e12ec853eb00db58228c70a1453fe775_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e12ec853eb00db58228c70a1453fe775_JaffaCakes118
Size

688KB
MD5

e12ec853eb00db58228c70a1453fe775
SHA1

b2827d55e685b3cf713a3555aed576bc7ed26c1e
SHA256

890503b7e6c2ab52805e27bb66a524ade67bac5c231fbad71719117381b55001
SHA512

3eb01bff8f1e3b9d4ed7ca5da82af540c10583c4cc938c1fe07f46854d9f89c8c5b846f2a192fe140f704b29470668578710be56c8ecbc3ddee2d8e5ad98d783
SSDEEP

12288:reMDiAEx9M51yeYGaxnwQjrH5Gl2IihWzxOL9W4Hl7nPUVrdVH7:SMnE05/Yv9wQjlGgVgx0WQPQrrH7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e12ec853eb00db58228c70a1453fe775_JaffaCakes118

Files

e12ec853eb00db58228c70a1453fe775_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5dd9225b9b96b2b7f222625c89070af8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\fog\eoctedqlc\sdfbncprs.pdb

Imports

kernel32

VirtualAlloc
FindClose
GetModuleHandleA
HeapDestroy
GetCurrentThreadId
UnmapViewOfFile
GetFileType
GetModuleHandleW
GetStringTypeW
FormatMessageA
InterlockedIncrement
GetLastError
GetLocalTime
CompareStringA
InitializeCriticalSection
SetHandleCount
SetFilePointer
TerminateProcess
GetVersion
ResetEvent
LeaveCriticalSection
lstrcmpW
CompareStringW
CreateFileMappingA
WriteFile
GetEnvironmentStrings
GetTimeFormatA
GetModuleFileNameA
lstrcmpA
VirtualQuery
GetTempPathA
WaitForMultipleObjects
VirtualFree
WaitForSingleObject
CreateMutexW
LCMapStringA
lstrlenW
FreeEnvironmentStringsW
MultiByteToWideChar
GetCurrentProcess
GlobalDeleteAtom
CloseHandle
GlobalAlloc
WideCharToMultiByte
GetFileSize
QueryPerformanceCounter
SetEnvironmentVariableA
GetStringTypeA
IsBadWritePtr
TlsGetValue
GetCurrentProcessId
GetVersionExA
TlsAlloc
HeapCreate
SetLastError
GetTickCount
UnhandledExceptionFilter
ReadFile
GetModuleFileNameW
FreeEnvironmentStringsA
HeapReAlloc
ExpandEnvironmentStringsA
SetStdHandle
GetCommandLineA
HeapAlloc
LCMapStringW
LoadLibraryA
LocalAlloc
RtlUnwind
HeapFree
IsValidLocale
IsBadCodePtr
GetCommandLineW
GetStartupInfoW
DeleteCriticalSection
IsBadReadPtr
SetUnhandledExceptionFilter
LoadLibraryW
InterlockedDecrement
RaiseException
GetCPInfo
EnterCriticalSection
TerminateThread
GetTimeZoneInformation
ExitProcess
LocalFree
GetStartupInfoA
DeleteFileW
GlobalUnlock
FlushInstructionCache
GetProcAddress
GetEnvironmentStringsW
TlsSetValue
GetSystemTimeAsFileTime
SetEndOfFile
CreateFileA
FlushFileBuffers
GetSystemTime
GetProcessHeap
InterlockedExchange
GetStdHandle
LockResource

oleaut32

LoadTypeLi

shell32

SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW
SHChangeNotify
SHGetDesktopFolder
SHGetFileInfoW

gdi32

SaveDC
GetTextMetricsW
PtInRegion
LineTo
RestoreDC
GetTextExtentPoint32W
StretchDIBits
CreatePen
SetWindowExtEx
SelectClipRgn
IntersectClipRect
Rectangle
RectVisible
CombineRgn
StretchBlt
EqualRgn
EndDoc
GdiFlush
CreateDCW
CreateDIBSection
GetPixel
SetStretchBltMode
AbortDoc
EndPage
DeleteDC
SetMapMode
SelectObject
RoundRect
GetObjectW
GetStockObject
CreateSolidBrush
SetWindowOrgEx
SetViewportOrgEx
StartPage
GetDeviceCaps
CreateCompatibleDC
SetBkMode

user32

FrameRect
GetParent
GetSysColorBrush
IsZoomed
GetClientRect
GetWindowRect
DestroyWindow
GetMenuItemCount
DefWindowProcW
UnregisterClassA
ShowWindow
InsertMenuW
RedrawWindow
IsWindow
LoadIconW
DrawTextW
GetMenuDefaultItem
CreateDialogIndirectParamW
SetScrollPos
SendMessageW
MessageBoxA
RegisterClassW
SetRect
CreateWindowExW
GetNextDlgTabItem
CheckMenuItem
IsClipboardFormatAvailable
DestroyIcon
EmptyClipboard
ShowOwnedPopups
SetMenu
GetCapture
InvalidateRect
SetWindowLongW
SendDlgItemMessageA
LoadCursorW
GetWindowThreadProcessId
TranslateMessage
RegisterClassExW
LoadStringW
CloseClipboard
CallWindowProcW
UpdateWindow
GetDoubleClickTime
GetDlgCtrlID
DrawMenuBar
MessageBoxW
GetKeyState

ole32

GetRunningObjectTable
CoRegisterClassObject
ReleaseStgMedium
CreateItemMoniker
StgCreateDocfile
OleUninitialize
CoTaskMemFree
OleSetClipboard
CreateBindCtx
CoRegisterMessageFilter
StringFromGUID2

comctl32

ImageList_GetIconSize
ImageList_Draw
ImageList_LoadImageA
_TrackMouseEvent
InitCommonControlsEx
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_GetImageInfo
PropertySheetA
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
DestroyPropertySheetPage
ImageList_Add

advapi32

RegCreateKeyExA
OpenThreadToken
RegCloseKey
RegOpenKeyExA
GetUserNameA
LookupPrivilegeValueA
RegDeleteKeyA
RegEnumKeyExA
CloseServiceHandle
RegQueryInfoKeyA
RegSetValueExA
CreateServiceA
RegEnumKeyA
OpenProcessToken
RegQueryValueExA
OpenSCManagerA
RegOpenKeyA
ControlService
SetSecurityDescriptorDacl
RegDeleteValueA
InitializeSecurityDescriptor
DeleteService
GetTokenInformation
AllocateAndInitializeSid

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dd9225b9b96b2b7f222625c89070af8

Headers

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

shell32

gdi32

user32

ole32

comctl32

advapi32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 468KB - Virtual size: 467KB

.data Size: 108KB - Virtual size: 105KB

.rsrc Size: 36KB - Virtual size: 32KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 468KB - Virtual size: 467KB

.data
Size: 108KB - Virtual size: 105KB

.rsrc
Size: 36KB - Virtual size: 32KB