d2668c20ed0b1df8b6a7929face687e5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d2668c20ed0b1df8b6a7929face687e5_JaffaCakes118
Size

512KB
MD5

d2668c20ed0b1df8b6a7929face687e5
SHA1

142251ee0b37ee96b07cd477617c27d091595481
SHA256

d1aab6dfa1a45af81e2ef196e975a2fa9179e987ebec5ecf824a8d1cdbee4594
SHA512

235352d8c8bc4d31b5d7b17d36418aea560ee40b3dcc30f40ae0658d88d405f33b764283f2356c05d13cc80017db855c19d90ed2c606651e073719aaee833bf7
SSDEEP

6144:pJr2u3vc+qmw4GMQUYk5ffhC7qBT9qvhHYMVQSgt9uIYxC9RuAjlvXCx:X2QPqmw4G1qBT9MPVQfjLSEfs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d2668c20ed0b1df8b6a7929face687e5_JaffaCakes118

Files

d2668c20ed0b1df8b6a7929face687e5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6870337edb5b2671a928af23c4354eea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
VirtualQuery
CloseHandle
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
ExitProcess
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
GetProcAddress
GetCurrentThreadId
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
GetLocaleInfoW
HeapReAlloc
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
WriteConsoleW
SetStdHandle
CreateFileA
CreateFileW
SetEndOfFile
GetLastError
GetConsoleTitleA
GetCurrentProcessId
GetTickCount
HeapCreate
LocalLock
lstrcpyA
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
GetProcessHeap
LCMapStringW
WideCharToMultiByte
GetStartupInfoW
HeapSetInformation
GetCommandLineA
RtlUnwind
RaiseException
HeapFree
DecodePointer
EncodePointer
MultiByteToWideChar
HeapAlloc
GetModuleFileNameW
lstrlenW
EnumDateFormatsA
CreateEventA
SetConsoleCtrlHandler
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedDecrement
InterlockedIncrement

user32

GetSysColor
SetTimer
GetClassNameA
GetDC
SetFocus
GetKeyState
DefWindowProcW
EndPaint
LoadIconA
CreateWindowExW
PostQuitMessage
SetWindowTextW
SendMessageW
LoadCursorA
BeginPaint
GetForegroundWindow
GetDlgItem
GetSystemMenu
GetMenuItemInfoA
DdePostAdvise
wsprintfA
InflateRect
GetSysColorBrush
RemovePropA
SendMessageA
GetWindowWord
MessageBoxA
GetTopWindow
GetWindowRect
UpdateLayeredWindow
GetMessagePos
PtInRect
EnumWindows
GetWindowRgn
ShowWindow
EnableWindow
SetWindowRgn
LoadBitmapA
DefWindowProcA
SetDlgItemTextA

gdi32

EnumEnhMetaFile
ExcludeClipRect
DeleteObject
SetBkMode
GetPixel
SetTextColor
StartDocA
GetTextExtentPoint32A
CombineRgn
GdiFlush
CreateRectRgn
CreateSolidBrush
SelectObject
Rectangle
CreateHatchBrush
SetBkColor
CreatePen

comdlg32

ChooseColorA

advapi32

OpenSCManagerA
RegCloseKey
RegCreateKeyExW
CloseServiceHandle
DeleteService
ControlService
OpenServiceA
IsValidSecurityDescriptor
RegSetValueExW

shell32

SHGetDesktopFolder

ole32

CreateFileMoniker
RegisterDragDrop
RevokeDragDrop

oleaut32

SysAllocString

ws2_32

WSACreateEvent
connect
ioctlsocket
WSAStartup
WSAEventSelect
WSAGetLastError
bind
htons
socket

winmm

midiOutShortMsg

shlwapi

PathFindFileNameW
PathUnquoteSpacesA
PathFileExistsA

comctl32

ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_GetImageInfo

imm32

ImmSetCompositionFontA

setupapi

CM_Get_Device_Interface_AliasA
CM_Invert_Range_List

rasapi32

RasDialA
RasGetErrorStringA
RasHangUpA

tapi32

lineAddToConference

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6870337edb5b2671a928af23c4354eea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ws2_32

winmm

shlwapi

comctl32

imm32

setupapi

rasapi32

tapi32

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 321KB - Virtual size: 321KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 321KB - Virtual size: 321KB

.reloc
Size: 15KB - Virtual size: 14KB