de17e1a91256942bc5081938465b22e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de17e1a91256942bc5081938465b22e3_JaffaCakes118
Size

217KB
MD5

de17e1a91256942bc5081938465b22e3
SHA1

59d64cc19cbc0df52a7958fe93a367f4c3c96255
SHA256

7218360fb01ca53e9d19856ec6266db656ab58180673877bfd9f5b99ebe8efab
SHA512

303b1ba4d50c7febd9c338b4a11ac57642342c9a0c5e96934f85faf7a05b2ff0e371ea7ab9a1f9ae01f574ce2ed04c7ca1e12ad63722c6adb4d3d392e2910456
SSDEEP

6144:w1MsmcQYOBoOeub9IdBzNIFWgA/pjT1HuGYNXrDhzF2:0rmcxCoNub2dtzPCXR4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de17e1a91256942bc5081938465b22e3_JaffaCakes118

Files

de17e1a91256942bc5081938465b22e3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1030056c876dd5eaa51c42a75aa21f32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlen
GetLocaleInfoW
IsBadStringPtrW
GetProcAddress
SetComputerNameA
lstrcmpW
LoadResource
GetLogicalDrives
FindAtomW
CreateDirectoryA
WaitForMultipleObjects
GetVersionExA
FatalAppExitW
GetTimeFormatA
lstrcpyn
GetVolumeInformationW
ConnectNamedPipe
GetThreadPriority
OpenSemaphoreA
GetLongPathNameW
GetUserDefaultLCID
GetProcessHeap
SetCalendarInfoW
OpenMutexW
LoadLibraryA
FreeLibrary

user32

GetClassLongA
GetFocus
WinHelpW
UpdateLayeredWindow
EndDialog
CallWindowProcA
GetForegroundWindow
wsprintfW
CheckMenuRadioItem
GetSubMenu
FillRect
GetMenu
ShowCursor
SetWindowRgn
SetWindowPos
CreateMenu
GetKeyState
MonitorFromWindow
GetClassInfoW
SetMenu
GetSysColorBrush
EndMenu
RegisterWindowMessageW
CopyRect
CharUpperW
ChildWindowFromPoint
GetCapture
GetCaretPos
GetClassInfoExA
InsertMenuItemW
GetMenuItemID
RegisterWindowMessageA
wvsprintfW
CascadeWindows
FindWindowA
AdjustWindowRect
GetWindowRect
wsprintfA
GetMessageW
SetWindowTextA
DestroyIcon
GetWindowTextLengthA
UpdateWindow
GetWindowRect
BringWindowToTop
CreateDesktopA
CloseWindow
GetClassLongW
PeekMessageA
MessageBeep

gdi32

CreatePolyPolygonRgn
GetICMProfileW
CreateICA
GetGlyphIndicesW
WidenPath
DeleteDC
CreateDCA
GetTextFaceA
OffsetClipRgn
Arc
SetICMProfileW
CreateDCA

advapi32

RegDeleteValueA
RegOpenKeyW
RegOpenKeyA
RegEnumValueA
RegQueryValueW
RegRestoreKeyA
RegDeleteKeyA
RegDeleteValueW
RegRestoreKeyW
RegFlushKey
RegSaveKeyW
RegSaveKeyA

shell32

ExtractIconA

shlwapi

SHAutoComplete
UrlGetLocationA
StrRetToStrA
SHRegOpenUSKeyA
SHDeleteKeyW
SHRegSetUSValueA
PathSkipRootW
SHStrDupW

ole32

CoGetMalloc
CoDeactivateObject

setupapi

CM_Query_And_Remove_SubTree_ExA
SetupSetDirectoryIdW
SetupSetFileQueueFlags
SetupDiCreateDeviceInfoA
CM_Get_Class_Registry_PropertyW
pSetupUnicodeToMultiByte
CM_Set_DevNode_Registry_Property_ExW
CM_Connect_MachineA
pSetupGetInfSections
SetupGetLineByIndexW

urlmon

RevokeFormatEnumerator

winspool.drv

AddPortExA
AddPrinterW
GetPrinterDriverDirectoryW
GetPrinterDataA
EndPagePrinter
DeviceMode
ConnectToPrinterDlg
SetPortA

oledlg

OleUIUpdateLinksW

sqlunirl

_SendMessage@16
_GetMessage_@16
_AddFontResource_@4
_RegSetValue_@20
_CharUpperBuff_@8
_RegQueryMultipleValues_@20
_DlgDirSelectEx_@16
_GetServiceKeyName_@16
_OpenFile_@12
_GetUserObjectInformation_@20
_ShellAbout_@16
_GetProfileSection_@12
_FindWindow_@8
_ShellExecute_@24
_GetBinaryType_@8
_IsBadStringPtr_@8
_NDdeGetShareSecurity_@24
_SetEnvironmentVariable_@8
_DefFrameProc_@20
_CreateIC_@16
_ExpandEnvironmentStrings_@12
_RegisterEventSource_@8
_ChangeServiceConfig_@44

Sections

.vuryD
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rXIPQ
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SnO
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.D
Size: 3KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.I
Size: 4KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vxI
Size: 5KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Khn
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1030056c876dd5eaa51c42a75aa21f32

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

setupapi

urlmon

winspool.drv

oledlg

sqlunirl

Sections

.vuryD Size: 4KB - Virtual size: 4KB

.rXIPQ Size: 83KB - Virtual size: 82KB

.SnO Size: 12KB - Virtual size: 12KB

.D Size: 3KB - Virtual size: 383KB

.I Size: 4KB - Virtual size: 50KB

.vxI Size: 5KB - Virtual size: 284KB

.Khn Size: 84KB - Virtual size: 83KB

.data Size: 10KB - Virtual size: 296KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 1024B

.vuryD
Size: 4KB - Virtual size: 4KB

.rXIPQ
Size: 83KB - Virtual size: 82KB

.SnO
Size: 12KB - Virtual size: 12KB

.D
Size: 3KB - Virtual size: 383KB

.I
Size: 4KB - Virtual size: 50KB

.vxI
Size: 5KB - Virtual size: 284KB

.Khn
Size: 84KB - Virtual size: 83KB

.data
Size: 10KB - Virtual size: 296KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 1024B