db6342e34a3b85fe4ad8e80159a3c8d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db6342e34a3b85fe4ad8e80159a3c8d2_JaffaCakes118
Size

161KB
MD5

db6342e34a3b85fe4ad8e80159a3c8d2
SHA1

2eb87e3fd0be3fb2aba762230cbab8d9c110fd94
SHA256

77daf296ee993b2daa37e3e40a8eb441c949b56b80d26c1b1f267757bcdb8d75
SHA512

ee131fa5c39556eabf060c8737eadf3056f4f3732d4bd4acaa7f09989bcb32e33cd7003f20da1a2a74d50c6a3acf69f5440b4e6699aefaed291dd8b135c17e6e
SSDEEP

3072:T3Sf5v2y6xzZBOzJM7MEw97Axh9J7GfyvZ8HvSugzhHhuYue4:zEN27dBOze7MEwuH9JifyWvSD03

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db6342e34a3b85fe4ad8e80159a3c8d2_JaffaCakes118

Files

db6342e34a3b85fe4ad8e80159a3c8d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a8b24dc323a59bdfe2af521062edc012

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Acro_root_nsp\BuildResults\bin\release\Eula.pdb

Imports

kernel32

GetLastError
CopyFileW
GetPrivateProfileStringW
MultiByteToWideChar
lstrlenA
SetLastError
LockResource
LoadResource
GetModuleFileNameW
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalHandle
GetPrivateProfileIntW
lstrcpynW
GetFullPathNameW
LoadLibraryA
GetProcAddress
InterlockedDecrement
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualFree
VirtualAlloc
Sleep
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InterlockedIncrement
GetCurrentThreadId
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
lstrcpyW
GetSystemTimeAsFileTime
lstrlenW
lstrcatW
FindFirstFileW
FindClose
FindResourceW
RaiseException
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
IsProcessorFeaturePresent

user32

GetDlgItem
SetWindowContextHelpId
SendMessageW
MapDialogRect
EndDialog
DestroyWindow
CreateWindowExW
GetWindowTextW
GetSysColor
MoveWindow
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
UnregisterClassA
SetCapture
IsChild
GetParent
GetClassNameW
CharNextW
ReleaseCapture
FillRect
CallWindowProcW
EndPaint
BeginPaint
GetDesktopWindow
GetActiveWindow
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
DestroyAcceleratorTable
IsWindow
SetFocus
GetWindow
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItemTextW
EnableWindow
IsWindowEnabled
SetWindowPos
SetWindowTextW
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetFocus

gdi32

CreateSolidBrush
BitBlt
GetStockObject
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetObjectW
CreateCompatibleDC
GetDeviceCaps

comdlg32

GetSaveFileNameW

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW

ole32

OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CLSIDFromString
OleUninitialize
CoGetClassObject
OleLockRunning
StringFromGUID2
CoCreateInstance
CLSIDFromProgID

oleaut32

SysAllocString
VariantInit
VariantClear
DispCallFunc
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
OleCreateFontIndirect
SysAllocStringLen
SysStringLen
SysFreeString

msvcr80

_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
_wtoi64
malloc
swprintf_s
??2@YAPAXI@Z
calloc
??_U@YAPAXI@Z
_recalloc
__CxxFrameHandler3
memset
wcscspn
wcsncpy_s
memcpy_s
_CxxThrowException
free
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a8b24dc323a59bdfe2af521062edc012

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

msvcr80

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 72KB - Virtual size: 72KB