d15434a9c4d11de81e3a54773a87881c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d15434a9c4d11de81e3a54773a87881c_JaffaCakes118
Size

372KB
MD5

d15434a9c4d11de81e3a54773a87881c
SHA1

250d0e55fe31b64dc0e2f1d3abfd48cbc4c39111
SHA256

5dd2d4c4159e569844270a97286002cbf3f0cb3d2867388d02ce677db0e09fad
SHA512

6787ca51735f5cd833936477560e60ddc9b7f33e2b84c711e690ffe73c96fdb2f288f2fbb8f0458df4260009f5e3ecce8f14982083717392fb13c77025bc812a
SSDEEP

6144:X3/IEnMHM9i18nzgFbd50kq0TlbeGJQuvyqIw388HCXbQmT:XQ61MFbd5eElbeXiUXUm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d15434a9c4d11de81e3a54773a87881c_JaffaCakes118

Files

d15434a9c4d11de81e3a54773a87881c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

210617d75bb7573aa0f2dba681d1827e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\EQUE\WGTXFOOO\DOVE\JBCEGOPUAL\VGSEYMQAT\OHF.PDB

Imports

advapi32

RegQueryInfoKeyW
RegReplaceKeyW
CryptHashData
CryptGetHashParam
RegQueryMultipleValuesW
LookupAccountSidW
LookupSecurityDescriptorPartsW
RegEnumValueA
RegEnumKeyA
CryptContextAddRef
RegSaveKeyW
CryptSetProviderExA
CryptVerifySignatureW
LookupPrivilegeValueW

kernel32

CreateFileA
SetFilePointer
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LCMapStringA
lstrlenA
TlsGetValue
CompareStringW
HeapSize
TlsAlloc
IsDebuggerPresent
GetConsoleMode
GetOEMCP
Sleep
EnumSystemLocalesA
GetCurrentThreadId
VirtualAlloc
GetEnvironmentStrings
HeapDestroy
DeleteCriticalSection
GetCurrencyFormatW
FreeLibrary
WriteConsoleW
WriteFile
LockFile
SetUnhandledExceptionFilter
LeaveCriticalSection
GetCommandLineA
WideCharToMultiByte
FlushFileBuffers
GetConsoleOutputCP
EnterCriticalSection
VirtualFree
GetCurrentProcess
OpenMutexA
GetModuleFileNameA
TerminateProcess
HeapFree
GetLocaleInfoA
GetProcAddress
TlsSetValue
RtlUnwind
GetTimeZoneInformation
SetStdHandle
MultiByteToWideChar
GetConsoleCP
SetThreadLocale
GetACP
WriteFileEx
GetDateFormatA
GetTimeFormatA
CloseHandle
GetVersionExA
GetCurrentProcessId
CreateMutexA
GetStringTypeA
SetHandleCount
SetLastError
CompareStringA
GetStartupInfoA
SetConsoleCtrlHandler
TlsFree
QueryPerformanceCounter
HeapAlloc
GetTickCount
IsValidCodePage
GetCPInfo
FreeEnvironmentStringsW
HeapCreate
GetEnvironmentStringsW
LCMapStringW
InterlockedDecrement
lstrcpyW
LoadLibraryA
GetFileType
GetProcessHeap
ReadFile
GetLastError
GetLocaleInfoW
GetModuleHandleA
InterlockedExchange
VirtualQuery
ExitProcess
FreeEnvironmentStringsA
WriteConsoleA
UnhandledExceptionFilter
GetUserDefaultLCID
GetStdHandle
GetCurrentThread
WaitForMultipleObjects
InitializeCriticalSection
GetFileTime
SetEnvironmentVariableA
LocalHandle
InterlockedIncrement
lstrlen
IsValidLocale
CreateFileMappingA

comctl32

CreatePropertySheetPage
ImageList_GetFlags
ImageList_GetDragImage
DrawStatusText
ImageList_ReplaceIcon
InitMUILanguage
InitCommonControlsEx
ImageList_LoadImage
ImageList_AddMasked
CreatePropertySheetPageA
ImageList_Write
DestroyPropertySheetPage
ImageList_SetFilter
ImageList_Replace
CreateStatusWindow
CreateStatusWindowA
ImageList_DragMove
CreateToolbar
ImageList_SetOverlayImage
ImageList_Merge
ImageList_DrawEx
ImageList_GetIconSize

user32

CreateWindowStationW
DdeImpersonateClient
GetMessagePos
ShowWindow
DestroyWindow
ShowCursor
RegisterClassA
DrawTextW
MessageBoxW
SetLastErrorEx
CreateAcceleratorTableA
RegisterClassExA
GetInputState
GetWindowRect
SetMenuItemInfoW
DefWindowProcA
IsDlgButtonChecked
GetKeyboardLayout
SetWindowContextHelpId
MapVirtualKeyExW
DdeQueryNextServer
CreateDialogParamA
MessageBoxExW
DdeConnect
CreateWindowExA

shell32

DoEnvironmentSubstW
SHFileOperationA

wininet

HttpEndRequestW
DeleteUrlCacheEntry
CreateUrlCacheEntryW
InternetCheckConnectionA
ReadUrlCacheEntryStream

gdi32

CreateCompatibleDC
LineDDA
ChoosePixelFormat
GetEnhMetaFileBits
CreateHatchBrush

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

210617d75bb7573aa0f2dba681d1827e

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

comctl32

user32

shell32

wininet

gdi32

Sections

.text Size: 140KB - Virtual size: 138KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 100KB - Virtual size: 108KB

.rsrc Size: 44KB - Virtual size: 43KB

.text
Size: 140KB - Virtual size: 138KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 100KB - Virtual size: 108KB

.rsrc
Size: 44KB - Virtual size: 43KB