de16c16da03597af1a873f23732bd6b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de16c16da03597af1a873f23732bd6b5_JaffaCakes118
Size

356KB
MD5

de16c16da03597af1a873f23732bd6b5
SHA1

66745bfa854195b50f00979f0035872e8f35ebc2
SHA256

414bc6f7fb43374029597685e1fd468a71435af2835a734935bb1454e05969f4
SHA512

f3e8a84a99213e33114fefd2c1d40c8eb309a5fe970fdcadae5e28419c0c8040f5f71b285219f4dc964fecbfe0cf304fef2cdc7c269d8be13f7d6b7ef7772922
SSDEEP

6144:LkkO8YXBp7vXPMG++AaiPp74dRJjQcWwusHcXKvPatSJabzC5zo0naGB:LkkO8YXBpj9AlPp70RJkcWwuccXK3mzi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de16c16da03597af1a873f23732bd6b5_JaffaCakes118

Files

de16c16da03597af1a873f23732bd6b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c943872f1a85c23fdf2de2ac63b7d3c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\AutoLink_CS\Temp\virustools\viruskiller\ravmagistr\Release\VikingKiller.pdb

Imports

comctl32

InitCommonControlsEx

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

inet_ntoa
WSACleanup
gethostbyname
gethostname
WSAStartup

kernel32

GetFileTime
UnmapViewOfFile
GetFileSize
SetFilePointer
ReadFile
DeleteFileA
GetShortPathNameA
GetEnvironmentVariableA
LocalFree
LocalAlloc
Sleep
GetLastError
MapViewOfFile
CreateFileMappingA
WriteFile
SetEndOfFile
GetFileAttributesExA
SetFileAttributesA
CopyFileA
FindNextFileA
FindClose
FindFirstFileA
RemoveDirectoryA
CreateDirectoryA
MoveFileA
GetTempPathA
GetWindowsDirectoryA
GetLogicalDrives
GetFileAttributesA
VirtualFree
VirtualAlloc
SetThreadPriority
SetPriorityClass
GetCurrentThread
GetCurrentProcess
MoveFileExA
GetVersionExA
GetTempFileNameA
HeapFree
HeapAlloc
GetProcessHeap
CreateFileW
FindFirstFileW
MultiByteToWideChar
lstrlenA
GetDiskFreeSpaceA
GetUserDefaultLangID
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
LoadResource
SetFileTime
SetLastError
DeleteCriticalSection
GetCurrentThreadId
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GlobalFree
GlobalHandle
lstrlenW
lstrcmpA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
MulDiv
SizeofResource
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
VirtualQueryEx
GetSystemInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
SetUnhandledExceptionFilter
FlushFileBuffers
IsBadWritePtr
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
SetStdHandle
GetStdHandle
SetHandleCount
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
HeapReAlloc
VirtualQuery
VirtualProtect
GetFileType
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
ExitProcess
RtlUnwind
SuspendThread
GetModuleHandleA
CreateThread
WaitForSingleObject
TerminateThread
VirtualProtectEx
WriteProcessMemory
TerminateProcess
DeviceIoControl
GetModuleFileNameA
SetCurrentDirectoryA
CreateFileA
FreeLibrary
GetVersion
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
CloseHandle
OpenProcess
ReadProcessMemory
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLogicalDriveStringsA
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentDirectoryA
FindResourceA

user32

GetDesktopWindow
CharNextA
GetClassNameA
RedrawWindow
IsWindow
BeginPaint
FillRect
EndPaint
ReleaseDC
GetFocus
DestroyAcceleratorTable
GetSysColor
DefWindowProcA
CreateAcceleratorTableA
SetWindowContextHelpId
SetWindowPos
CreateWindowExA
DestroyWindow
IsChild
GetDC
ReleaseCapture
SetCapture
InvalidateRgn
RegisterClassExA
SendMessageA
SetWindowTextA
GetParent
MessageBoxA
CharUpperA
GetActiveWindow
EndDialog
DialogBoxParamA
SendDlgItemMessageA
GetClassInfoExA
RegisterWindowMessageA
GetWindowTextA
GetWindowTextLengthA
wsprintfA
UnregisterClassA
ShowWindow
MapWindowPoints
SystemParametersInfoA
GetWindowRect
DialogBoxIndirectParamA
MapDialogRect
GetWindow
ScreenToClient
GetClientRect
PtInRect
SetTimer
InvalidateRect
WindowFromPoint
KillTimer
LoadCursorA
SetCursor
CallWindowProcA
GetDlgCtrlID
GetSysColorBrush
LoadIconA
SetWindowLongA
SetDlgItemTextA
GetWindowLongA
GetSystemMenu
EnableMenuItem
GetDlgItem
EnableWindow
SetFocus
GetCursorPos

gdi32

CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
GetDeviceCaps
CreateFontIndirectA
SelectObject
SetTextColor
GetStockObject
SetBkMode
GetObjectA
DeleteObject

advapi32

OpenSCManagerA
RegQueryInfoKeyA
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegEnumValueA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
EnumServicesStatusA
CloseServiceHandle
QueryServiceConfigA
OpenServiceA
DeleteService
ControlService
QueryServiceStatus

shell32

ShellExecuteA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

LoadRegTypeLi
VarUI4FromStr
OleCreateFontIndirect
SysStringByteLen
VariantClear
VariantInit
LoadTypeLi
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c943872f1a85c23fdf2de2ac63b7d3c7

Headers

File Characteristics

PDB Paths

Imports

comctl32

version

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 208KB - Virtual size: 205KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 112KB - Virtual size: 111KB

.text
Size: 208KB - Virtual size: 205KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 112KB - Virtual size: 111KB