ef4042b0a415af9b90eba47237b366ac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ef4042b0a415af9b90eba47237b366ac_JaffaCakes118
Size

246KB
MD5

ef4042b0a415af9b90eba47237b366ac
SHA1

bd5fef6e9961f307e08d395f8b25f356e5552f77
SHA256

4b4fff78e90812a1ab3f21e7988e36e056cf93f1afff04e88582789bb0f7e9de
SHA512

5fe9737d1b468d8ddb99ce580da6079a91bb7a6517f057f2bc6d220a75f597f175e1c97d86a312d26adb6632641f032ca4c9f93db1540d73cc958d5058c6f792
SSDEEP

6144:g1AxzMSuyzjVp2G30JQcdcR9dftk7SwLa5:dxASuoVp2i0J1dCHYjO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef4042b0a415af9b90eba47237b366ac_JaffaCakes118

Files

ef4042b0a415af9b90eba47237b366ac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8404e15353202f08118d73ecb4eb0e70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
WaitForMultipleObjects
GetModuleHandleW
GetVersionExW
MoveFileW
GetWindowsDirectoryW
lstrlenW
lstrcpynW
GetStartupInfoW
GetCurrentProcess
GetTimeFormatW
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
GetExitCodeProcess
SetErrorMode
IsBadReadPtr
RemoveDirectoryW
GetTempPathW
InitializeCriticalSection
CreateMutexW
GetCurrentProcessId
GetLocalTime
OpenEventW
LocalFree
Sleep
GetModuleFileNameW
LoadLibraryW
FreeLibrary
CreateDirectoryW
ExpandEnvironmentStringsA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoA
LoadLibraryA
GetFileAttributesW
GetVolumeInformationW
CreateEventW
GetLastError
SetEvent
GetDateFormatW
WaitForSingleObject
CreateMutexA
GetProcAddress
GetModuleHandleA

user32

GetForegroundWindow
wsprintfW
CharUpperW
EnableWindow
LoadBitmapA
GetTopWindow
SetDlgItemTextA
GetIconInfo
SetTimer
EndMenu
CharNextA
WinHelpW
GetClassInfoW
MessageBoxIndirectW
PostMessageA
MonitorFromPoint
GetDlgItemInt
UnregisterClassW
PostMessageW
CreateDialogParamW
SetFocus
LoadCursorA
IsMenu
InsertMenuItemA
RegisterClassExA
LoadMenuIndirectA
SetWindowTextA
GetDCEx
CharPrevW
RegisterClassW
SetWindowRgn
CreateMenu
RegisterClassExW
MessageBoxW

advapi32

RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
BuildExplicitAccessWithNameW
FreeSid
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
GetSecurityInfo
LookupPrivilegeValueW
CreateProcessAsUserW
EqualSid
GetTokenInformation
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
LookupAccountSidW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
StartServiceCtrlDispatcherW
RegisterEventSourceW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ShellExecuteW

winipsec

GetQMPolicy
DeleteMMPolicy

gdi32

AddFontResourceA
RemoveFontResourceExA
CreatePen
CreateColorSpaceW
GetTextExtentPointW
CreateBitmapIndirect
CreatePolygonRgn
CreateSolidBrush
UpdateICMRegKeyA

avifil32

DllGetClassObject
AVIFileExit
AVIClearClipboard
DllCanUnloadNow
AVIStreamOpenFromFileA
AVIStreamGetFrameOpen
EditStreamPaste
AVISaveVW
AVIFileWriteData

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.icode
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TX
Size: 100KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jbk
Size: 109KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8404e15353202f08118d73ecb4eb0e70

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

shell32

winipsec

gdi32

avifil32

Sections

CODE Size: 5KB - Virtual size: 5KB

.icode Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 12KB

.TX Size: 100KB - Virtual size: 183KB

.data Size: 5KB - Virtual size: 372KB

.jbk Size: 109KB - Virtual size: 203KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 4KB

CODE
Size: 5KB - Virtual size: 5KB

.icode
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 12KB

.TX
Size: 100KB - Virtual size: 183KB

.data
Size: 5KB - Virtual size: 372KB

.jbk
Size: 109KB - Virtual size: 203KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 4KB