e031abd93cfdaf826b5436b68693ca9d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e031abd93cfdaf826b5436b68693ca9d_JaffaCakes118
Size

584KB
MD5

e031abd93cfdaf826b5436b68693ca9d
SHA1

4e431bef9a28de3ee2898a855ff9da31628d7f1c
SHA256

8c95ac27a287dd0f097988e106213728a62ba2a07bfda1a4b82d0890878df209
SHA512

7c68ffc2269b7301ed38dbf6a98dc76d3ce60c827cdefd88cce3246b1dec3a322336e2110915a27e67068ed6ba706bfe6fcd465cc3d7e1cc733348fc773d8d04
SSDEEP

12288:I7Pz6lDw5TQ2MMYVNuJCtGGHAkC93iaWvB4KxN0Zp:I/TbYlgo893iaO+IyZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e031abd93cfdaf826b5436b68693ca9d_JaffaCakes118

Files

e031abd93cfdaf826b5436b68693ca9d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d54f28c8f3f907b88deea60f533d6445

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\butlsyeth\nuyezdalko\jyqxu\wrqee

Imports

kernel32

DosDateTimeToFileTime
GetSystemTimeAsFileTime
GetStringTypeW
VirtualQuery
GetTempFileNameA
GetCurrentThread
GetCommandLineA
GetLastError
LeaveCriticalSection
GetLocaleInfoA
SetLastError
CompareStringA
DeleteFiber
GetDiskFreeSpaceExW
SetThreadPriority
CreateWaitableTimerW
HeapReAlloc
GetCurrentProcess
FoldStringW
GetModuleFileNameA
LoadLibraryA
GetEnvironmentStringsW
GetVersionExA
OpenMutexA
GetDateFormatA
CloseHandle
VirtualFree
lstrcmpW
GetSystemTime
LCMapStringW
QueryPerformanceCounter
GetStdHandle
TlsAlloc
CreateSemaphoreA
GetTempPathA
GetLogicalDriveStringsA
TlsGetValue
GetModuleHandleA
GetTimeZoneInformation
GetPrivateProfileStructA
DeleteCriticalSection
GetProcAddress
FindNextFileW
EnumCalendarInfoExA
GetACP
GetUserDefaultLCID
GetTickCount
CreateEventW
EnumCalendarInfoExW
GetSystemInfo
GetEnvironmentStrings
VirtualFreeEx
GetCurrentThreadId
CreateMailslotA
RtlUnwind
CreateMutexA
TerminateProcess
GetLocaleInfoW
lstrcatA
GetFileType
IsValidCodePage
SetStdHandle
EnterCriticalSection
InitializeCriticalSection
CompareStringW
SetFilePointer
HeapSize
SetEnvironmentVariableA
EnumSystemLocalesA
ExitProcess
WideCharToMultiByte
FreeEnvironmentStringsW
GetProfileIntA
LoadLibraryW
GetCurrencyFormatA
GetCurrentProcessId
HeapCreate
HeapAlloc
GetStartupInfoA
GetStringTypeA
LCMapStringA
WriteFile
MultiByteToWideChar
VirtualAlloc
SetHandleCount
HeapDestroy
GetTimeFormatA
GetCPInfo
VirtualQueryEx
TlsFree
TlsSetValue
GetOEMCP
HeapFree
UnhandledExceptionFilter
InterlockedExchange
GetModuleHandleW
IsBadWritePtr
FlushFileBuffers
VirtualProtect
FreeEnvironmentStringsA
IsValidLocale
ReadFile
GetPrivateProfileSectionNamesW
WriteConsoleOutputAttribute
ReadConsoleOutputW
ReadConsoleOutputCharacterW

user32

DdeConnect
ActivateKeyboardLayout
MessageBoxW
DdeAddData
PaintDesktop
GetUpdateRect
RegisterClassExA
RegisterClipboardFormatW
DeleteMenu
DdeKeepStringHandle
InsertMenuW
SendInput
DefFrameProcA
OffsetRect
DefWindowProcA
EndPaint
SwitchToThisWindow
CheckDlgButton
GetMenuItemCount
CreateAcceleratorTableW
CharUpperW
GetMessageTime
GetUserObjectSecurity
DestroyCursor
TrackMouseEvent
GetFocus
SendNotifyMessageA
CascadeWindows
PackDDElParam
WindowFromDC
GetPriorityClipboardFormat
ShowCursor
CreateWindowExA
CreateDialogParamW
TileChildWindows
DestroyWindow
ModifyMenuW
RegisterClassA
AdjustWindowRect
SetMenuInfo
SetProcessDefaultLayout
LoadImageW
ShowWindow

gdi32

ScaleViewportExtEx
CreateDCW
SetWindowOrgEx
EnumFontsA
Ellipse
EnumFontFamiliesExW
CopyEnhMetaFileA
GetEnhMetaFileDescriptionA
GetCharacterPlacementA
GetGlyphOutlineW
PlayEnhMetaFileRecord
CombineTransform
Arc
SetBkColor
GetLayout
RemoveFontResourceW
GetObjectType
StartDocA
CreateEllipticRgn
OffsetClipRgn
SetEnhMetaFileBits

comctl32

ImageList_SetOverlayImage
GetEffectiveClientRect
MakeDragList
InitCommonControlsEx
ImageList_Create
CreatePropertySheetPageA
ImageList_Remove
ImageList_GetIcon
DrawStatusTextA

advapi32

StartServiceW
CryptHashSessionKey
CryptDestroyKey
ReportEventW
GetUserNameA
RegQueryInfoKeyA
RegQueryMultipleValuesW
InitializeSecurityDescriptor
CryptDuplicateKey
RegDeleteValueA
LookupPrivilegeNameA
AbortSystemShutdownA
LookupPrivilegeValueW
RegEnumValueA
RegConnectRegistryW
RegOpenKeyExW

comdlg32

FindTextW
PageSetupDlgA
PrintDlgA

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d54f28c8f3f907b88deea60f533d6445

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comctl32

advapi32

comdlg32

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 264KB - Virtual size: 262KB

.data Size: 112KB - Virtual size: 128KB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 264KB - Virtual size: 262KB

.data
Size: 112KB - Virtual size: 128KB

.rsrc
Size: 24KB - Virtual size: 21KB