fbe08cc20207d5c4f61757484568b9b0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fbe08cc20207d5c4f61757484568b9b0_JaffaCakes118
Size

371KB
MD5

fbe08cc20207d5c4f61757484568b9b0
SHA1

6d8e0490a7cb768fa0895c5a907b0e0b722e1eb9
SHA256

bd9a3d09c31a034a9434a5f182624b70e418ed4421ee991069d3b47a156bd6ba
SHA512

30dd24627b78e5281d34fbc5ddd95adb6280515ca5c6479930552303e06af7f451b49e7f598966ae25a9ad1105f402c0e5ea440aa0e15561266d1baa548744cd
SSDEEP

6144:axXJ/Kda/zF8OgQaXhbD2ZuV6L3hXmUBpbrdmc/klwQBG1LznBHDTBrEpt4IQXZo:axXJ/6GFTlaXZ6L3IqJJmc/SwQg1LznU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
fbe08cc20207d5c4f61757484568b9b0_JaffaCakes118

Files

fbe08cc20207d5c4f61757484568b9b0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5a626d52ad593b2dba68a913102b994e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_SYSTEM

Imports

kernel32

FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetModuleFileNameA
GetStdHandle
WriteFile
Sleep
HeapCreate
HeapReAlloc
VirtualFree
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetTimeZoneInformation
HeapSize
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
LCMapStringA
LCMapStringW
GetCPInfo
EnterCriticalSection
GetLocaleInfoA
ReadFile
SetEndOfFile
CompareStringA
CompareStringW
LoadLibraryW
lstrcatA
SetConsoleTitleA
GetFileAttributesA
FormatMessageA
GetCurrentProcess
ExitProcess
GetLastError
GetProcessHeap
HeapAlloc
SetEnvironmentVariableA
LeaveCriticalSection
DeleteCriticalSection
CreateDirectoryA
LocalFree
CreateFileA
GetProcAddress
GetTickCount
LocalAlloc
InterlockedDecrement
GetCurrentThreadId
MulDiv
SetLastError
CloseHandle
InterlockedIncrement
GetStringTypeW
GetStringTypeA
GetACP
TlsFree
TlsSetValue
GetModuleHandleA
VirtualAlloc
LoadLibraryA
TlsAlloc
TlsGetValue
GetModuleHandleW
HeapFree
GetStartupInfoA
GetCommandLineA
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime

user32

ShowWindow
MessageBoxA
RegisterClassExA
CreateWindowExA
LoadCursorA
LoadIconA
GetClientRect
GetDC
LoadBitmapA
CreatePopupMenu
DrawMenuBar
SetMenu
AppendMenuA
CreateMenu
InsertMenuItemA
GetScrollInfo
GetSystemMetrics
InvalidateRect
SetScrollInfo
SetCaretPos
GetDlgItem
IsDlgButtonChecked
GetWindowTextA
EnableWindow
SendMessageA
GetWindowRect
DeferWindowPos
EndDeferWindowPos
EndDialog
GetDlgItemTextA
BeginPaint
EndPaint
GetMenu
GetMenuItemInfoA
SetMenuItemInfoA
wsprintfA
SetWindowTextA
ReleaseDC
GetWindowDC
IsWindowEnabled
ClientToScreen
OffsetRect
MapWindowPoints
GetCursorPos
PtInRect
WindowFromPoint
KillTimer
PostMessageA
GetIconInfo

gdi32

GetPaletteEntries
ScaleViewportExtEx
SetBkMode
ScaleWindowExtEx
SelectClipPath
PatBlt
CreateRectRgn
CombineRgn
ExcludeClipRect
CreateDIBSection
GetCurrentObject
SetDIBColorTable
BitBlt
DeleteDC
EnumFontsA
GetObjectA
CreateFontIndirectA
SelectObject
GetFontData
CreateCompatibleDC
CreateRectRgnIndirect
GetStockObject
CreateFontIndirectW
DeleteObject

winspool.drv

ConnectToPrinterDlg

advapi32

LookupAccountNameW
LookupPrivilegeValueA
GetFileSecurityA
LookupAccountNameA
CryptGetDefaultProviderA
FreeSid
CopySid
GetLengthSid
AllocateAndInitializeSid
SetSecurityDescriptorSacl
OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetNamedSecurityInfoA
CryptAcquireContextA
CryptGetUserKey
CryptReleaseContext
InitializeSecurityDescriptor

userenv

GetGPOListA
CreateEnvironmentBlock
GetAppliedGPOListA

avifil32

AVIStreamInfoA
AVIStreamOpenFromFileA
AVIFileInit
AVIFileExit
AVIStreamRelease
AVIStreamGetFrameClose
AVIStreamGetFrame

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose

crypt32

CryptHashPublicKeyInfo

iphlpapi

GetTcpTable

shlwapi

PathCompactPathA

comctl32

ord17
ImageList_Create

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

opengl32

glHint
glShadeModel
glEnable
glClearColor
glClearDepth
glDepthFunc

setupapi

SetupDiGetDriverInfoDetailA
SetupDiGetSelectedDriverA
SetupDiGetClassDevsA

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a626d52ad593b2dba68a913102b994e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

userenv

avifil32

msvfw32

crypt32

iphlpapi

shlwapi

comctl32

wintrust

opengl32

setupapi

wtsapi32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 5KB - Virtual size: 12KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 230KB - Virtual size: 229KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 230KB - Virtual size: 229KB

.reloc
Size: 8KB - Virtual size: 8KB