_GetImageInfo
ImageList_GetIcon
DrawStatusText
CreateStatusWindow
ImageList_AddIcon
ImageList_SetImageCount
MakeDragList
ImageList_ReplaceIcon
ImageList_Read
CreateToolbar
DestroyPropertySheetPage
ImageList_DrawIndirect
ImageList_Draw
InitCommonControlsEx
CreateStatusWindowW
ImageList_DrawEx
ImageList_GetIconSize

advapi32

LookupSecurityDescriptorPartsA
LookupPrivilegeValueW
RegCreateKeyW
CryptEncrypt
LookupAccountSidA
CryptSetProviderA
LookupPrivilegeValueA
RegCreateKeyExW
CryptGetDefaultProviderW
CryptSetHashParam
CryptReleaseContext

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc195d8680e8025be2bf72a2e1fe37c7

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comdlg32

shell32

gdi32

comctl32

advapi32

Sections

.text Size: 164KB - Virtual size: 160KB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 92KB - Virtual size: 101KB

.rsrc Size: 40KB - Virtual size: 37KB

.text
Size: 164KB - Virtual size: 160KB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 92KB - Virtual size: 101KB

.rsrc
Size: 40KB - Virtual size: 37KB