d37240a8e11a1cd9d519382742979e45_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d37240a8e11a1cd9d519382742979e45_JaffaCakes118
Size

543KB
MD5

d37240a8e11a1cd9d519382742979e45
SHA1

f5989f41215dd5caf0b0782fdd6f2f54e8b6caf7
SHA256

ce5e9c20abd27bb7d81c53e2c5155b347aa0ee4df71e002375cb467e4a5c09b8
SHA512

697815a69d005bf844ed16154641a97b93bcc93a23eae6b92007433d5735e68656d5cc3cb7f8046b77e374f122dc67b4de3134833883c39c63b0004008887cf6
SSDEEP

12288:G2VzZDp7JeUQAy+k/Kw9L0DFZ/E8OqpfmG3ILAxWP9V0q:GGeV9L+/Ejqpfm8IExWP9V0q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d37240a8e11a1cd9d519382742979e45_JaffaCakes118

Files

d37240a8e11a1cd9d519382742979e45_JaffaCakes118
.exe windows:5 windows x86 arch:x86

49ce2ac02b374991690975c498d2caf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
SetLastError
lstrcpyA
FreeLibrary
GetProfileStringA
GetConsoleWindow
LoadLibraryW
CreateEventA
GetProcAddress
CreateDirectoryA
GlobalFree
GetTempFileNameA
LoadLibraryA
GetTempPathA
FillConsoleOutputCharacterA
GlobalAlloc
LocalAlloc
LocalFree
GetCurrentProcess
GetVersion
InitializeCriticalSection
CreateFileW
GetProcessHeap
CloseHandle
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
LCMapStringW
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetCPInfo
WideCharToMultiByte
CreateFileA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
DeleteFileA
GetEnvironmentVariableA
GetWindowsDirectoryA
MoveFileExA
CreateEventW
GetCommandLineW
ReadFile
HeapSize
Sleep
GetSystemTimeAsFileTime
GetOverlappedResult
SetConsoleTitleW
WriteFile
CancelIoEx
GetLastError
GetTickCount
CreateIoCompletionPort
GetSystemInfo
CreateThread
PostQueuedCompletionStatus
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
InterlockedExchange
DeleteCriticalSection
GetCurrentThreadId
GetQueuedCompletionStatus
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
GetConsoleMode
GetConsoleCP
SetEndOfFile
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
DecodePointer
EncodePointer
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
HeapCreate

user32

UpdateWindow
ScrollWindowEx
IsWindowUnicode
SetScrollPos
CreatePopupMenu
MessageBoxA
SetDlgItemTextA
MenuItemFromPoint
ModifyMenuW
DialogBoxIndirectParamA
DrawIcon
GetCursorPos
DrawFrameControl
FillRect
SetWindowPos
LoadStringA
CharNextA
wsprintfA
SendDlgItemMessageA
MessageBoxW
CallWindowProcA
GetUserObjectInformationW
GetProcessWindowStation

gdi32

LineDDA
MaskBlt
ModifyWorldTransform
GetDeviceCaps
TextOutA
SelectObject
DeleteObject
BitBlt
GetStockObject
FillRgn
SetWindowExtEx
CreatePen

winspool.drv

DeviceCapabilitiesA
SetPrinterDataExA

comdlg32

GetOpenFileNameA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
GetTokenInformation
CreateProcessAsUserA
CryptAcquireContextA
CryptGenRandom
CryptGenKey
CryptReleaseContext

shell32

SHBrowseForFolderA
Shell_NotifyIconA
SHGetFolderPathA
SHGetFolderPathW
ExtractAssociatedIconA
CommandLineToArgvW

shlwapi

PathAppendA
ColorRGBToHLS

comctl32

ImageList_GetIconSize

pdh

PdhCollectQueryData

rpcrt4

UuidCreate
UuidToStringA

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData

imm32

ImmGetDefaultIMEWnd

urlmon

CreateAsyncBindCtx

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49ce2ac02b374991690975c498d2caf5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

shlwapi

comctl32

pdh

rpcrt4

secur32

imm32

urlmon

Sections

.text Size: 224KB - Virtual size: 223KB

.rdata Size: 166KB - Virtual size: 165KB

.data Size: 33KB - Virtual size: 50KB

.rsrc Size: 91KB - Virtual size: 91KB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 224KB - Virtual size: 223KB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 33KB - Virtual size: 50KB

.rsrc
Size: 91KB - Virtual size: 91KB

.reloc
Size: 27KB - Virtual size: 26KB