d5ad6bb62af60b1d50e2f8d9d55770c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d5ad6bb62af60b1d50e2f8d9d55770c0_JaffaCakes118
Size

368KB
MD5

d5ad6bb62af60b1d50e2f8d9d55770c0
SHA1

88f7b568dc5cb23cdbac0f0cf68dfb2c0fa36802
SHA256

a518d801b66df33f1f525b75dd514c3d77246f32dd4519777578e2e1f13629f8
SHA512

4a2a396f8e1d64c1be07200376340917996926dd044572e0b6155f8c46b4b3761fa3646a8052cc9d7e56b37c78f7606aa2fe821418f04209931f32fa68ecb1d7
SSDEEP

6144:bvJ58AXev47W4ghRYX80cTvcPFHMMnxygGdECb6PVNFORgbisU71F9zAgnwhDSaf:3xeeWTc8040FHMMxy5dE62HFORgbiL9u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5ad6bb62af60b1d50e2f8d9d55770c0_JaffaCakes118

Files

d5ad6bb62af60b1d50e2f8d9d55770c0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc8370a0a4bc14003d6e9e2d90442a63

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
WideCharToMultiByte
GetDateFormatW
GetTimeFormatW
CompareStringW
SetLastError
LocalAlloc
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
IsDBCSLeadByte
GetSystemTimeAsFileTime
GetComputerNameW
EnterCriticalSection
TlsFree
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
LocalFree
InterlockedIncrement
TlsSetValue
TlsGetValue
SwitchToThread
TlsAlloc
lstrlenA
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
LeaveCriticalSection
TerminateProcess
DeleteCriticalSection
Sleep
CloseHandle
CreateFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetLocalTime
GetCurrentProcess
GetCurrentThread
CreateEventA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
UnmapViewOfFile
SetEvent
MapViewOfFile
VirtualProtect
OpenFileMappingA
CreateFileMappingA
InterlockedExchange
InterlockedCompareExchange
GetTickCount
GetCommandLineA
InterlockedDecrement
GetStartupInfoA

user32

GetDC
wvsprintfA
PostMessageA
FindWindowA
RegisterWindowMessageA
wsprintfA
LoadStringW
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
ReleaseDC
SetWindowPos
CallWindowProcA
GetWindowLongA
SetWindowLongA
EndDialog
GetDesktopWindow
SetDlgItemTextA
MessageBeep
GetWindowRect

advapi32

RegQueryValueExA
OpenProcessToken
GetTokenInformation
IsValidSid
ConvertStringSidToSidA
EqualSid
RegCloseKey
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegOpenKeyExA
OpenServiceW
StartServiceW
CloseServiceHandle
QueryServiceStatus
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
OpenSCManagerW
ReportEventA
OpenThreadToken

gdi32

GetDeviceCaps

ole32

CoCreateInstance

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
__setusermatherr
__getmainargs
_acmdln
exit
_exit
??3@YAXPAX@Z
__CxxFrameHandler
_except_handler3
fwrite
fclose
_adjust_fdiv
_XcptFilter
strncpy
free
malloc
memset
fopen
_CxxThrowException
_wcsicmp
isdigit
_errno
iswdigit
memchr
localeconv
_initterm
wcsncmp
_ui64tow
_itow
memcpy
_wcsnicmp
memmove

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z

Sections

.text
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc8370a0a4bc14003d6e9e2d90442a63

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

msvcrt

msvcp60

Sections

.text Size: 351KB - Virtual size: 351KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 254KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 351KB - Virtual size: 351KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 254KB

.rsrc
Size: 9KB - Virtual size: 8KB