dc4dc0a137f5fe60836941a2a4d905c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc4dc0a137f5fe60836941a2a4d905c3_JaffaCakes118
Size

539KB
MD5

dc4dc0a137f5fe60836941a2a4d905c3
SHA1

551e321a60bdeb05390da4237337b531e1a29e8e
SHA256

c51a414ea8d06e8a1f87b41acd2bdb45e9b362d2ca1a41b42112163e6ac445b9
SHA512

0ce6433f4e8ad0636a59c87503addf20076b1c4f81c162b7fec6fbd81e5ab8d9bf0182d19498e783de7af919584f5c65e298b64b30d7c81e0d4ba2578ec0c854
SSDEEP

12288:giUbRUPs4936LtH4W9kaoJu0LSi2G5dHhW8PKC5vUOdj:gLUPs4Ue2ozv2G5LPKC5T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc4dc0a137f5fe60836941a2a4d905c3_JaffaCakes118

Files

dc4dc0a137f5fe60836941a2a4d905c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a77f2a1bf46a95f003ac3b1435d98341

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

n:\wxia\zhqnkdoevo\srgtwtpm\niwa.pdb

Imports

advapi32

CryptAcquireContextA
RegSetValueW
RegFlushKey
LookupAccountSidA
InitializeSecurityDescriptor
RegSetValueExA
RegConnectRegistryW
CryptGetUserKey
StartServiceW

comdlg32

ReplaceTextA
ChooseFontW
ChooseColorA
PrintDlgW

user32

LoadImageW
CreateWindowExW
GetWindow
BroadcastSystemMessageA
PaintDesktop
ShowWindow
EndDeferWindowPos
RegisterClassA
RegisterClassExA
RegisterClipboardFormatA
EnumDisplaySettingsA
DestroyWindow
GetMenuCheckMarkDimensions
LoadMenuW
MessageBoxA
GetProcessWindowStation
DefWindowProcA

kernel32

GetFileType
GetCommandLineW
HeapAlloc
lstrcpynA
LCMapStringA
RtlUnwind
FreeEnvironmentStringsA
FreeEnvironmentStringsW
LoadLibraryA
InterlockedIncrement
GetTickCount
GetStringTypeA
FlushFileBuffers
GetCurrentThreadId
GetModuleHandleA
TlsSetValue
VirtualQuery
SetFilePointer
SetThreadIdealProcessor
TlsGetValue
TlsFree
UnhandledExceptionFilter
CreateWaitableTimerA
GetTempPathW
TerminateProcess
GetCurrentProcess
GetStringTypeW
DeleteCriticalSection
HeapFree
IsBadWritePtr
GetCPInfo
ExitProcess
GetCurrentThread
GetVersion
SetHandleCount
WideCharToMultiByte
WriteFile
GetCommandLineA
GetProcAddress
HeapCreate
GetShortPathNameW
EnterCriticalSection
GetStdHandle
HeapDestroy
GetTimeZoneInformation
InterlockedDecrement
QueryPerformanceCounter
SetLastError
CompareStringW
CreateMutexA
GetStartupInfoA
GetSystemTimeAsFileTime
TlsAlloc
LCMapStringW
MultiByteToWideChar
GetTempFileNameA
CloseHandle
GetCurrentProcessId
GetLastError
VirtualAlloc
LeaveCriticalSection
VirtualFree
SetEnvironmentVariableA
WriteConsoleOutputCharacterW
CompareStringA
GetModuleFileNameA
OpenMutexA
GetSystemTime
GetVolumeInformationA
GetEnvironmentStringsW
HeapReAlloc
GetEnvironmentStrings
GetFileSize
GetLocalTime
InitializeCriticalSection
GetStartupInfoW
ReadFile
FileTimeToSystemTime
SetStdHandle
GetModuleFileNameW
InterlockedExchange

comctl32

InitCommonControlsEx
CreateToolbarEx
ImageList_DragMove
ImageList_AddMasked
ImageList_SetOverlayImage
ImageList_SetBkColor
ImageList_Replace

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a77f2a1bf46a95f003ac3b1435d98341

Headers

File Characteristics

PDB Paths

Imports

advapi32

comdlg32

user32

kernel32

comctl32

Sections

.text Size: 220KB - Virtual size: 220KB

.rdata Size: 206KB - Virtual size: 228KB

.data Size: 106KB - Virtual size: 105KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 206KB - Virtual size: 228KB

.data
Size: 106KB - Virtual size: 105KB

.rsrc
Size: 6KB - Virtual size: 5KB