f18f62722ecab010c9e35b671c65b6a6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f18f62722ecab010c9e35b671c65b6a6_JaffaCakes118
Size

912KB
MD5

f18f62722ecab010c9e35b671c65b6a6
SHA1

c48bc8ea009245c325496c547e4256efa2d76a63
SHA256

507c4ca5203a7e70ab272f1df71e55e6d5b21f018fe51d2b3975e296d60cc0b5
SHA512

bebff006ed48c08573fb3fc29ee3cbea5406b1be04bde9b54fbb2361228616b86bcc2d76a32b2f1c69cd1bff75433a2f241a883fc836dd8cdbc145be20d1b1b0
SSDEEP

6144:b3bDksaZLLP8OvtzpfzzlPFAAfwG44X0m+Z1Af61g8nKB17M1hRJd:jvksaZLwOvTzRP6Af44ajACi8Kr7M1T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f18f62722ecab010c9e35b671c65b6a6_JaffaCakes118

Files

f18f62722ecab010c9e35b671c65b6a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a847cd72b1f7bfaf97d49dd38246ae25

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
GetTickCount
GetSystemTimeAsFileTime
GetConsoleTitleA
GetTempFileNameW
LZCopy
FindNextFileA
GetThreadLocale
InterlockedPushEntrySList
CreateActCtxA
GetTapeStatus
MapUserPhysicalPagesScatter
SetInformationJobObject
FindNextVolumeW

user32

GetAsyncKeyState
GetUpdateRgn
GetClipCursor
GetInputDesktop
DrawCaption
CloseClipboard
IsWindowVisible
CopyAcceleratorTableA
DdeCmpStringHandles
GetKeyboardState
DdeDisconnectList
RegisterClipboardFormatA
SetWindowsHookA
ReplyMessage
GetAltTabInfoA
GetAltTabInfoW
DrawStateW
GetWindowPlacement
GetKeyboardLayout
CreateDialogIndirectParamA
MessageBoxW
GetKeyboardType
WINNLSEnableIME
CsrBroadcastSystemMessageExW
GetKeyState
OemToCharBuffW
MsgWaitForMultipleObjects
PackDDElParam
LoadMenuIndirectW
BroadcastSystemMessage
GetMouseMovePointsEx
DrawTextExA
ValidateRgn

shell32

StrChrIA
SHCreateFileExtractIconW
StrStrA
SHGetSetSettings
SHGetDesktopFolder
SHGetNewLinkInfo
ILAppendID
PifMgr_SetProperties
SHFreeNameMappings
ILIsEqual
StrNCmpIA
DAD_AutoScroll
IsLFNDriveA
SHCreateQueryCancelAutoPlayMoniker
DAD_SetDragImage
ExtractAssociatedIconExW
PathYetAnotherMakeUniqueName
SHOpenFolderAndSelectItems
ShellExecuteEx
Control_RunDLLA
SHGetDiskFreeSpaceA
SHGetFolderPathA
RealShellExecuteA
IsNetDrive
SHFileOperationA
SHGetIconOverlayIndexA
SHChangeNotification_Unlock
StrRChrW
SHPropStgCreate

comctl32

UninitializeFlatSB
FlatSB_GetScrollProp
DestroyPropertySheetPage
SetWindowSubclass
ImageList_SetIconSize
ImageList_SetFilter
ImageList_DrawEx
ImageList_Replace
CreatePropertySheetPageW
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_GetImageCount
DPA_Sort
CreateStatusWindowW
ImageList_Draw
CreateUpDownControl
CreateStatusWindowA
CreateToolbarEx
FlatSB_GetScrollPos
DSA_Destroy
GetEffectiveClientRect
FlatSB_SetScrollRange
DrawStatusTextW
ImageList_GetImageRect
FlatSB_SetScrollInfo
AddMRUStringW

oleaut32

VarMod
VarAnd
VarSub
VARIANT_UserSize
VarBoolFromI1
VarOr
VarBoolFromI2
VarI8FromI1
GetActiveObject
DllGetClassObject
VarI2FromI1
OaBuildVersion
VarR4CmpR8
BSTR_UserFree
DllRegisterServer
VariantCopyInd
VarI1FromCy
VarR8FromDec
GetAltMonthNames
VarCyNeg
VarDateFromUI1
VarDecFromI2
LHashValOfNameSysA
OleCreateFontIndirect
SysFreeString
VarDecFromR4
VarBstrFromUI4
VarCyFromStr
BstrFromVector

