f830be2a4a74177a99819ceba7877875_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f830be2a4a74177a99819ceba7877875_JaffaCakes118
Size

309KB
MD5

f830be2a4a74177a99819ceba7877875
SHA1

64029b04c945ceeb8ac8018e8d993ae9fbb09dbe
SHA256

4f461c1102bae68097c3f874fdce20ef4f476be038cc76f593ebe8c188a202b0
SHA512

93d52a7a3efaaefc6e3b901e3b7c6337995e07636e60793fb57fc8ee22e200fb53e78549a6cbf1be4302df5328e924f0f95134790bc41610960e9090e6176c0e
SSDEEP

6144:IqnvlYNg4LVaQz+C0X/T3PxcUVXnMIK3bvC/Nh4:Fv+XRa1Jb3pLVXMIK3Lgh4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f830be2a4a74177a99819ceba7877875_JaffaCakes118

Files

f830be2a4a74177a99819ceba7877875_JaffaCakes118
.exe windows:4 windows x86 arch:x86

86e3aa78acfdbb0cb489d7e593cb921b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHFileOperationA
SHChangeNotify
SHCreateProcessAsUserW

rpcrt4

RpcBindingFree
RpcBindingCopy

ole32

CoTaskMemFree
CoTaskMemAlloc

dbghelp

FindFileInPath
ImagehlpApiVersion
FindDebugInfoFile
ImageRvaToSection
ImageNtHeader

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

user32

CloseClipboard
CloseDesktop
CharNextA
CloseWindow
CloseWindowStation
GetDC
GetKeyboardLayout
GetKeyboardLayoutList
GetMenuCheckMarkDimensions
GetMonitorInfoA
GetSysColor
GetSystemMetrics
ReleaseDC
CharPrevA

kernel32

DeleteFileW
EnterCriticalSection
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetProcessTimes
GetShortPathNameA
GetStringTypeExW
DeleteCriticalSection
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTempPathW
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
HeapAlloc
HeapCreate
CreateSemaphoreA
HeapFree
HeapLock
HeapReAlloc
HeapSize
HeapUnlock
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
SetFileAttributesW
SetLastError
SetLocalTime
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
WaitForSingleObject
WideCharToMultiByte
WriteFile
CreateMutexA
CreateFileW
CreateDirectoryW
HeapDestroy
CloseHandle
GetSystemDefaultLCID

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
ConvertSidToStringSidA
CheckTokenMembership
AllocateAndInitializeSid
AddAccessDeniedAce
AddAccessAllowedAce
GetLengthSid
UnregisterTraceGuids
TraceEvent
SetSecurityDescriptorDacl
RegisterTraceGuidsA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyW
RegCreateKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTraceLoggerHandle
GetTraceEnableLevel
GetTokenInformation
GetSecurityDescriptorDacl
CopySid

shlwapi

StrChrA
PathFileExistsA
StrCmpNA
ChrCmpIA

gdi32

DeleteObject
DeleteDC
CreateSolidBrush
GetDeviceCaps
CreateDCA

dsound

ord9

Exports

Exports

CloseFeed
GetPort
IsReadyToRead
OpenFeed
ReadData
RunScript
SendData
WSAStart

Sections

.text
Size: 240KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86e3aa78acfdbb0cb489d7e593cb921b

Headers

File Characteristics

Imports

shell32

rpcrt4

ole32

dbghelp

version

user32

kernel32

advapi32

shlwapi

gdi32

dsound

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 243KB

.rdata Size: 39KB - Virtual size: 40KB

.data Size: 14KB - Virtual size: 16KB

.idata Size: 5KB - Virtual size: 8KB

.rsrc Size: 6KB - Virtual size: 8KB

.text
Size: 240KB - Virtual size: 243KB

.rdata
Size: 39KB - Virtual size: 40KB

.data
Size: 14KB - Virtual size: 16KB

.idata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 6KB - Virtual size: 8KB