d4744e04e3a41f56c677cb68680d1705_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d4744e04e3a41f56c677cb68680d1705_JaffaCakes118
Size

482KB
MD5

d4744e04e3a41f56c677cb68680d1705
SHA1

327d90a4d2f4e290c3e5435467244067102a399c
SHA256

794a341673819c58acf9b53cf92908a731d5cdfdc7d0ec12258ff247bbaf05e3
SHA512

23a3ce3d2eabe65aa9e92f8759e8bc86d9622520c19ce3dc771d8e5ac3b199913a8f07e4f64b85cac45a8bb1005cd9807976c2da9d2a59e04204148b99455e9f
SSDEEP

12288:s3aaiKyglpY4m/YohksziAFIWNbO43B1SSSSSS:Zarlhmwohjzh79OG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4744e04e3a41f56c677cb68680d1705_JaffaCakes118

Files

d4744e04e3a41f56c677cb68680d1705_JaffaCakes118
.exe windows:5 windows x86 arch:x86

caf6449055a9541013f8dd9424c23d81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscpy
_itow
_adjust_fdiv
malloc
_initterm
??2@YAPAXI@Z
wcscmp
wcscat
wcschr
wcslen
iswctype
wcsncpy
_wtol
_wcsicmp
_ftol
_except_handler3
free
wcstoul
_wtoi
??3@YAXPAX@Z

kernel32

CreateFileW
ExpandEnvironmentStringsW
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetLastError
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetModuleHandleA
GetModuleHandleW
GetProcAddress
SetFileAttributesW
WritePrivateProfileStringW
CopyFileW
GetPrivateProfileIntW
lstrcpynW
lstrcatW
lstrcpyW
GetFileAttributesExW
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
LocalFree
WideCharToMultiByte
LocalAlloc
SetFilePointer
GlobalReAlloc
GlobalFree
GetPrivateProfileSectionW
GlobalAlloc
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalReAlloc
CompareStringW
InterlockedDecrement
GlobalLock
GlobalUnlock
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
LoadLibraryA
CreateEventW
GetTickCount
WaitForSingleObject
FormatMessageW
FreeLibrary
GetUserDefaultLangID
DeleteFileW
MultiByteToWideChar
ReadFile
GetFileSize
GetTempFileNameW
GetTempPathW
SystemTimeToFileTime
SetEvent
ResetEvent
FreeLibraryAndExitThread
Sleep
SetThreadPriority
CreateThread
DeviceIoControl
GetPrivateProfileSectionNamesW
WritePrivateProfileSectionW
GetPrivateProfileStringW
OpenEventW
CreateDirectoryW
GetCurrentThread
LoadLibraryExA
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
WriteFile
CloseHandle
SetLastError
DebugBreak
lstrcmpiW

user32

SetWindowPos
GetClientRect
SetScrollPos
GetScrollPos
SetScrollRange
ReleaseDC
GetDC
CheckDlgButton
GetSystemMetrics
EndDialog
IsDlgButtonChecked
RegisterClassW
CreateWindowExW
DialogBoxParamW
LoadBitmapW
MessageBoxW
MessageBeep
RegisterWindowMessageW
GetWindowPlacement
GetScrollRange
SetDlgItemInt
ShowWindow
SendDlgItemMessageW
GetDlgItemTextW
IsWindowEnabled
GetWindow
UnhookWindowsHookEx
GetKeyState
SetWindowsHookExW
GetDlgItemInt
LoadIconW
DestroyIcon
LoadImageW
ShowScrollBar
CheckRadioButton
GetNextDlgTabItem
DefWindowProcW
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
SetCursor
LoadCursorW
RegisterClipboardFormatW
SetWindowTextW
GetWindowTextLengthW
EnableWindow
SetFocus
CharNextW
LoadStringW
wsprintfW
wvsprintfW
CallNextHookEx
SetWindowLongW
GetWindowLongW
SetDlgItemTextW
PostMessageW
WinHelpW
GetParent
BringWindowToTop
DestroyWindow
GetDlgItem
GetFocus
SendMessageW

gdi32

SelectObject
DeleteObject
GetTextExtentPointW

advapi32

IsTextUnicode
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegCreateKeyW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteKeyW
ImpersonateLoggedOnUser
RegSetValueExW
RegOpenKeyExW
RegOpenKeyW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
SetThreadToken
OpenThreadToken
RegCloseKey
RegQueryValueExW

shell32

SHFileOperationW
ShellExecuteW

activeds

ord15
ord9

ole32

CoInitializeEx
CoInitialize
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemAlloc
CoUninitialize

oleaut32

SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetElement
VariantClear
SysFreeString
SysAllocString

userenv

RsopFileAccessCheck
ord135

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AJS
Size: 2KB - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fh55
Size: 2KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fh53
Size: 2KB - Virtual size: 214B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fh54
Size: 2KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fh56
Size: 2KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fh57
Size: 2KB - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fh58
Size: 2KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SbkS
Size: 2KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HAJS
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.6hJS
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HQJ
Size: 2KB - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AHQJ
Size: 2KB - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caf6449055a9541013f8dd9424c23d81

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

shell32

activeds

ole32

oleaut32

userenv

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 2KB - Virtual size: 2KB

.AJS Size: 2KB - Virtual size: 212B

.fh55 Size: 2KB - Virtual size: 220B

.fh53 Size: 2KB - Virtual size: 214B

.fh54 Size: 2KB - Virtual size: 196B

.fh56 Size: 2KB - Virtual size: 208B

.fh57 Size: 2KB - Virtual size: 202B

.fh58 Size: 2KB - Virtual size: 228B

.SbkS Size: 2KB - Virtual size: 216B

.HAJS Size: 210KB - Virtual size: 209KB

.6hJS Size: 210KB - Virtual size: 209KB

.HQJ Size: 2KB - Virtual size: 126B

.AHQJ Size: 2KB - Virtual size: 126B

.rsrc Size: 18KB - Virtual size: 16KB

.reloc Size: 2KB - Virtual size: 216B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 2KB - Virtual size: 2KB

.AJS
Size: 2KB - Virtual size: 212B

.fh55
Size: 2KB - Virtual size: 220B

.fh53
Size: 2KB - Virtual size: 214B

.fh54
Size: 2KB - Virtual size: 196B

.fh56
Size: 2KB - Virtual size: 208B

.fh57
Size: 2KB - Virtual size: 202B

.fh58
Size: 2KB - Virtual size: 228B

.SbkS
Size: 2KB - Virtual size: 216B

.HAJS
Size: 210KB - Virtual size: 209KB

.6hJS
Size: 210KB - Virtual size: 209KB

.HQJ
Size: 2KB - Virtual size: 126B

.AHQJ
Size: 2KB - Virtual size: 126B

.rsrc
Size: 18KB - Virtual size: 16KB

.reloc
Size: 2KB - Virtual size: 216B