efb182660c3b68832f4bc63a06fa168d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

efb182660c3b68832f4bc63a06fa168d_JaffaCakes118
Size

509KB
MD5

efb182660c3b68832f4bc63a06fa168d
SHA1

6a5786fb424d0bdd8f8d03ef2e27152f9e0fa4c9
SHA256

5d11f42444d484b42e8e31c10fc89314d8f0ea62d54fb3617129fe7137787f14
SHA512

dc67412a6a98f240a63548a516830cb5af9293d76108313a0a306fd8037bd09b0423f81de513a6fb8b6ec1d6efa3bbd293aa1ef7a038e16221122edcae43fdad
SSDEEP

12288:EsWbWNJfvEbIAWljYIx129MJAXVzIcCtZjDB9X9QnZSe:EZWNJH6pg0S126JAlzK/DmnZSe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efb182660c3b68832f4bc63a06fa168d_JaffaCakes118

Files

efb182660c3b68832f4bc63a06fa168d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4c5c7b25e85b3388425294f37cc6ec82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\gleelcwcba\t

Imports

kernel32

LCMapStringA
QueryPerformanceCounter
GetFileType
GetCurrentThread
InterlockedExchange
SetFilePointer
GetStringTypeA
LoadResource
TlsFree
GetEnvironmentStrings
HeapAlloc
GetSystemTime
EnumCalendarInfoExW
WriteConsoleInputA
EnumTimeFormatsA
LeaveCriticalSection
SetSystemTime
GetTimeZoneInformation
GetStartupInfoW
GetLocalTime
HeapReAlloc
TlsSetValue
RtlUnwind
GetStartupInfoA
SetConsoleWindowInfo
IsBadWritePtr
TerminateThread
TlsGetValue
FindResourceW
GetCommandLineA
WideCharToMultiByte
FindAtomA
FlushViewOfFile
GetStringTypeW
GetUserDefaultLCID
CompareFileTime
GetVolumeInformationW
GetLastError
CompareStringA
CreateFileMappingW
FlushFileBuffers
GetCurrencyFormatW
GetStdHandle
TransactNamedPipe
LoadLibraryA
GetPrivateProfileStructA
SetConsoleTextAttribute
GetModuleFileNameA
GetThreadSelectorEntry
HeapCreate
SetEvent
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
LCMapStringW
SetEnvironmentVariableA
WaitForSingleObject
WriteFile
GetThreadPriorityBoost
lstrcpy
GetProcAddress
EnterCriticalSection
MultiByteToWideChar
ReadFile
MoveFileExA
GetModuleHandleA
GetSystemTimeAsFileTime
ExitProcess
TerminateProcess
VirtualFree
GetThreadContext
SetConsoleActiveScreenBuffer
FreeEnvironmentStringsW
ReadConsoleW
DeleteCriticalSection
ExitThread
GetCurrentThreadId
SetStdHandle
CreateRemoteThread
GetTempPathA
CreateMailslotA
InterlockedDecrement
GetTickCount
CloseHandle
GetProfileSectionW
GetConsoleMode
GetCPInfo
WriteFileEx
GetShortPathNameA
CreateMutexA
HeapDestroy
GetCommandLineW
VirtualAlloc
UnhandledExceptionFilter
GetVersion
LocalCompact
GetCurrentProcessId
FreeEnvironmentStringsA
InterlockedIncrement
SetConsoleTitleW
GlobalFree
GlobalSize
SetLastError
GetConsoleTitleW
ReadConsoleOutputCharacterA
DeleteFiber
OpenMutexA
GetModuleFileNameW
VirtualQuery
SetHandleCount
SetCurrentDirectoryW
HeapFree
EnumSystemLocalesA
OpenMutexW
GetCurrentProcess
CompareStringW
GetTempPathW
GetEnvironmentStringsW
TlsAlloc

user32

DlgDirSelectExA
IsZoomed
AnimateWindow
UnloadKeyboardLayout
MessageBoxA
ExcludeUpdateRgn
DefWindowProcA
CreateWindowExW
ShowWindow
DdeAddData
SetThreadDesktop
DestroyWindow
SetMenuInfo
CallMsgFilterW
CloseClipboard
DestroyCaret
GetMessageW
MessageBoxIndirectW
SendNotifyMessageA
RegisterClassExA
WaitMessage
ModifyMenuA
GetMessageTime
RegisterClassA
DlgDirListComboBoxW

comctl32

ImageList_DrawEx
ImageList_SetDragCursorImage
DrawInsert
ImageList_LoadImageW
ImageList_GetImageCount
CreateToolbarEx
ImageList_Draw
DrawStatusText
ImageList_SetFilter
ImageList_SetIconSize
ImageList_LoadImage
CreateStatusWindowW
ImageList_Duplicate
DrawStatusTextW
CreatePropertySheetPageA
InitCommonControlsEx
ImageList_DragLeave
ImageList_DrawIndirect
ImageList_Replace
ImageList_GetDragImage

shell32

SHLoadInProc
RealShellExecuteExW

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c5c7b25e85b3388425294f37cc6ec82

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

shell32

Sections

.text Size: 143KB - Virtual size: 142KB

.rdata Size: 249KB - Virtual size: 248KB

.data Size: 108KB - Virtual size: 129KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 143KB - Virtual size: 142KB

.rdata
Size: 249KB - Virtual size: 248KB

.data
Size: 108KB - Virtual size: 129KB

.rsrc
Size: 8KB - Virtual size: 8KB