db473b2b4c3aadda51580060a46ae44a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db473b2b4c3aadda51580060a46ae44a_JaffaCakes118
Size

464KB
MD5

db473b2b4c3aadda51580060a46ae44a
SHA1

8d75fad7e230c54e773308c1c9d98ed3b1c9fe78
SHA256

0630b658972a2027e68002605b4e4b632d33a8cf9a73d26d57bd1c6f05421825
SHA512

56025e95fbb94ecaf3d6900f68f91791fa762bd038b92acf22f52e000763dc9ae09be7c7f2d9fb0a0071d18d06802dd1693d2b5f6f405eb729a35f38e364abfe
SSDEEP

12288:R8+Xr+ul97J59Cqa+u90eh+OWUZl+kwJxpw4GKHnWV211TA:R8+3rJ59Ctnv+OW8MbpwUx11TA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db473b2b4c3aadda51580060a46ae44a_JaffaCakes118

Files

db473b2b4c3aadda51580060a46ae44a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9466c3c515515c23420c707bfd96c0bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
SetStdHandle
CreateFileW
FlushFileBuffers
LocalFree
EnumDateFormatsA
SetLastError
GetLastError
GlobalUnlock
GetTimeZoneInformation
ReadFile
HeapCreate
GlobalAlloc
GetProcessHeap
GlobalLock
LCMapStringW
VirtualQuery
FreeLibrary
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTickCount
QueryPerformanceCounter
LoadLibraryW
ExitProcess
GetFileType
InterlockedDecrement
HeapAlloc
WriteConsoleW
WriteFile
GetStdHandle
GetModuleHandleW
GetProcAddress
CreateFileA
GetEnvironmentVariableW
GetCommandLineW
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
CloseHandle
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
RaiseException
GetCurrentProcessId
GetModuleFileNameW
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
RtlUnwind
HeapValidate
IsBadReadPtr
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree

user32

GetWindowRect
GetParent
MessageBoxA
EnableScrollBar
WindowFromDC
BeginPaint
ReleaseDC
SendMessageA
SetRect
GetDC

gdi32

SetDIBColorTable
GetRgnBox
CreateBitmap
DeleteObject
DeleteDC
FrameRgn
CreateDIBSection
SelectObject
CreateCompatibleDC
DPtoLP
SetMapMode
SaveDC
AddFontResourceExW
GetDIBColorTable
CreateRectRgn
TextOutA
CreateSolidBrush
GetRandomRgn
GetStockObject
SetViewportExtEx

comdlg32

CommDlgExtendedError
GetOpenFileNameW

advapi32

LookupAccountSidA
RevertToSelf
SetThreadToken
ConvertStringSidToSidW
OpenThreadToken

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CLSIDFromString
CoInitializeSecurity
CoInitialize
ReleaseStgMedium
CoInitializeEx
CreateStreamOnHGlobal
MkParseDisplayName

oleaut32

SysAllocString
SysStringLen
VariantClear
LoadRegTypeLi
SysFreeString
SysAllocStringLen
VariantInit
LoadTypeLi
SafeArrayCreateVector

version

GetFileVersionInfoW

activeds

ord9

gdiplus

GdipGetImageEncodersSize
GdiplusShutdown
GdipGetImageEncoders
GdiplusStartup

dnsapi

DnsQuery_W
DnsFree

ntdll

NtDrawText

Sections

.text
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

v.b`WN
Size: 512B - Virtual size: 256B

.extrel
Size: 512B - Virtual size: 256B

.l1
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2MFLok
Size: 512B - Virtual size: 64B

Sharing

General

Malware Config

Signatures

Files

9466c3c515515c23420c707bfd96c0bb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

version

activeds

gdiplus

dnsapi

ntdll

Sections

.text Size: 221KB - Virtual size: 221KB

.rdata Size: 112KB - Virtual size: 112KB

.rdata Size: 112KB - Virtual size: 120KB

.rsrc Size: 2KB - Virtual size: 1KB

v.b`WN Size: 512B - Virtual size: 256B

.extrel Size: 512B - Virtual size: 256B

.l1 Size: 6KB - Virtual size: 6KB

.l1 Size: 6KB - Virtual size: 6KB

2MFLok Size: 512B - Virtual size: 64B

.text
Size: 221KB - Virtual size: 221KB

.rdata
Size: 112KB - Virtual size: 112KB

.rdata
Size: 112KB - Virtual size: 120KB

.rsrc
Size: 2KB - Virtual size: 1KB

v.b`WN
Size: 512B - Virtual size: 256B

.extrel
Size: 512B - Virtual size: 256B

.l1
Size: 6KB - Virtual size: 6KB

.l1
Size: 6KB - Virtual size: 6KB

2MFLok
Size: 512B - Virtual size: 64B