d5990f286083606e6804683bf5642251_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d5990f286083606e6804683bf5642251_JaffaCakes118
Size

788KB
MD5

d5990f286083606e6804683bf5642251
SHA1

96e8b2b1a56691a4185d47b9884537b7b8904350
SHA256

f365ff1439632806ed5e7a0be577fe951e0fc6634c0f3fde7dc7d79b84b6bf13
SHA512

72fb5b3e948fa04d17ab326d6c4de9dafe4cfcfd3ab3d84a31a970a3b9c50762f88485f831ab796e327cbf51d29f63e020beb0dd487aa42a1df31b508def196c
SSDEEP

12288:UJjfJlBRGi5CrodaBzFuQJOEMRbc4H14ge+X8olSjKiwuv:AJlBRJA6HQEXbqge2Bye8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5990f286083606e6804683bf5642251_JaffaCakes118

Files

d5990f286083606e6804683bf5642251_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6a9f460944af8e684c6596cd7ed13073

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\qrapce\znegbq\homj\neo\aorjkow.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA
StartServiceA
RegDeleteKeyA
RegEnumKeyA
OpenServiceA
InitializeSecurityDescriptor
AddAccessAllowedAce

gdi32

SelectClipRgn
DeleteDC
Escape
SetArcDirection
SetViewportExtEx
ExtFloodFill
BitBlt
CreateHatchBrush
SetViewportOrgEx
GetObjectType
DeleteObject
SetPixel
GetClipBox
PolylineTo
SetMapMode
SelectObject
GetWindowExtEx

version

GetFileVersionInfoA
VerQueryValueA

comctl32

ImageList_DragMove
ImageList_EndDrag
ImageList_ReplaceIcon
ImageList_LoadImageA
PropertySheetA
ImageList_GetImageInfo

winmm

mixerGetDevCapsA
mixerSetControlDetails
waveOutPrepareHeader
waveOutGetPosition
mixerGetLineInfoA
waveInClose
waveInPrepareHeader
waveInOpen
waveOutGetDevCapsA
waveInGetNumDevs
mixerGetLineControlsA
waveOutUnprepareHeader
waveOutOpen
waveInAddBuffer
waveOutWrite
waveInStart
mixerGetControlDetailsA
mixerGetNumDevs
waveInReset
waveInUnprepareHeader
mixerClose
waveOutReset
waveOutClose
waveOutGetNumDevs
mixerOpen
waveInStop

shell32

DragQueryFileA
SHChangeNotify
SHGetDesktopFolder
ShellExecuteA

comdlg32

CommDlgExtendedError
GetSaveFileNameA
GetFileTitleA
PrintDlgA

user32

OffsetRect
DrawFocusRect
LoadCursorA
SetParent
DefWindowProcA
ShowWindow
EndPaint
LoadBitmapA
RedrawWindow
IsWindowEnabled
SetRect
WindowFromPoint
DeleteMenu
GetWindowRect
FillRect
GetSystemMetrics
SetCursor
GetDC
GetClassInfoA
BeginPaint
PostMessageA
SetWindowPos
CreateWindowExA
GetWindowDC
RegisterClipboardFormatA
DrawTextExA
ScreenToClient
CheckDlgButton
LoadAcceleratorsA
CopyRect
ValidateRect
PostQuitMessage
SetWindowContextHelpId
GetSysColorBrush
MessageBoxA
GetWindow
DestroyAcceleratorTable
TrackPopupMenu
SetWindowLongA
DestroyIcon
LoadIconA
SetCapture
DestroyWindow
PostThreadMessageA
RegisterClassExA
LoadStringA
GetDesktopWindow
InflateRect
GetSubMenu
InvalidateRect
RegisterClassA
RegisterWindowMessageA
AppendMenuA
IsIconic

kernel32

GetLastError
LeaveCriticalSection
SetStdHandle
TlsFree
VirtualProtect
GetCommandLineA
SetHandleCount
VirtualFree
SetLastError
GetVersionExA
LoadLibraryA
GetACP
IsBadCodePtr
HeapCreate
DeleteCriticalSection
VirtualAlloc
HeapSize
TlsSetValue
SetEnvironmentVariableA
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
GetCurrentProcess
GetStringTypeA
WriteFile
HeapDestroy
LCMapStringW
GetCurrentThreadId
FlushFileBuffers
ExitProcess
RaiseException
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetTimeZoneInformation
InitializeCriticalSection
GetProcAddress
QueryPerformanceCounter
GetStartupInfoA
FreeEnvironmentStringsA
GetCPInfo
InterlockedExchange
RtlUnwind
GetModuleHandleA
GetTickCount
WideCharToMultiByte
FreeEnvironmentStringsW
ReadFile
GetStringTypeW
GetOEMCP
GetEnvironmentStrings
GetSystemInfo
GetStdHandle
CompareStringA
GetLocaleInfoA
TlsGetValue
HeapReAlloc
GetDateFormatA
SetUnhandledExceptionFilter
MultiByteToWideChar
GetTimeFormatA
HeapFree
EnterCriticalSection
GetFileType
SetFilePointer
CloseHandle
LCMapStringA
GetCurrentProcessId
VirtualQuery
CompareStringW
CreateMutexA
TerminateProcess

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a9f460944af8e684c6596cd7ed13073

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

version

comctl32

winmm

shell32

comdlg32

user32

kernel32

Sections

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 465KB - Virtual size: 464KB

.data Size: 106KB - Virtual size: 120KB

.rsrc Size: 128KB - Virtual size: 128KB

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 465KB - Virtual size: 464KB

.data
Size: 106KB - Virtual size: 120KB

.rsrc
Size: 128KB - Virtual size: 128KB