e7c3ab0f7b5c809977a4865e74899ccb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e7c3ab0f7b5c809977a4865e74899ccb_JaffaCakes118
Size

860KB
MD5

e7c3ab0f7b5c809977a4865e74899ccb
SHA1

ab2dbb6e074df592ca92326efa14a0758cba5e79
SHA256

27b580b1156add1d4b8c3db4f2912663c714583db0ab5bab9549bc47d0b3e96c
SHA512

b2376d1334e66b5362f048fb625d07dd3d6d4dcdae04aaf03ac31e1c5969192375d52b055a4096b7829f2eb192885e99cbd8636a44a2e2bf03026b77567cafc2
SSDEEP

24576:+NWSXSR45Lx/WJO3Z91CQq+47kElkBvJeX:hJ8RCQqZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7c3ab0f7b5c809977a4865e74899ccb_JaffaCakes118

Files

e7c3ab0f7b5c809977a4865e74899ccb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a30422ce7cf11f80ec26e7319e5185fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualProtect
ExitProcess
GetProcessId
lstrcmpA
GetCurrentThreadId
GetLastError
SetLastError
GetCurrentProcess
GetACP
lstrlenA
lstrcatA
GetTickCount
HeapValidate
GetFileInformationByHandle
InitializeCriticalSection
EnumSystemCodePagesA
_hread
GetPrivateProfileStructA
FormatMessageA
ReadConsoleInputExW
DnsHostnameToComputerNameW
OpenEventA
WriteConsoleInputVDMA
NlsGetCacheUpdateCount

oledlg

OleUIConvertW
OleUIBusyA
OleUIConvertA
OleUIBusyW
OleUIChangeIconW

user32

GetKeyboardType
LoadMenuW
GetCaretBlinkTime
SetCursor
GetAsyncKeyState
GetCapture
ReleaseDC
GetActiveWindow
CheckMenuItem
GetWindowDC
GetMenu
SetWindowPos
CheckRadioButton
SetFocus
CheckMenuRadioItem
ShowWindow
DrawMenuBar
CheckDlgButton
ReleaseCapture
FrameRect
SetLayeredWindowAttributes
SendInput
EnumDesktopsW
GetMenuBarInfo
GetProcessWindowStation
TranslateAcceleratorW
CharNextA
GetMenuStringA
RegisterRawInputDevices
SetDeskWallpaper
DrawCaption
GetClipboardViewer
AllowForegroundActivation
CloseWindowStation
CharPrevExA

ole32

OleUninitialize
OleInitialize
EnableHookObject
OleCreateDefaultHandler
CoIsOle1Class
IsValidPtrIn
CreateAntiMoniker
CoUninitialize
CoUnloadingWOW
CoEnableCallCancellation
HPALETTE_UserSize

comctl32

InitCommonControls
MenuHelp
ImageList_Replace
ImageList_GetFlags
GetEffectiveClientRect
DrawStatusText
FlatSB_SetScrollRange
DSA_Create
ImageList_Merge
PropertySheet
PropertySheetW
ImageList_AddIcon
DPA_InsertPtr
DrawStatusTextA
InitMUILanguage
FlatSB_GetScrollRange
DPA_DestroyCallback
FlatSB_SetScrollPos
ImageList_SetIconSize
ShowHideMenuCtl

advapi32

ElfOpenBackupEventLogW
DeregisterEventSource
SystemFunction034
SystemFunction022
CredRenameA
SystemFunction017
InitiateSystemShutdownExA
CredReadDomainCredentialsA
GetExplicitEntriesFromAclA
WmiQueryAllDataW
CryptVerifySignatureW
MakeSelfRelativeSD
CredWriteA
CryptGetUserKey
SystemFunction033
LsaSetSecurityObject
AddAuditAccessAce
RegDeleteKeyA
ProcessIdleTasks

winmm

timeSetEvent
mixerGetLineControlsW
waveInGetPosition
mmioOpenW
mmioSetInfo
tid32Message
midiInAddBuffer
waveOutPrepareHeader
timeKillEvent
DriverCallback
waveOutSetPlaybackRate

msimg32

DllInitialize
vSetDdrawflag
TransparentBlt
GradientFill
AlphaBlend

winspool.drv

CloseSpoolFileHandle
AddPrinterW
AddPrinterDriverW
EnumPrintProcessorDatatypesW
GetFormA
DeletePrinterDriverW
EnumPrintersA
FindNextPrinterChangeNotification
DeletePrinterDataA
EnumPortsW

shlwapi

UrlEscapeA
PathGetArgsW
PathParseIconLocationA
SHDeleteValueA
StrSpnA
PathCombineA

imagehlp

SearchTreeForFile
MapFileAndCheckSumA
SymLoadModule
SymGetSymFromName
ImagehlpApiVersion
ReBaseImage64
UnMapAndLoad
RemovePrivateCvSymbolicEx

gdi32

OffsetRgn
GdiEntry16
GdiEntry1
GdiFullscreenControl
CreatePolygonRgn
GdiConvertEnhMetaFile
SelectBrushLocal
CreateDCA
EngQueryLocalTime

shell32

RealShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderPathW
SHAddToRecentDocs
SignalFileOpen
ILFindLastID
SHCreatePropSheetExtArray
SHCreateFileExtractIconW
SHFileOperationA
SHPropStgReadMultiple
SHFileOperationW

Sections

.text
Size: 852KB - Virtual size: 851KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a30422ce7cf11f80ec26e7319e5185fb

Headers

File Characteristics

Imports

kernel32

oledlg

user32

ole32

comctl32

advapi32

winmm

msimg32

winspool.drv

shlwapi

imagehlp

gdi32

shell32

Sections

.text Size: 852KB - Virtual size: 851KB

.data Size: 7KB - Virtual size: 7KB

.text
Size: 852KB - Virtual size: 851KB

.data
Size: 7KB - Virtual size: 7KB