df291c415160186ad0fe5a3070694421_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df291c415160186ad0fe5a3070694421_JaffaCakes118
Size

203KB
MD5

df291c415160186ad0fe5a3070694421
SHA1

3af8d35471400167cc0a5f2b021f7f6bddc43d1e
SHA256

918952527d02ff559b77bbbbcc6311d895ee87912143842185e9a0244c8da7ff
SHA512

32759341e42a02d67af1eefc3f099f58999ccacb1303d1702512b7df2cf9d91ee36e2db638ae48467a425344500201bd94278b387a249a107f0b28c704e5375a
SSDEEP

3072:QTx8BfrPirFm7fqmRmCaPmzijOkJ7HZQaCGKoad2v27NOTUGDI29a:qi7iuTRmCagvg5QaCGKevEOTD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df291c415160186ad0fe5a3070694421_JaffaCakes118

Files

df291c415160186ad0fe5a3070694421_JaffaCakes118
.exe windows:4 windows x86 arch:x86

68e4b9ecbf473886e22e8d1c308db041

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
CreateThread
GlobalDeleteAtom
CreateMutexA
FatalAppExitW
GlobalGetAtomNameW
CreateEventW
GetLongPathNameA
SetPriorityClass
GetCalendarInfoW
WinExec
lstrcmpiA
lstrcmpi
lstrcmpiW
IsBadStringPtrA
CreateFileMappingA
QueryPerformanceCounter
lstrcpyn
OpenSemaphoreA
GetLongPathNameW
ExpandEnvironmentStringsW
IsBadWritePtr
GetSystemTime
GetNumberFormatA
FindResourceA
FileTimeToLocalFileTime
lstrlenW
IsBadCodePtr
GetFileType
GlobalAlloc
FatalAppExitA
GetThreadPriority
GetAtomNameW
GetFileTime
GetUserDefaultLangID
SleepEx
LoadLibraryA
CreateSemaphoreA
GetDiskFreeSpaceA
CreatePipe
GetProcAddress
lstrcpy
BeginUpdateResourceA
GetEnvironmentStringsW
GetAtomNameA
ReplaceFileA
lstrcmp
GetLastError
OpenWaitableTimerA
CreateNamedPipeA

user32

CopyImage
EndDialog
LoadMenuA
UnregisterClassW
FrameRect
GetIconInfo
InsertMenuItemW
GetClassLongA
GetDC
MonitorFromRect
GetTopWindow
CreateDesktopA
SetWindowLongW
EmptyClipboard
CreateWindowExA
SendMessageW
FindWindowA
RegisterClassExW
CharLowerW
DialogBoxIndirectParamW
CheckRadioButton
SendDlgItemMessageA
DestroyWindow
LoadIconW

gdi32

SetICMMode
ColorMatchToTarget
GetTextExtentPointA
GetObjectType
SetBrushOrgEx
GetObjectW
GetArcDirection
GetTextExtentPointW
GetDeviceGammaRamp
SetBoundsRect
CloseFigure
RestoreDC

advapi32

RegCreateKeyExA
RegEnumValueW
RegOpenKeyExA
RegFlushKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExA

shell32

SHGetDataFromIDListA
SHGetFileInfoA

shlwapi

SHCreateStreamOnFileW
PathIsSystemFolderA
StrRChrIW
StrToInt64ExW
PathFindFileNameA
PathIsUNCA
StrStrNW
SHRegDeleteUSValueW
PathRemoveBackslashA
PathStripPathA
PathCommonPrefixW
UrlIsOpaqueA
PathCompactPathExA
SHRegGetUSValueW
PathIsDirectoryEmptyA
PathMakeSystemFolderW
PathIsUNCServerShareW

opengl32

glVertex2d
wglDeleteContext
glBitmap
glDisableClientState
glColor4f
glColor4i
glNormal3b

winmm

mmTaskBlock
midiInGetErrorTextW

sqlunirl

_EnumServicesStatus_@32
_lstrcpy_@8
_CreateDesktop_@24
_WinHelp@16
_GetCommandLine_@0
_DefFrameProc_@20
_RegQueryValueEx_@24
_CreateMDIWindow_@40
_QueryServiceLockStatus_@16
_GetWindowLong@8
_RegDeleteKey_@8
_CreateDialogParam_@20
_OemToChar_@8
_CreateFile@28
_CopyEnhMetaFile_@8
_RegQueryValue_@16
_BackupEventLog_@8
_GetOpenFileName@4
_RegEnumValue_@32
_GetVersionEx@4
_GetLocaleInfo_@16
_TabbedTextOut_@32
newMultiByteFromWideChar
_OpenEvent_@12

crypt32

CertSetCRLContextProperty
CertEnumSubjectInSortedCTL
RegDeleteValueU
CryptVerifyDetachedMessageSignature
CertGetCRLFromStore
CryptSignMessage
CryptDecryptMessage
CertDuplicateCertificateChain
CryptMsgGetAndVerifySigner
CertEnumCRLContextProperties
CertAddEncodedCertificateToStore
CertOpenSystemStoreW

Sections

.DrbV
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SW
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.h
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jTRRaH
Size: 512B - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ubkk
Size: 5KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kKk
Size: 2KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68e4b9ecbf473886e22e8d1c308db041

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

opengl32

winmm

sqlunirl

crypt32

Sections

.DrbV Size: 1KB - Virtual size: 1KB

.SW Size: 3KB - Virtual size: 7KB

.h Size: 8KB - Virtual size: 7KB

.jTRRaH Size: 512B - Virtual size: 196KB

.ubkk Size: 5KB - Virtual size: 36KB

.kKk Size: 2KB - Virtual size: 310KB

.data Size: 120KB - Virtual size: 333KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 1024B - Virtual size: 676B

.DrbV
Size: 1KB - Virtual size: 1KB

.SW
Size: 3KB - Virtual size: 7KB

.h
Size: 8KB - Virtual size: 7KB

.jTRRaH
Size: 512B - Virtual size: 196KB

.ubkk
Size: 5KB - Virtual size: 36KB

.kKk
Size: 2KB - Virtual size: 310KB

.data
Size: 120KB - Virtual size: 333KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 1024B - Virtual size: 676B