dd774cbf78c7ef11977f6cdba53c4ddb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd774cbf78c7ef11977f6cdba53c4ddb_JaffaCakes118
Size

616KB
MD5

dd774cbf78c7ef11977f6cdba53c4ddb
SHA1

d285d46bef7b81cbd34356bfe8c3d120ea2c8cc5
SHA256

ed95f0d034e3b6ee032516d3fee408620a03c56b2f9f183e237abe1b56406981
SHA512

1fb3c9d0a40215089ab10a94590317f554205264b0e0eaa1db5af7c7ef480c4b03f302c7b3cfde5d7f0526821581eb84ce46e2f0c9549b77d8886c7e54ec9321
SSDEEP

12288:fbZ7lAye6Psq9D/nQl1oQdvr8WjsmrB0hOACIxDiSkf:fbZxAyZPsyDQl1oEvIW79eOAtk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd774cbf78c7ef11977f6cdba53c4ddb_JaffaCakes118

Files

dd774cbf78c7ef11977f6cdba53c4ddb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1733e708a823586d9afe34b59a727c3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\euo

Imports

advapi32

CryptDestroyKey
CryptEncrypt
LogonUserW
LookupPrivilegeDisplayNameA
RegEnumValueA
CryptEnumProviderTypesW
CryptGenRandom
InitiateSystemShutdownA
RegQueryValueExA

gdi32

DeleteMetaFile
SelectObject
SetPixelV
SelectClipPath
SetPixel
EnableEUDC
SetICMMode

user32

GetUserObjectInformationW
ExitWindowsEx
LockWindowUpdate
CharLowerBuffA
GetScrollPos
DdeConnect
GetProcessWindowStation
GetCaretBlinkTime
SendMessageA
TabbedTextOutW
DefWindowProcA
CreateAcceleratorTableW
MessageBoxA
EqualRect
CreateWindowExA
GetMenuBarInfo
RegisterClassExA
DdeDisconnect
LookupIconIdFromDirectoryEx
ClipCursor
UnregisterClassW
MessageBoxExA
KillTimer
OemToCharBuffA
GetMenuContextHelpId
BringWindowToTop
GetCaretPos
GetPropW
GetUserObjectSecurity
DdeImpersonateClient
GetGuiResources
ScrollWindowEx
ShowWindow
GetSystemMetrics
LoadCursorW
IsCharAlphaNumericW
InSendMessageEx
FlashWindow
LoadMenuA
CascadeChildWindows
UnhookWindowsHook
CallNextHookEx
SendIMEMessageExW
DefFrameProcW
LoadMenuIndirectW
CharPrevExA
DdeCmpStringHandles
DlgDirListComboBoxA
GetKeyboardLayoutNameA
EnumDisplayDevicesW
EnumThreadWindows
DdeUnaccessData
ToAsciiEx
RemovePropA
DrawCaption
GetDlgItem
BeginPaint
GetWindowLongW
LoadImageA
RegisterClassA
DispatchMessageW
LoadIconA
DrawStateA
IsMenu
DdeKeepStringHandle
DestroyWindow
LoadImageW
DdeDisconnectList
SetRectEmpty
ReleaseCapture
DrawStateW
GetClipboardViewer

wininet

InternetTimeFromSystemTimeW
HttpSendRequestW
GopherOpenFileA
InternetOpenA
FindFirstUrlCacheEntryExA
FindNextUrlCacheContainerW

kernel32

LCMapStringA
SetConsoleTextAttribute
SetStdHandle
GetTickCount
VirtualAllocEx
MultiByteToWideChar
GetStringTypeA
VirtualProtect
GetCommandLineA
GetSystemTimeAsFileTime
FlushFileBuffers
HeapCreate
FreeEnvironmentStringsA
TransactNamedPipe
RtlUnwind
GetOEMCP
HeapReAlloc
CreateDirectoryExA
GetProcessShutdownParameters
VirtualQuery
GetFileType
GetVolumeInformationA
GetProcessHeap
GetCurrentThread
CompareStringA
GetStringTypeExA
FindFirstFileExW
ReadConsoleInputA
IsBadReadPtr
GetProcessAffinityMask
EnumSystemCodePagesW
OpenMutexW
FindFirstFileA
ReadFile
WriteConsoleA
HeapAlloc
OpenMutexA
QueryPerformanceCounter
FillConsoleOutputAttribute
LoadLibraryA
FreeEnvironmentStringsW
IsBadWritePtr
CreateFileMappingA
WideCharToMultiByte
GetThreadTimes
HeapFree
SetEnvironmentVariableA
GlobalUnlock
HeapDestroy
GetFileAttributesExA
OpenSemaphoreA
GetEnvironmentStringsW
FindAtomW
HeapLock
GetProcAddress
LoadResource
SetLastError
InterlockedDecrement
VirtualFree
SetHandleCount
GetLastError
WriteProfileSectionA
WaitNamedPipeA
SetCriticalSectionSpinCount
LoadLibraryW
GetEnvironmentVariableA
FileTimeToDosDateTime
SetFilePointer
OpenWaitableTimerW
CloseHandle
MapViewOfFile
TlsSetValue
GetEnvironmentVariableW
DeleteCriticalSection
GetCPInfo
TlsGetValue
LockFileEx
TlsAlloc
GetStartupInfoA
GetTempPathA
TlsFree
ReadConsoleW
UnhandledExceptionFilter
PulseEvent
LeaveCriticalSection
GlobalFindAtomW
EnterCriticalSection
InterlockedExchange
InitializeCriticalSection
GetVersion
CopyFileA
lstrcmpiW
GetStdHandle
GetLocalTime
GetSystemTime
GetTimeFormatA
GetDateFormatW
OpenEventW
CreateNamedPipeA
WritePrivateProfileSectionA
WriteFile
CommConfigDialogW
DebugActiveProcess
GetEnvironmentStrings
LocalFileTimeToFileTime
GetCurrentProcess
GetExitCodeThread
GetACP
InterlockedIncrement
TerminateProcess
GetStringTypeExW
EnumResourceLanguagesA
CreateFileW
GetModuleHandleA
EnumTimeFormatsW
VirtualQueryEx
GlobalFindAtomA
GetCurrentProcessId
CreateMutexA
FindAtomA
EnumDateFormatsA
ExitProcess
GetCurrentThreadId
GetTimeZoneInformation
LCMapStringW
GetThreadPriority
VirtualAlloc
lstrcpyn
CompareStringW
GlobalGetAtomNameW
GetModuleFileNameA
CreateProcessW
GetVersionExW
GetStringTypeW
GetFileAttributesW
GetFullPathNameW

comctl32

ImageList_AddIcon
ImageList_SetBkColor
ImageList_BeginDrag
ImageList_Write
ImageList_GetBkColor
ImageList_LoadImage
ImageList_GetImageCount
ImageList_SetOverlayImage
CreateToolbar
ImageList_DrawEx
ImageList_Add
ImageList_GetFlags
InitCommonControlsEx
CreateStatusWindowW
DrawStatusTextA
InitMUILanguage
ImageList_SetFilter
ImageList_Draw

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1733e708a823586d9afe34b59a727c3b

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

user32

wininet

kernel32

comctl32

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 256KB - Virtual size: 252KB

.data Size: 108KB - Virtual size: 109KB

.rsrc Size: 56KB - Virtual size: 52KB

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 256KB - Virtual size: 252KB

.data
Size: 108KB - Virtual size: 109KB

.rsrc
Size: 56KB - Virtual size: 52KB