d7395c81879974595365530d698d1691_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d7395c81879974595365530d698d1691_JaffaCakes118
Size

1.2MB
MD5

d7395c81879974595365530d698d1691
SHA1

f6aa2154b2e6be44f648e861b599b31bd48e698c
SHA256

80327c7b56dec494bd6d36964a7ceed684f1c10ee95f7e523c69910e5c2816c2
SHA512

7cc50242119e2dd63cc16a5fbc2bf8f5228b33cb0c18b03a0d077c1202ef3d5b193ae027da22fc7e4a19fa1baf24aa13d734aa8790732aa5a6763384462ec0a8
SSDEEP

24576:jPzZFPeeMwErEQVM74bOXL1B7S/bfQqxf:/FqdMMbOXQQi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7395c81879974595365530d698d1691_JaffaCakes118

Files

d7395c81879974595365530d698d1691_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b8fb10eeecd882dbeb2dfd99982c1102

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

EnumJobsW

kernel32

FileTimeToLocalFileTime
TlsAlloc
CreateFileMappingW
LoadLibraryExW
GetModuleFileNameW
GetDiskFreeSpaceW
CreateFileW
SetFileAttributesW
MoveFileW
MultiByteToWideChar
EnumCalendarInfoExW
IsValidLocale
EnumSystemLanguageGroupsW
GetStartupInfoW
DeleteCriticalSection
GetStdHandle
GetProcessHeap
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
SetLastError
GetCommandLineW
WaitForSingleObject
EnterCriticalSection
GetLastError
GetCurrentThreadId
GetCurrentProcessId
SetStdHandle
GetConsoleMode
GetConsoleCP
HeapFree
SystemTimeToFileTime
LCMapStringW
HeapSize
GetStringTypeW
HeapReAlloc
HeapAlloc
OutputDebugStringW
RtlUnwind
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LeaveCriticalSection
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommTimeouts
CloseHandle
SetFileTime
GetFileType
HeapDestroy
VirtualAlloc
GetProcAddress
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
WriteFile

oleaut32

SysAllocStringLen
SysReAllocStringLen
SysStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayPutElement
VariantClear
VariantCopy
VariantChangeType
VarI4FromStr
VarDateFromStr
VarBstrFromDate
VarBoolFromStr
VarNot
VarBstrFromCy

user32

DdeGetLastError
GetCursorInfo
EnumDisplayMonitors
MapDialogRect
LoadStringW
DestroyIcon
LoadIconW
GetTopWindow
EqualRect
HideCaret
SetCursor
ShowCursor
GetScrollPos
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
SetActiveWindow
InsertMenuW
CheckMenuItem
DestroyMenu
CreatePopupMenu
GetSystemMenu
DrawMenuBar
GetMenu
IsWindowEnabled
MsgWaitForMultipleObjectsEx
CharLowerW
CharUpperW
GetDlgItemInt
CreateDialogParamW
EndDeferWindowPos
DeferWindowPos
SetWindowPos
ShowOwnedPopups
IsWindow
GetClassInfoExW
CallWindowProcW
SendMessageW
TranslateMessage
GetMessageW
DrawEdge

comdlg32

ChooseColorW
GetFileTitleW
GetSaveFileNameW
PrintDlgExW

shlwapi

StrDupW
StrPBrkW
StrCmpIW
StrRetToStrW
SHStrDupW
PathAddBackslashW
SHAutoComplete
AssocQueryStringW
SHSetValueW
SHDeleteEmptyKeyW
PathCreateFromUrlW
UrlUnescapeW
UrlIsW
PathStripToRootW
PathIsURLW
PathIsRelativeW
PathIsDirectoryW
PathFileExistsW

comctl32

ImageList_Create
ImageList_BeginDrag
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_GetDragImage
ImageList_Write
FlatSB_GetScrollPos
FlatSB_SetScrollPos

setupapi

CM_Get_Parent
CM_Get_Parent_Ex
CM_Get_DevNode_Status
CM_Get_DevNode_Registry_Property_ExW
SetupFindFirstLineW
SetupInstallFromInfSectionW
SetupDiCreateDeviceInfoListExW
SetupDiOpenDeviceInterfaceW
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiSetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 754KB - Virtual size: 753KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8fb10eeecd882dbeb2dfd99982c1102

Headers

File Characteristics

Imports

winspool.drv

kernel32

oleaut32

user32

comdlg32

shlwapi

comctl32

setupapi

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 754KB - Virtual size: 753KB

.data Size: 10KB - Virtual size: 6.5MB

.rsrc Size: 362KB - Virtual size: 361KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 754KB - Virtual size: 753KB

.data
Size: 10KB - Virtual size: 6.5MB

.rsrc
Size: 362KB - Virtual size: 361KB