da5a7cf7f7ebd77d5e58388b168c1ec6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

da5a7cf7f7ebd77d5e58388b168c1ec6_JaffaCakes118
Size

406KB
MD5

da5a7cf7f7ebd77d5e58388b168c1ec6
SHA1

464e83bd0a478d59c4a248e3c3f2350c7ac9f840
SHA256

7e17cc81a2c24811484c9788a72cc9341a6677be86d8afa349297384895c3c49
SHA512

d1147c5d821e4c51e0c9888e45e3014fc31f4dfd843ecb2d8d9590cb782a2ca77940f67e5f78326cc0e1711db2c8ac09e9941b45d519664b0cc916eaf2a20987
SSDEEP

6144:q4NDYGys8PEBKx2SBGNaxXZTSwp6fz8esChXt1reYlHd/uBsLJU9Ucugpd05stt5:98nsFTj4xpZh/a5JJAygHQstdOZY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da5a7cf7f7ebd77d5e58388b168c1ec6_JaffaCakes118

Files

da5a7cf7f7ebd77d5e58388b168c1ec6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

79045a3948e9053833741aad89fb2e50

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
GetWindowsDirectoryW
DisconnectNamedPipe
OpenFileMappingW
GetTimeFormatW
WaitForSingleObject
FindResourceW
ExitThread
GetLocalTime
GetCommandLineA
GetTimeZoneInformation
SwitchToThread
GetStartupInfoA
LockResource
FindNextFileW
GetFileSize
GetConsoleMode
lstrcpyA
GetStringTypeExW
GetLongPathNameA
BackupRead
LoadLibraryExW
VirtualProtect
lstrcmpiA
FindCloseChangeNotification
IsBadCodePtr
ResumeThread
GetThreadPriority
VirtualUnlock
GetConsoleCursorInfo
TlsGetValue
GetModuleHandleW
GetNamedPipeInfo
CompareStringW
CreateThread
SetLocalTime
InitializeCriticalSection
SetFileTime
WinExec
HeapAlloc
lstrcpynA
GetFileAttributesExA
EscapeCommFunction
GenerateConsoleCtrlEvent
EnumDateFormatsW
GetVersionExA
MapViewOfFile
GlobalLock
FoldStringW
ReadConsoleInputA
ReadConsoleOutputA
GetPrivateProfileSectionW
GetEnvironmentStrings
GlobalFlags
GetConsoleTitleW
SetCurrentDirectoryW
ReadDirectoryChangesW
SetWaitableTimer
SetCommState
GetPrivateProfileStringA
GetCompressedFileSizeW
UnlockFile
SetConsoleTextAttribute
CallNamedPipeW
GlobalFindAtomA
GetFullPathNameW
SetThreadPriorityBoost
CreateRemoteThread
BeginUpdateResourceA
WriteConsoleInputW
EnumSystemLocalesA
GetSystemTime
SizeofResource
GetModuleHandleA
GetFileType
SetTimeZoneInformation
LocalReAlloc
FlushInstructionCache
GetFileTime
GetLocaleInfoA
SetFileAttributesW
CreateDirectoryExA
GetAtomNameA
InterlockedExchangeAdd
Sleep
TransactNamedPipe
FreeEnvironmentStringsA
GetVolumeInformationA
ReadProcessMemory
GetDiskFreeSpaceW
FlushViewOfFile
GetCurrentThreadId
InterlockedIncrement
CreateFileA
IsProcessorFeaturePresent
WriteConsoleOutputW
GetTapeParameters
GetStdHandle
SetConsoleCursorPosition
SetVolumeLabelW
GetCommModemStatus

user32

GetDialogBaseUnits
LoadAcceleratorsW
SubtractRect
TrackPopupMenuEx
CallWindowProcW
DefDlgProcW
ChildWindowFromPoint
TileWindows
ChangeDisplaySettingsA
ReleaseCapture
SetCursor
ScrollWindow
CopyIcon
ScreenToClient
IsIconic
SetUserObjectSecurity
TrackPopupMenu
SetTimer
RegisterWindowMessageW
EmptyClipboard
CallWindowProcA
GetScrollBarInfo
EnumWindowStationsW
ToUnicode
TranslateAcceleratorW
GetTabbedTextExtentW
ModifyMenuA
UnhookWindowsHookEx
DrawTextA
DrawIconEx
ExitWindowsEx
CharLowerA
DrawTextW
wsprintfA
PostThreadMessageW
RegisterClipboardFormatA
DrawFrameControl
SendMessageTimeoutW
GetWindowLongW
CharToOemW
RegisterDeviceNotificationA
DrawEdge
IsCharAlphaW
SetSysColors
GetDlgItemInt
CallNextHookEx
GetGuiResources
CreatePopupMenu
ClientToScreen
SwitchToThisWindow
FindWindowA

gdi32

EnumFontFamiliesExW
EnumFontFamiliesA
CloseEnhMetaFile
GdiComment
CreateDiscardableBitmap
GetBkMode
StretchDIBits
CloseMetaFile
CopyEnhMetaFileA
GetEnhMetaFilePaletteEntries
PolylineTo
CreateHalftonePalette
PolyPolyline

comdlg32

ChooseFontA
ChooseColorW

advapi32

AccessCheckAndAuditAlarmW
RegSetValueW
CryptImportKey
RegOpenKeyExW
QueryServiceConfigA
BuildTrusteeWithSidW
CryptGenKey
GetSidSubAuthorityCount
CryptGetUserKey
RegisterEventSourceA
AccessCheckAndAuditAlarmA
RegQueryValueW
CryptHashData
RegEnumKeyA
RevertToSelf
RegFlushKey
QueryServiceConfigW
StartServiceW
LookupAccountNameA
GetFileSecurityA
SetSecurityDescriptorGroup
ReadEventLogW
CryptSetKeyParam
RegCreateKeyExW
RegDeleteValueA
GetNamedSecurityInfoW
AbortSystemShutdownA
CreateServiceA
RegDeleteKeyW
CryptVerifySignatureA
RegOpenKeyW
OpenSCManagerA
BuildSecurityDescriptorW
ImpersonateLoggedOnUser
CryptSetHashParam

ole32

OleUninitialize
CoFreeAllLibraries
StgCreateStorageEx
GetHGlobalFromILockBytes
CreateItemMoniker
CoSetProxyBlanket

oleaut32

VariantCopyInd
SysFreeString
SafeArrayCreate
SysAllocStringLen
VariantClear
SafeArrayAccessData
SysAllocString

comctl32

ImageList_GetImageInfo
PropertySheetW
InitCommonControlsEx

shlwapi

PathIsDirectoryW
PathFindNextComponentW
SHSetThreadRef
PathIsSameRootW
StrFormatByteSize64A
PathIsRelativeA
SHQueryValueExW
StrStrIW
PathIsFileSpecA
StrChrA
SHCopyKeyW
PathGetCharTypeW
SHEnumValueW

msvcrt

__setusermatherr
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strlen
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_initterm

Sections

.text
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

79045a3948e9053833741aad89fb2e50

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

comctl32

shlwapi

msvcrt

Sections

.text Size: 272KB - Virtual size: 270KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 122KB - Virtual size: 122KB

.text
Size: 272KB - Virtual size: 270KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 122KB - Virtual size: 122KB