f62417c91be8be66796baedf422300d6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f62417c91be8be66796baedf422300d6_JaffaCakes118
Size

1.1MB
MD5

f62417c91be8be66796baedf422300d6
SHA1

e418bf9a18d29281361cc00faccb3cd763db70d3
SHA256

ea11b03393779d3b84549efa5009551ecd524d6bb1b20a582083f88f0d0f4b4a
SHA512

5374ebfbbc4cced9e4e5af0618614a1c91afa8b83d254ae64cfa112c83d4cd175732f4c6a1142a200f30eaa3d0435ce6ecc1f68e94fde68d53b5022b6398ec6b
SSDEEP

6144:oWTBIpPBj81wArAivppp91Zv+3ng2Ckj450bjZ3N8qxco19F9RpJJJyumIL075L:oWTapwTUL7j45klxco1/vSCc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f62417c91be8be66796baedf422300d6_JaffaCakes118

Files

f62417c91be8be66796baedf422300d6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

81b153ec7a955623b29b47d0ff0e7772

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamClose

ws2_32

WSAGetLastError

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmDisableIME
ImmGetContext

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetTempFileNameW
SetFileTime
GlobalAlloc
OpenProcess
GlobalFree
LockResource
SizeofResource
LoadResource
FindResourceW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
GetVersionExW
HeapFree
HeapAlloc
GetProcessHeap
LocalFree
TerminateThread
GetExitCodeThread
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
SetLastError
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
GetDiskFreeSpaceExW
SetEndOfFile
SetFilePointer
WriteFile
TlsFree
TlsAlloc
GetFileAttributesW
GetSystemDefaultLangID
GetUserDefaultLangID
EnumResourceLanguagesW
GetVersion
lstrcatW
FreeResource
TlsSetValue
LocalAlloc
ExitProcess
SetUnhandledExceptionFilter
SetProcessWorkingSetSize
TerminateProcess
GlobalDeleteAtom
GlobalAddAtomW
CreateSemaphoreW
ReleaseSemaphore
FlushInstructionCache
GetModuleHandleW
VirtualQuery
TlsGetValue
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
GetCommandLineW
SetErrorMode
LoadLibraryExW
GetProcAddress
FreeLibrary
lstrcmpW
VirtualProtect
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
GetLongPathNameW
d
GetFileSize
GetFileTime
ReadFile
LoadLibraryW
GetCurrentThreadId
CreateDirectoryW
lstrlenW
FindClose
FindNextFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetShortPathNameW
FindFirstFileW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
lstrlenA
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
GetTempPathW
GetLocaleInfoW
CloseHandle
WaitForSingleObject
CopyFileW
RemoveDirectoryW
CreateMutexW
ReleaseMutex
GetSystemDirectoryW
IsBadWritePtr
IsBadReadPtr
MoveFileExW
MoveFileW
CreateFileW
d
GlobalUnlock
GlobalLock
SetFileAttributesW
GetPrivateProfileIntW
lstrcmpiW
ResetEvent
SetEvent
CreateEventW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
GetLastError
SystemTimeToFileTime
GetSystemTime

d

d
d
End
d
DialogBoxParamW
LoadImageW
SetWindowPos
GetWindowRect
ShowWindow
SetWindowLongW
GetDlgItem
SendMessageW
LoadStringW
SetWindowTextW
GetWindowTextW
PostMessageW
EndDialog
SetFocus
MessageBoxW
IsWindowVisible
SetPropW
ScreenToClient
RemovePropW
GetPropW
CheckDlgButton
EnableWindow
d
IsWindow
InflateRect
CopyRect
d
d
End
d
d
End
End
End
d
End
d
d
d
End
GetClientRect
End
End
d
End
End
End
End
d
d
End
End
d
d
d
End
d
End
d
d
d
End
End
End
d
d
d
d
End
End
d
End
d
End
d
End
End
End
End
d
d
d
d
d
d
End
End
d
End
End
d
End
DestroyIcon
End
End
d
d
End
d
End
d
d
d
d
End
End
d
d
CreateWindowExW
End
d
d
End
d
End
d
d
d
d
d
End
End
d
End
d
End
d
d
d
End
End
End
End
d
End
d
d
End
d
End
End
d
d
d
d
End
d
d
End
d
End
d
End
End
End
End
d
End
End
d
End
d
End
d
End
End
End
End
d
d
d
End
End
End
d
End
End
End
d
End
End
d
End
End
End
d
d
d
End
d
d
End
End
d
End
d
End
d
d
d
End
d
End
d
End
d
d
End
ord411
ord23
ord16
ord4
ord150
ord9
ord2
ord6
ord7
d
d
End
d
d
End
End
d
End
d
d
d
d
d
End
d
d
End
d
End
d
End
d
End
d
d
d
End
End
End
End
d
End
d
End
End
d
d
d
d
d
d
d
End
End
d
d
End
End
End
End
End
d
d
d
End
d
d
End
End
d
End
d
End
d
End
End
d
d
End
d
d
End
End
d
End
d
End
End
d
d
End
End
d
End
d
End
d
d
End
d
End
d
d
d
d
d
End
d
End
d
d
d
End
d
End
d
d
d
d
End
d
d
d
End
d
End
End
End
End
d
End
End
End
End
End
End
End
d
End
d
d
d
d
End
d
End
End
d
d
End
d
End
End
End
End
End
End
d
d
End
End
End
End
End
End
d
End
d
d
End
d
End
End
End
d
d
End
End
d
d
d
ord16

end

d
End
End
End
End
d
End
d
d
End
d
End
d
End
End
End
End
End
End
End
d
End
End
d
d
End
d
d
End
End
d
End
d
End
End
End
d
d
End
End
d
d
d
d
End
d
End
End
End
d
d
d
End
End
End
d
End
d
d
End
End
End
End
d
d
d
End
d
d
d
End
End
End
End
d
End
d
d
d
d
d
End
d
End

Sections

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 630KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81b153ec7a955623b29b47d0ff0e7772

Headers

File Characteristics

Imports

winmm

ws2_32

imm32

version

kernel32

d

end

Sections

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 630KB - Virtual size: 2.1MB

.rsrc Size: 334KB - Virtual size: 333KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 630KB - Virtual size: 2.1MB

.rsrc
Size: 334KB - Virtual size: 333KB