d3bf8948fe729f26f7d477201753a0b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d3bf8948fe729f26f7d477201753a0b4_JaffaCakes118
Size

356KB
MD5

d3bf8948fe729f26f7d477201753a0b4
SHA1

430675950a355d3566272400e4deddde5b537a35
SHA256

43c691983794321d4aaf9385b398423bcee7269a3be99e39962a1ab698fa7568
SHA512

45ed249a3bceb28ae4a207604ab0c9f59b769729d249d2f31bfcee28bdf24c9b6881fdaaaed5b23f28589c79d71db1d5b3ead76e0db3a2131e042d06b9cbcc6d
SSDEEP

6144:YK8olritKpGmgXIaik9gvrmQZfMcIZnpYDHIe+cg/fp69TJvlKu7L5nE/ktANoyQ:/EKGLXIJkwrmurIZpYDHnkON8iL5ngUr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3bf8948fe729f26f7d477201753a0b4_JaffaCakes118

Files

d3bf8948fe729f26f7d477201753a0b4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f0da0faf15dcfa0e3c263855412fc86c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetNamedSecurityInfoW
RegSetValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCreateKeyExA
GetUserNameA

kernel32

GetShortPathNameA
GetDiskFreeSpaceA
GetWindowsDirectoryW
SetFileAttributesW
SetFileAttributesA
IsBadReadPtr
SetLastError
lstrcpyW
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
GetComputerNameA
GetTempPathW
GetTempPathA
GetDriveTypeA
GetDriveTypeW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetStartupInfoA
lstrcpynW
GetModuleHandleW
GetModuleHandleA
GetFileAttributesW
LocalAlloc
LocalFree
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
CreateFileW
CreateFileA
CreateEventW
lstrlenW
GetVersionExA
CreateEventA
CreateThread
GlobalSize
WideCharToMultiByte
GetWindowsDirectoryA
GetFileAttributesA
LoadLibraryA
GetACP
MultiByteToWideChar
ResetEvent
DeviceIoControl
SetEvent
GetSystemInfo
GlobalMemoryStatus
QueryPerformanceCounter
GetLocalTime
GetTickCount
GetCurrentProcessId
FreeLibrary
SetErrorMode
FindClose
GetLastError
GetSystemTime
CloseHandle
CopyFileExW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileSize
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
LeaveCriticalSection
SetThreadPriority
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetThreadLocale
GetProcAddress
GetCurrentThreadId

wmvcore

WMCreateEditor
WMCreateReaderPriv

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString
OleLoadFromStream
GetHGlobalFromStream
OleSaveToStream
StringFromGUID2

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
VariantClear
SafeArrayUnaccessData
SysAllocStringByteLen
GetErrorInfo
VariantCopy
SysAllocStringLen
SystemTimeToVariantTime
SysFreeString
SysAllocString
VariantInit
SafeArrayAccessData

shell32

SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHGetFileInfoA

winmm

mmioOpenW
mmioOpenA
mmioRead
mmioAscend
mmioSeek
mmioDescend
mmioClose

wininet

RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryFileA

avifil32

AVIStreamLength
AVIStreamInfoW
AVIStreamInfoA
AVIFileInfoW
AVIFileInfoA
AVIFileExit
AVIFileRelease
AVIFileInit
AVIStreamRelease
AVIStreamSampleToTime
AVIStreamReadFormat
AVIFileGetStream
AVIFileOpenA
AVIFileOpenW

msvcrt

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
vswprintf
wcsspn
wcscspn
memcpy
strcpy
strcat
strlen
memset
memcmp
wcsncat
_wtol
iswalpha
_beginthreadex
memmove
towlower
_wcslwr
towupper
_wcsupr
_ui64tow
wcsncmp
_wcsnicmp
wcscmp
wcsrchr
_wcsicmp
strstr
wcscat
wcschr
wcsncpy
wcsstr
_wsplitpath
_wmakepath
wcslen
??2@YAPAXI@Z
wcscpy
??3@YAXPAX@Z
wcspbrk
_vsnwprintf
wcscoll
_wcsicoll
wcstol
_ltow

user32

wvsprintfW
SetWindowLongW
SetWindowLongA
FindWindowExW
SendMessageA
RegisterWindowMessageW
UnregisterClassW
UnregisterClassA
RegisterClassW
RegisterClassA
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
FindWindowExA
PostQuitMessage
GetCursor
SetCursor
RegisterWindowMessageA
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DispatchMessageA
DispatchMessageW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
LoadCursorA
LoadCursorW
LoadStringA
LoadStringW

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f0da0faf15dcfa0e3c263855412fc86c

Headers

File Characteristics

Imports

advapi32

kernel32

wmvcore

ole32

oleaut32

shell32

winmm

wininet

avifil32

msvcrt

user32

Sections

.text Size: 204KB - Virtual size: 201KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 24KB - Virtual size: 26KB

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 204KB - Virtual size: 201KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 24KB - Virtual size: 26KB

.rsrc
Size: 72KB - Virtual size: 72KB