f51133e86824ae2dbb5dc075af40e00a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f51133e86824ae2dbb5dc075af40e00a_JaffaCakes118
Size

858KB
MD5

f51133e86824ae2dbb5dc075af40e00a
SHA1

353eabd5bfe65830d8e8a10f479907225653d733
SHA256

5a78b8e12f267f8e32a3c9ac88078e1f0fe761e6aee1fc5a07ea10545afc5a33
SHA512

0333e85ffe679fa3c9bfcd47811fd726715a78508fce13fd18d76e9ca3d360751191fa6e323d70a7e647fb9abea07387212d345758e27da0856eddb1e585af4d
SSDEEP

24576:leyKYeMDTyQIz3iNJvlYwu8q6jnHb0DW:cceYAzSNfO96jHAi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f51133e86824ae2dbb5dc075af40e00a_JaffaCakes118

Files

f51133e86824ae2dbb5dc075af40e00a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b9ab0d9462255c13fb2ad2b493bd38cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcslwr
exp
_wunlink
_ismbbprint
_spawnlpe
freopen
_wcsrev
_spawnvp
_ismbcl1
wcstok
exit
_getmbcp
__p__acmdln
_adj_fdiv_m32
_CIatan
_mbbtombc
_mbspbrk
__setlc_active
memcmp
_ismbckata
_mbsrchr
_cwait
__getmainargs
_pctype
gets
_environ
_getwche
towlower
strcpy
__RTDynamicCast
_wctime
_mbsbtype
??0__non_rtti_object@@QAE@PBD@Z
_EH_prolog
fwscanf
__set_app_type
sqrt
_wspawnvp
_findnext
__p__commode
clock
iswprint
strcoll
_unloaddll
_resetstkoflw
_wexecv
strcmp
_write

gdi32

RectVisible
SetICMProfileA
GetMiterLimit
EndPath
GetTextExtentPoint32W
GdiSetPixelFormat
ExtSelectClipRgn
GdiEntry1
DeleteColorSpace
EngMarkBandingSurface
GdiDllInitialize
SetDIBColorTable
DdEntry53
GdiAddGlsRecord
GdiConvertToDevmodeW
SetStretchBltMode
DdEntry26
EngStrokePath
CLIPOBJ_ppoGetPath
RectInRegion
EngFillPath
CreateHalftonePalette
RemoveFontMemResourceEx
GetDeviceGammaRamp
DdEntry4
FONTOBJ_cGetAllGlyphHandles
SelectClipRgn
GetDIBits
BRUSHOBJ_ulGetBrushColor
FillPath
GdiEntry13
GetWindowOrgEx
EngDeleteSemaphore
EngReleaseSemaphore
GetDeviceCaps
Chord
SetWorldTransform
SetColorSpace
PATHOBJ_vGetBounds
GetTextFaceA
CreateFontIndirectExA
DdEntry50
GdiCleanCacheDC
CreateMetaFileA
PlayEnhMetaFile
EngUnlockSurface
GetKerningPairsA
GdiConvertEnhMetaFile
FONTOBJ_pQueryGlyphAttrs
GdiEntry4
SetRectRgn
EnableEUDC
GdiGetDC
GetDCBrushColor
GetColorAdjustment
SetFontEnumeration
CLIPOBJ_bEnum
XFORMOBJ_bApplyXform
CreateSolidBrush
GdiEntry12
DPtoLP
DdEntry3
CreateHatchBrush
SwapBuffers
GetGraphicsMode
GdiProcessSetup
AddFontMemResourceEx
CreateFontIndirectExW
SetLayout
DdEntry51
GdiReleaseLocalDC
GetTextCharacterExtra
CreateDIBitmap
SetBkColor
DdEntry11
GetObjectType
EngPaint
GetBitmapAttributes
GetICMProfileA
SetBitmapBits
EngTransparentBlt
ScaleWindowExtEx
SelectClipPath
PtInRegion

kernel32

UpdateResourceW
DeleteAtom
GetLastError
BeginUpdateResourceA
VirtualAlloc
GetNamedPipeHandleStateW
GetStringTypeExW
BuildCommDCBAndTimeoutsW
UnhandledExceptionFilter
HeapAlloc
LoadLibraryA
BuildCommDCBA
GetFullPathNameW
CreateMutexW
DisconnectNamedPipe
WritePrivateProfileStructW
ConvertThreadToFiber
MulDiv
DeleteFileA
CallNamedPipeA
CompareStringA
ReadConsoleOutputA
SetConsoleInputExeNameW
IsValidCodePage
EnterCriticalSection
EnumSystemLocalesW
ReleaseMutex
FindFirstChangeNotificationW
EnumSystemLanguageGroupsW
GlobalMemoryStatusEx
SetEnvironmentVariableA
LZRead
AllocateUserPhysicalPages
GetExitCodeThread
LocalSize
LocalFree

advapi32

MapGenericMask
RegOpenCurrentUser
WmiCloseBlock
GetSidIdentifierAuthority
MakeAbsoluteSD
QueryServiceLockStatusA
LookupSecurityDescriptorPartsW
GetManagedApplicationCategories
LsaOpenTrustedDomain
ElfBackupEventLogFileW
FileEncryptionStatusW
OpenTraceW
WmiQueryGuidInformation
LsaQueryInformationPolicy
NotifyBootConfigStatus
ElfOpenBackupEventLogA
RegSetValueW
CopySid
CryptHashSessionKey
SetNamedSecurityInfoExA
WmiMofEnumerateResourcesA
DecryptFileW
EnumDependentServicesW
CryptImportKey
SystemFunction017
SystemFunction034
CryptSetProviderExA
InitiateSystemShutdownA
RegSaveKeyW
LsaSetInformationPolicy
ElfReportEventW
FileEncryptionStatusA
EqualSid
AbortSystemShutdownW
CryptDeriveKey
GetSecurityDescriptorRMControl
RegSaveKeyA
IdentifyCodeAuthzLevelW
ConvertStringSidToSidA

user32

EndDialog

Sections

.text
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9ab0d9462255c13fb2ad2b493bd38cc

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

gdi32

kernel32

advapi32

user32

Sections

.text Size: 438KB - Virtual size: 438KB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 99KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 438KB - Virtual size: 438KB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 99KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B