winspool.drv

DocumentPropertiesA
QueryColorProfile
ConnectToPrinterDlg
AddPrinterDriverW
DeletePrinterDataA
FlushPrinter
PrinterMessageBoxA
EnumJobsW
EnumFormsA
DeleteMonitorA
AddFormW
EnumMonitorsA
EnumPrinterKeyW
GetPrinterW
AbortPrinter
PerfOpen
PerfClose
GetPrinterDriverDirectoryA
DeletePrinterIC
EnumPrintersW
GetPrintProcessorDirectoryA
AdvancedDocumentPropertiesA
GetPrinterDriverDirectoryW
SpoolerPrinterEvent
AddMonitorW
EnumPrinterDataExA
AddPrinterW
EnumPrintProcessorDatatypesW
OpenPrinterW

advapi32

WmiReceiveNotificationsA
FileEncryptionStatusW
UpdateTraceA
FindFirstFreeAce
InitiateSystemShutdownW
UnregisterIdleTask
SaferiIsExecutableFileType
RegQueryMultipleValuesA
SystemFunction003
RegisterEventSourceW
RegSaveKeyExW
GetTrusteeFormW
SaferGetLevelInformation
InitializeSecurityDescriptor
ConvertSecurityDescriptorToAccessW
RegQueryValueExW
RegDisablePredefinedCacheEx
CredReadA
RegNotifyChangeKeyValue
WmiExecuteMethodA
CryptImportKey
ClearEventLogA
LookupSecurityDescriptorPartsW
ConvertSecurityDescriptorToAccessNamedA
CredEnumerateA
SystemFunction028
ElfBackupEventLogFileW
DeregisterEventSource
LsaSetQuotasForAccount
ConvertAccessToSecurityDescriptorA
CryptSetProviderExA
ConvertSecurityDescriptorToStringSecurityDescriptorA
BuildTrusteeWithObjectsAndSidW
RegQueryValueExA
ObjectOpenAuditAlarmA
GetWindowsAccountDomainSid
SetEntriesInAccessListW
EnumServicesStatusExW
SystemFunction032
AllocateAndInitializeSid
CredGetTargetInfoW
LsaSetSystemAccessAccount

winmm

mmioFlush
waveInGetDevCapsA
mciLoadCommandResource
mci32Message
waveOutPause
midiOutLongMsg
mixerMessage
midiInStop
waveOutBreakLoop
mmioInstallIOProcW
DefDriverProc
mmioCreateChunk
mixerGetDevCapsA
auxOutMessage
waveOutGetPitch
mixerOpen
waveInGetID
joySetCapture
wod32Message
midiStreamProperty
waveOutOpen
waveOutGetErrorTextW
midiOutMessage
midiStreamPosition
midiOutSetVolume
joyGetThreshold
mciGetDriverData
waveInReset
midiOutCacheDrumPatches
waveInGetNumDevs
mixerGetControlDetailsW
PlaySound
midiStreamClose
sndPlaySoundA
mixerGetNumDevs

imagehlp

SymGetLineFromName
SymUnloadModule64
SymGetModuleInfo64
SymEnumerateModules
ImageRvaToVa
UnDecorateSymbolName
SymLoadModule
ImageLoad
EnumerateLoadedModules64
TouchFileTimes
FindFileInSearchPath
SearchTreeForFile
SymSetOptions
SymGetSymFromName
FindDebugInfoFile
ImageNtHeader
ImageRvaToSection
ImagehlpApiVersionEx
MapAndLoad
SymMatchFileName
ImagehlpApiVersion
SymGetLinePrev64
ReBaseImage
GetImageConfigInformation
GetTimestampForLoadedLibrary
StackWalk
SymGetModuleInfo

Sections

.text
Size: 808KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a847cd72b1f7bfaf97d49dd38246ae25

Headers

File Characteristics

Imports

kernel32

user32

shell32

comctl32

oleaut32

winspool.drv

advapi32

winmm

imagehlp

Sections

.text Size: 808KB - Virtual size: 808KB

.rdata Size: 512B - Virtual size: 4KB

.data Size: 93KB - Virtual size: 93KB

.rdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 484B

.text
Size: 808KB - Virtual size: 808KB

.rdata
Size: 512B - Virtual size: 4KB

.data
Size: 93KB - Virtual size: 93KB

.rdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 484B