d49e934220cdc29a44763ca879f7bda3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d49e934220cdc29a44763ca879f7bda3_JaffaCakes118
Size

308KB
MD5

d49e934220cdc29a44763ca879f7bda3
SHA1

e8d18ced7793f4157f18aaa4d7ac3cb2a41cafdc
SHA256

481231cb71d6492f5b0a9b366feeade8a90a52ef322631c814360f77b9e8784b
SHA512

541f74349d59ea0a88ea3532138a6c35646e9e51a6281b5eb4a8a7b119854626a150dc7cb3d11b0ed0ad1429840b3f69512760555a7d692f4583ac7801e91146
SSDEEP

6144:OCmJJzIQyRmGuAOa+N4nUvNy6wc356HYA/:FmJJzUmGuEbnSy6wG5s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d49e934220cdc29a44763ca879f7bda3_JaffaCakes118

Files

d49e934220cdc29a44763ca879f7bda3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

073c2bcdfd5ed09381880d23ee29c783

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeA
RtlUnwind
InitializeCriticalSectionAndSpinCount
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
EnterCriticalSection
VirtualAlloc
Sleep
LoadLibraryA
GetProcAddress
CreateFileMappingW
GetLastError
UnmapViewOfFile
MapViewOfFile
GetFileSize
ExitProcess
LockResource
GetModuleFileNameW
GetVersionExW
SizeofResource
GlobalAlloc
GetTickCount
GetModuleHandleW
GetCurrentProcess
InterlockedDecrement
LoadResource
FindResourceW
CloseHandle
WriteFile
CreateFileA
GetStringTypeW
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
LCMapStringA
DeleteCriticalSection
VirtualFree
HeapCreate
RaiseException
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
GetCurrentThreadId
SetThreadPriority
CreateThread
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
HeapReAlloc

user32

SetWindowPos
LoadIconW
RegisterClassExW
ShowWindow
GetClassInfoExW
GetWindowRect
DefWindowProcW
UpdateWindow
GetDC
GetMessageW
GetWindowLongW
SetWindowLongW
DestroyWindow
RegisterClassExA
GetClassInfoExA
CreateWindowExA
GetActiveWindow
PostMessageA
SetCursor
SetTimer
PostQuitMessage
PostMessageW
LoadCursorW
SendMessageA
TranslateMessage
MessageBoxA
ReleaseDC
GetCursorPos
SetLayeredWindowAttributes
GetSystemMetrics
SendMessageW
MoveWindow
DispatchMessageW
UpdateLayeredWindow
CreateWindowExW

gdi32

DeleteDC
CreateDIBSection
CreatePatternBrush
DeleteObject
Polyline
CreatePen
SetTextColor
CreateFontIndirectA
SetBkColor
SetBkMode
AddFontMemResourceEx
TextOutA
BitBlt
SelectObject
CreateCompatibleDC
GetObjectW
GetTextExtentPointA

comdlg32

GetSaveFileNameA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetTokenInformation
OpenProcessToken
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

shell32

ShellExecuteExW

ole32

CreateStreamOnHGlobal

winmm

waveOutWrite
waveOutPrepareHeader
waveOutOpen
waveOutClose
waveOutReset
waveOutUnprepareHeader
waveOutGetPosition

msimg32

AlphaBlend

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

073c2bcdfd5ed09381880d23ee29c783

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

winmm

msimg32

Sections

.text Size: 288KB - Virtual size: 288KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 288KB - Virtual size: 288KB

.rsrc
Size: 16KB - Virtual size: 16KB