f6070d76516c22f52cf8adce5dc57b69_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f6070d76516c22f52cf8adce5dc57b69_JaffaCakes118
Size

700KB
MD5

f6070d76516c22f52cf8adce5dc57b69
SHA1

2557398825564466477dba50deb869b582132423
SHA256

39604c0b0097b5131b53146d447513db7d15e85a96f592dc2b1d2fda0e85c992
SHA512

e64b2bbf8eed98bb39df3b0c8fe99799bba3f1e528cb5122da81ebcfb22838106354ea527c7d9661d8eaee332f0bb64766e4e6e86e7287d72a7911df500626f2
SSDEEP

12288:l12n3E6wo6z5FelWIHRe4yP6HrgzwjleMU:l12nU6wtz5Fe8IHRe4wwrgzieD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6070d76516c22f52cf8adce5dc57b69_JaffaCakes118

Files

f6070d76516c22f52cf8adce5dc57b69_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a51754e5a712b3517d8450de1d58d55

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileSize
GetFileTime
ReadFile
WriteFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryExA
WaitForSingleObject
CreateProcessA
LoadLibraryA
GetTempPathA
GetWindowsDirectoryA
GetTickCount
SetEvent
OpenEventA
GetPrivateProfileStringA
GetCurrentProcess
GetVersionExA
GetShortPathNameA
GetSystemDirectoryA
WinExec
SetFileTime
SetFileAttributesA
GetPrivateProfileSectionA
MoveFileExA
IsBadWritePtr
IsBadReadPtr
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA
WritePrivateProfileStringA
RemoveDirectoryA
GlobalFree
GlobalUnlock
GlobalAlloc
SystemTimeToFileTime
GetModuleHandleA
GetVersion
CreateThread
lstrcpynA
Sleep
lstrcmpiA
GetCurrentThreadId
QueryPerformanceFrequency
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcatA
GetCurrentProcessId
CreateFileW
GetLocaleInfoA
LockResource
LoadResource
FindResourceA
CreateFileA
FindFirstFileA
FindClose
GetDiskFreeSpaceA
lstrlenW
EnterCriticalSection
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
lstrcmpA
FindNextFileA
CloseHandle
GlobalLock
CreateEventA
LeaveCriticalSection
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
SetLastError
GetLastError
GetFileAttributesA
MoveFileA
CopyFileA
DeleteFileA
CreateDirectoryA
lstrcpyA
IsBadCodePtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
UnhandledExceptionFilter
HeapSize
HeapReAlloc
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
SetUnhandledExceptionFilter
TlsGetValue
TlsAlloc
ExitProcess
GetStartupInfoA
InterlockedExchange
VirtualQuery
VirtualProtect
SearchPathA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ResetEvent
QueryPerformanceCounter
GetCurrentThread
RtlUnwind
RaiseException
TlsSetValue
ExitThread
HeapAlloc
HeapFree
GetModuleFileNameA

user32

CreateDialogIndirectParamA
SendMessageA
DestroyWindow
GetDlgItem
PeekMessageA
IsDialogMessageA
SetDlgItemTextA
MsgWaitForMultipleObjects
MessageBoxA
WaitForInputIdle
CharNextA
LoadStringA
CharUpperA
ExitWindowsEx
CharLowerBuffA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
PostThreadMessageA
GetDesktopWindow

gdi32

TranslateCharsetInfo
CreateFontIndirectA
DeleteObject
GetObjectA

advapi32

RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegConnectRegistryA
RegDeleteValueA
RegQueryInfoKeyA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegQueryValueA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

StgCreateDocfile
StgOpenStorage
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoInitialize
CoGetInterfaceAndReleaseStream
CoTaskMemFree
ProgIDFromCLSID
WriteClassStm
OleSaveToStream
OleLoadFromStream
CreateStreamOnHGlobal
GetRunningObjectTable
CreateItemMoniker
StringFromCLSID
CoRegisterClassObject
CoCreateGuid
CLSIDFromString
CreateFileMoniker
CoReleaseMarshalData
CoMarshalInterface
CoUnmarshalInterface
CoRevokeClassObject

oleaut32

SysStringByteLen
SysAllocStringByteLen
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopyInd
SetErrorInfo
CreateErrorInfo
LoadTypeLi
RegisterTypeLi
SafeArrayCreate
SafeArrayGetElement
SafeArrayDestroy
SafeArrayPutElement
VariantCopy
VariantChangeType
VariantInit
LoadRegTypeLi
SysAllocStringLen
SysStringLen
SysReAllocStringLen
VariantClear
SysAllocString
SysFreeString
SafeArrayCopy

msi

ord31
ord159
ord8
ord160
ord117
ord93
ord112
ord49
ord103
ord124
ord17
ord120
ord73
ord79
ord116
ord75
ord95
ord91
ord87
ord189
ord18
ord46
ord33
ord136
ord144
ord141
ord168
ord7
ord67
ord146

rpcrt4

RpcServerListen
NdrPointerBufferSize
NdrPointerMarshall
NdrPointerFree
NdrServerInitializeNew
NdrConvert
NdrConformantStringUnmarshall
RpcRaiseException
I_RpcGetBuffer
RpcMgmtStopServerListening
RpcServerUnregisterIf
RpcServerUseProtseqEpA
RpcServerRegisterIf

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 436KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 36KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.2rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a51754e5a712b3517d8450de1d58d55

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msi

rpcrt4

comctl32

version

Sections

.text Size: 436KB - Virtual size: 432KB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 36KB - Virtual size: 122KB

.rsrc Size: 76KB - Virtual size: 73KB

.2rdata Size: 68KB - Virtual size: 68KB

.text
Size: 436KB - Virtual size: 432KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 36KB - Virtual size: 122KB

.rsrc
Size: 76KB - Virtual size: 73KB

.2rdata
Size: 68KB - Virtual size: 68KB