d637e3181aa6b12e4b4050028e094d83_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d637e3181aa6b12e4b4050028e094d83_JaffaCakes118
Size

473KB
MD5

d637e3181aa6b12e4b4050028e094d83
SHA1

213e80f265e24e924325465876c2afb1f8097d96
SHA256

b5711ba277df55ff48134b389457c12e8c25a2d816eee87ef0a4fdf4d3c2369f
SHA512

d97b155ad3f222d6d75e8715f993d3d95813d44a001079fcaff947186e6b4f5e4de3fca293807fb5f95d9bb4d7e34f1b9110618ca77a97d836a5214c0fc9c652
SSDEEP

12288:Hkh+Z7JFkOpGf4mrlwsdJBrY3z5aRQTzCz/v4BSCui:HMWFkOUfpOkJBrYOQXm/QoC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d637e3181aa6b12e4b4050028e094d83_JaffaCakes118

Files

d637e3181aa6b12e4b4050028e094d83_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3e6f1fec812c98890a57d0b6f1878f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetSystemPaletteEntries
CreateDCA
CreateICA
CancelDC
ExtTextOutW
CreateDCW
LineTo
GetKerningPairs
GetLayout
DeviceCapabilitiesExW
CreateDIBPatternBrushPt
DeleteDC
GetWorldTransform
EqualRgn
PolylineTo
SetPixelFormat
EnumObjects
UpdateICMRegKeyW
GetDeviceCaps

wininet

InternetSetDialState
InternetConfirmZoneCrossingW
SetUrlCacheHeaderData
InternetDialA
DeleteUrlCacheEntryW
InternetWriteFile
HttpAddRequestHeadersW

comctl32

ImageList_GetIcon
ImageList_SetFlags
ImageList_SetDragCursorImage
ImageList_LoadImageA
GetEffectiveClientRect
ImageList_GetDragImage
InitCommonControlsEx
ImageList_Draw
DrawStatusTextA
MakeDragList
ImageList_BeginDrag
ImageList_Read
ImageList_AddIcon
ImageList_Add
DrawInsert
CreateToolbar
ImageList_Replace
ImageList_DragShowNolock
ImageList_SetBkColor

user32

GetKeyboardLayoutNameW
EnumClipboardFormats
GetDC
GetClipCursor
GetKeyboardLayout
SetClassWord
RegisterClassExA
TileWindows
DdeAbandonTransaction
DrawFrame
SetWindowLongW
SetWindowsHookExA
DdeAccessData
GetWindowRgn
IsCharAlphaNumericA
MsgWaitForMultipleObjectsEx
EnumThreadWindows
DlgDirSelectComboBoxExW
CallMsgFilter
RegisterClassA
DrawMenuBar
GetScrollPos

kernel32

DeleteCriticalSection
GetStringTypeW
GetCurrentProcessId
HeapFree
GlobalLock
lstrcmpiW
SetLastError
GetSystemTimeAsFileTime
FileTimeToSystemTime
ReadFile
VirtualFree
FreeEnvironmentStringsW
MultiByteToWideChar
GetCurrentThreadId
GetStartupInfoW
GetModuleFileNameW
LoadLibraryA
LCMapStringA
HeapCreate
SetThreadIdealProcessor
LocalShrink
InitializeCriticalSection
VirtualAlloc
GetCommandLineA
SetFilePointer
GetCommandLineW
GetModuleFileNameA
TlsGetValue
CloseHandle
InterlockedDecrement
GetTempPathW
RtlUnwind
LocalAlloc
TlsFree
GetSystemTime
LCMapStringW
lstrlenW
IsBadWritePtr
TerminateProcess
EnterCriticalSection
QueryPerformanceCounter
SetWaitableTimer
GetCurrentThread
ExitProcess
GetProcAddress
GetStartupInfoA
GetModuleHandleA
SetStdHandle
TlsAlloc
GetFileType
SetEvent
WriteFile
GetCurrentProcess
GetEnvironmentStringsW
VirtualQuery
GetStringTypeA
HeapAlloc
UnhandledExceptionFilter
CreateMutexA
GetCompressedFileSizeW
HeapReAlloc
CompareStringW
FreeEnvironmentStringsA
GetLocalTime
GetCPInfo
TlsSetValue
GetShortPathNameW
PulseEvent
SetEnvironmentVariableA
HeapDestroy
SetHandleCount
ConvertDefaultLocale
CompareStringA
WaitForSingleObjectEx
GetVersion
InterlockedIncrement
GetTickCount
FlushFileBuffers
InterlockedExchange
GetEnvironmentStrings
OpenMutexA
GetStdHandle
WideCharToMultiByte
LeaveCriticalSection
GetLastError
GetTimeZoneInformation

advapi32

RegSetValueW
RegLoadKeyW
StartServiceW
RegEnumKeyW
CryptGetProvParam
RegReplaceKeyA
ReportEventW
CryptAcquireContextA
LookupPrivilegeNameW
AbortSystemShutdownA
RegLoadKeyA
GetUserNameA
CryptReleaseContext
RevertToSelf
GetUserNameW
RegQueryValueExW
CryptExportKey
LookupPrivilegeDisplayNameA
CryptVerifySignatureW
DuplicateTokenEx
CryptGetKeyParam
RegQueryValueA

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3e6f1fec812c98890a57d0b6f1878f1

Headers

File Characteristics

Imports

gdi32

wininet

comctl32

user32

kernel32

advapi32

Sections

.text Size: 299KB - Virtual size: 299KB

.rdata Size: 46KB - Virtual size: 57KB

.data Size: 119KB - Virtual size: 118KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 299KB - Virtual size: 299KB

.rdata
Size: 46KB - Virtual size: 57KB

.data
Size: 119KB - Virtual size: 118KB

.rsrc
Size: 8KB - Virtual size: 7KB