d519d1d0b5ebd059c6949277ff118965_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d519d1d0b5ebd059c6949277ff118965_JaffaCakes118
Size

647KB
MD5

d519d1d0b5ebd059c6949277ff118965
SHA1

bb6f21dc684ae24d82605d6f8d036a98287032a8
SHA256

0d1956353ead2a5227c42eaac1f4c66ddc5e711e3b05a1e282bd1b1587eaa37f
SHA512

021bca2b49becba7cb8156fb0f86a6b5baa0fa3812b189a9e90db427e0fa50302d35651235b3136b958908a1ff95cd371b037ac5ade43144b6f9fcc918cd4010
SSDEEP

12288:MIT+UrvWDpIwGSFEkLzu/o85Hx5094UXSxXQ726UHs0l:MIyUrvWdGSCGu/PB3dQC6ZI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d519d1d0b5ebd059c6949277ff118965_JaffaCakes118

Files

d519d1d0b5ebd059c6949277ff118965_JaffaCakes118
.exe windows:4 windows x86 arch:x86

de1d7236a73574d527515832a9cc402a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
GetProfileIntA
GetModuleHandleA
SetErrorMode
LocalReAlloc
GetHandleInformation
CreateMutexA
FindResourceExW
EnumResourceLanguagesW
GetSystemDefaultLangID
CompareStringW
GetFileAttributesA
GetWindowsDirectoryA
GetOEMCP
ReleaseSemaphore
GetDateFormatA
DuplicateHandle
FindFirstFileA
GlobalFindAtomW
GetEnvironmentVariableW
SystemTimeToFileTime
GetPrivateProfileSectionW
GetShortPathNameA
SetConsoleWindowInfo
ConnectNamedPipe
PulseEvent
MultiByteToWideChar
LoadLibraryExW
MoveFileExA
GetStartupInfoA
GetFileInformationByHandle
SuspendThread
IsBadStringPtrA
GetCommConfig
CreateEventA
GlobalAddAtomA
ReadConsoleA
ScrollConsoleScreenBufferA
GetLongPathNameA
Beep
OutputDebugStringA
GetDiskFreeSpaceW
SearchPathW
EraseTape
WritePrivateProfileStringA
AreFileApisANSI
GlobalUnlock
AllocConsole
FormatMessageA
lstrcatW
GlobalGetAtomNameW
FileTimeToLocalFileTime
lstrcpyA
FreeLibrary
EnumCalendarInfoA
CreateDirectoryA
ExitProcess
GlobalReAlloc
EnumCalendarInfoW
WriteProcessMemory
GetSystemTimeAsFileTime
CompareStringA
FindFirstFileW
GetNumberFormatW
GetModuleFileNameW
CreatePipe
GetLargestConsoleWindowSize
DebugBreak
SetConsoleCursorPosition
SetThreadAffinityMask
GetCommandLineW
WriteFile
EnumTimeFormatsW
GlobalFree

user32

SetTimer
SetMenu
RegisterWindowMessageW
WaitMessage
SetActiveWindow
DestroyWindow
ScrollWindow
SetWindowRgn
GetAsyncKeyState
GetMessageA
ChangeMenuA
DestroyCursor
GetGuiResources
CloseDesktop
SetWindowContextHelpId
PostThreadMessageW
LoadIconA
ScreenToClient
GetPropA
InSendMessage
EnumDesktopsA
OpenDesktopA
GetClassNameW
ReleaseCapture
InsertMenuItemA
GetIconInfo
GetSystemMetrics
GetKeyboardState
CreateDesktopA
DispatchMessageW
GetClassNameA
ActivateKeyboardLayout
DrawFrameControl
AdjustWindowRect
DialogBoxParamA

gdi32

CopyMetaFileW
GetCurrentObject
SelectClipPath
GetWinMetaFileBits
CreateMetaFileW
SetPixelFormat
GetEnhMetaFileBits
SetColorAdjustment
GetTextCharacterExtra
LineTo
CreatePalette
GetCharWidthA
GetBkMode
CreatePolygonRgn
EndDoc
CreateICW
SetEnhMetaFileBits
ModifyWorldTransform
GetPixel
IntersectClipRect
DPtoLP

comdlg32

ReplaceTextA
GetFileTitleW

advapi32

AdjustTokenPrivileges
RegisterEventSourceA
ObjectCloseAuditAlarmA
GetSecurityDescriptorSacl
SetTokenInformation
QueryServiceLockStatusW
GetServiceDisplayNameW
FreeSid
CryptSetProvParam
GetSidIdentifierAuthority
CryptEncrypt
CryptHashData
RegDeleteValueA
DeregisterEventSource
RegOpenKeyExA
QueryServiceConfigW
LookupPrivilegeNameA
StartServiceW
RegisterServiceCtrlHandlerW
RegLoadKeyA
RegQueryValueA
AddAccessDeniedAce
LockServiceDatabase
LogonUserW
NotifyBootConfigStatus
ReadEventLogW
AccessCheck
RevertToSelf
RegConnectRegistryA
InitializeSecurityDescriptor
SetEntriesInAclW
GetFileSecurityA
RegQueryInfoKeyW
RegFlushKey

shell32

DragFinish
Shell_NotifyIconW
SHBrowseForFolderA
SHFileOperationW
SHGetSettings
SHGetPathFromIDListA

ole32

CoQueryProxyBlanket
CoInitializeEx
StgCreateStorageEx
CoMarshalInterThreadInterfaceInStream
ProgIDFromCLSID
OleIsRunning
CoLockObjectExternal
OleRegGetMiscStatus
WriteClassStg
CoUninitialize

oleaut32

LoadTypeLibEx
SysStringLen
SafeArrayPutElement

shlwapi

PathIsRelativeW
SHRegSetUSValueW
StrTrimW
SHRegOpenUSKeyW
PathStripToRootW
PathAddExtensionW

msvcrt

strcoll
ceil
_wcsicmp
_execlp
_mbsdec
_getpid
_putenv
fclose
setvbuf
wcsncat
_beginthreadex
mbstowcs
_pctype
toupper
_wsystem
_splitpath
_wtoi64
_sleep
_locking
_fileno
wcstol
_fcvt
system
_wcsrev
_mbslwr
_tell
swprintf
_stat

Sections

.text
Size: 8KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de1d7236a73574d527515832a9cc402a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcrt

Sections

.text Size: 8KB - Virtual size: 224KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 268KB - Virtual size: 267KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 8KB - Virtual size: 224KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 268KB - Virtual size: 267KB

.rsrc
Size: 16KB - Virtual size: 16KB