d21641d4ad3f185e03ccdf17d608eb12_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d21641d4ad3f185e03ccdf17d608eb12_JaffaCakes118
Size

154KB
MD5

d21641d4ad3f185e03ccdf17d608eb12
SHA1

521480baf54971b2d209290c6cb56b0ab5a7e1ab
SHA256

5aa0e03739d4b000647917fbdb2b31a040c2c9685ecbe79c94b16a28cdc15ca5
SHA512

36d4aa9e5659654ee4db866e6eaef19fd31860673470407f84b1171258bc4ca6a921b03698f2574779fa77d54cd5af981b6fdb2c1f7ba5c934a2808b2918a6f9
SSDEEP

3072:iiJ7UEPXtuPrabw83pr3t0BUWTwxMyeHeNvwIo92h/tvFmw79N0VOM2pVtxwxY:iiJPPXUPraUc35WTsZe+Lo9e/tvg4NvX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d21641d4ad3f185e03ccdf17d608eb12_JaffaCakes118

Files

d21641d4ad3f185e03ccdf17d608eb12_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a797ec5e840c1b9f17da9eeb4d3b83da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueW
RegSetValueW

kernel32

LocalLock
CloseHandle
WaitForMultipleObjects
CreateFileMappingW
HeapSize
GetTimeZoneInformation
GetDiskFreeSpaceExA
GetTempFileNameW
GetVersionExA
FindResourceA
lstrcmpiA
GetSystemTimeAsFileTime
TerminateProcess
VirtualProtect
UnhandledExceptionFilter
GetModuleHandleA
LocalAlloc
MoveFileW
lstrcatA
FileTimeToDosDateTime
SetFileTime
CreateFileW
DosDateTimeToFileTime
GetLocaleInfoA
GetFileTime
VirtualFree
lstrlenW
GetFileAttributesW
lstrcpyW
GetTempPathA
MapViewOfFileEx
GlobalLock
UnmapViewOfFile
VirtualAlloc
DeleteCriticalSection
GetCurrentProcessId
RemoveDirectoryW
lstrcpynA
TlsSetValue
SetPriorityClass
GetFileAttributesA
Sleep
GetProcAddress
GetSystemInfo
UnmapViewOfFile
GetThreadLocale
RaiseException
GetTickCount
ReadProcessMemory
LocalFileTimeToFileTime
SwitchToThread

gdi32

CreateCompatibleBitmap
SetBkMode
RemoveFontResourceA
CreateDCA
GetDeviceCaps
LineTo
SetPixelV
MoveToEx
AbortDoc
GetTextMetricsA
AddFontResourceA
CreateRectRgn
BitBlt

dsserrun

_Tolower
_LDenorm
_Eps
_FInf
_Dscale
_FEps
_Strcoll
_FDscale
_LSnan
_Hugeval
_LRteps
_LXbig
_Sinh
_Wcrtomb
_FRteps
_Snan
_LEps
_FSinh

user32

TranslateAcceleratorA
CharLowerBuffA
DeleteMenu
GetWindow
SetMenu
ShowCaret
GetDlgItemTextA
GetKeyboardType
SetWindowPos
DestroyIcon
SendMessageW
CharUpperA
EnumClipboardFormats
IsZoomed
GetWindowLongW
ModifyMenuW
SetWindowsHookExA
WindowFromPoint
DefWindowProcA
GetSystemMenu
SetActiveWindow
InsertMenuA
RegisterClassA
AnimateWindow
GetWindowLongA
CallWindowProcW
IsIconic
LoadCursorA
DrawTextW
FindWindowA
EnableMenuItem
DestroyWindow
LoadIconA
ExitWindowsEx
DefWindowProcW
SetCaretPos
GetClassNameA
DispatchMessageA
PostQuitMessage
GetDlgItem
EnableWindow
SystemParametersInfoA
KillTimer
MessageBoxA
PeekMessageA
MessageBeep
CreateWindowExW
TranslateMessage
IsClipboardFormatAvailable

shell32

ExtractAssociatedIconA
DragQueryPoint
ExtractIconA
DragQueryFileW

comctl32

CreateToolbarEx

winspool

OpenPrinterA

Sections

.text
Size: 146KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a797ec5e840c1b9f17da9eeb4d3b83da

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

dsserrun

user32

shell32

comctl32

winspool

Sections

.text Size: 146KB - Virtual size: 148KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.text
Size: 146KB - Virtual size: 148KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB