fcbe45d42b2134331496c74fca78aef9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fcbe45d42b2134331496c74fca78aef9_JaffaCakes118
Size

420KB
MD5

fcbe45d42b2134331496c74fca78aef9
SHA1

d91d93a90cd5110b44533c068031c1cd0a8372a8
SHA256

e1b14fc4d2cc073d99db38053c79ab0ce01ccb530efcb3474d0c921c0a932ac5
SHA512

52f646c8fe967cacd8f01a8ab850fdec66032e1336d3a470a8663315f30a6e345779e978c913f965e987533c67fb033afb54a5ea6e325a9a4c0de90e2e06cc9f
SSDEEP

6144:dkXEhgQHU9qGbZ3DFLhSdy+EUL7c1Qww639qdN0:dkXEhgQH0qGjsqULo1Qy3AT0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
fcbe45d42b2134331496c74fca78aef9_JaffaCakes118

Files

fcbe45d42b2134331496c74fca78aef9_JaffaCakes118
.exe windows:6 windows x86 arch:x86

d41e9719890620b71576d473bba4bf4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
HeapSize
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
IsValidCodePage
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
GlobalFree
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetConsoleCP
AllocateUserPhysicalPages
GetConsoleMode
SetFilePointerEx
LCMapStringW
HeapReAlloc
FlushFileBuffers
GetStringTypeW
SetStdHandle
WriteConsoleW
VirtualAlloc
TlsAlloc
GlobalAlloc
WaitForSingleObject
FindResourceExA
CreateEventA
GetProcessWorkingSetSize
GetLastError
FreeEnvironmentStringsA
GetEnvironmentStrings
CreateFileA
CloseHandle
GetCurrentProcess
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
VirtualQuery
HeapFree
GetCurrentThreadId
SetLastError
IsDebuggerPresent
CreateFileW
GetProcessHeap
GetModuleFileNameW
WriteFile
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
LocalFree
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
LoadLibraryA
GetThreadLocale
FormatMessageA

user32

GetDesktopWindow
MessageBoxA
IsClipboardFormatAvailable
EnableMenuItem
DrawFrameControl
GetCursorPos
wsprintfA
LoadImageA
ReleaseDC
WindowFromPoint
GetWindowThreadProcessId
TrackPopupMenuEx
LoadIconA
DrawIconEx
DestroyIcon
BeginPaint
SendMessageA
GetDC
EndPaint
GetSubMenu
GetSystemMetrics
EnumWindows
RegisterClassA
PostQuitMessage
DefWindowProcA
InsertMenuItemA
GetSystemMenu
RegisterClassExA
KillTimer
SetWindowTextA
GetDlgItem
IsDlgButtonChecked
WaitForInputIdle
SendInput
DispatchMessageA
TranslateMessage
PeekMessageA
GetMenuItemInfoA
GetMenu
UpdateWindow
ShowWindow
CreateWindowExA
LoadCursorA

gdi32

CreateCompatibleDC
SetTextColor
SetBkMode
GetStockObject
DeleteEnhMetaFile
DeleteMetaFile
CopyMetaFileA
PlayMetaFile
SetMetaFileBitsEx
GetWinMetaFileBits
GetEnhMetaFileA
SetMapMode
SetStretchBltMode
GetPixel
DeleteObject
CreateSolidBrush
DeleteDC
CreateDIBSection
SetTextAlign
GetTextMetricsA
SelectObject
CreateFontIndirectA
GetDeviceCaps

advapi32

RevertToSelf
LogonUserW
CredGetSessionTypes
CredWriteDomainCredentialsW
CredMarshalCredentialA
LsaQueryInformationPolicy
ImpersonateLoggedOnUser
CreateRestrictedToken
OpenProcessToken
LsaFreeMemory

shell32

DragQueryFileA
Shell_NotifyIconA
SHGetFolderPathA
ExtractIconExA

ole32

StgCreateDocfile
CLSIDFromString
CoUninitialize
CoInitialize

oleaut32

VariantTimeToSystemTime
UnRegisterTypeLi

netapi32

NetApiBufferFree
NetWkstaGetInfo

msacm32

acmDriverDetailsA

winmm

mmioAscend

shlwapi

PathAppendA

comctl32

ImageList_ReplaceIcon

pdh

PdhBrowseCountersW
PdhBrowseCountersHA

gdiplus

GdipDisposeImage
GdipBitmapGetPixel
GdipSaveImageToFile
GdipCreateBitmapFromHICON
GdipAlloc
GdipCloneImage
GdipBitmapSetPixel
GdipFree

setupapi

CM_Delete_DevNode_Key
CM_Delete_Class_Key

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d41e9719890620b71576d473bba4bf4a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

netapi32

msacm32

winmm

shlwapi

comctl32

pdh

gdiplus

setupapi

Sections

.text Size: 167KB - Virtual size: 166KB

.rdata Size: 95KB - Virtual size: 94KB

.data Size: 6KB - Virtual size: 14KB

.data1 Size: 4KB - Virtual size: 3KB

.rdata Size: 6KB - Virtual size: 5KB

.trace Size: 9KB - Virtual size: 8KB

.rsrc Size: 132KB - Virtual size: 131KB

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 6KB - Virtual size: 14KB

.data1
Size: 4KB - Virtual size: 3KB

.rdata
Size: 6KB - Virtual size: 5KB

.trace
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 132KB - Virtual size: 131KB