fdc474592cd9604bfd956d5259fd1fca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fdc474592cd9604bfd956d5259fd1fca_JaffaCakes118
Size

334KB
MD5

fdc474592cd9604bfd956d5259fd1fca
SHA1

2409a10f593e2f1b31e5d0fa6bd1de7f0ab1255d
SHA256

3d4f194ba6c4d9d34e8ab5216cd693fb7c7501811900295127c5488ad442d4f6
SHA512

9f419ff7539cdc1309ed3e8f5611cc23e8e9b42f349d3919c3a3a08c9152f90986b42aa642d178195c6d0d188f53da77e8a28ea28b8264dd739b8c8ea7144186
SSDEEP

6144:zQm01U37PtbK65XnM8JRDNQG+GWdA2Y7l6qgq7t1DUPSh:FTpu9tvakqXDj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdc474592cd9604bfd956d5259fd1fca_JaffaCakes118

Files

fdc474592cd9604bfd956d5259fd1fca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d9e84f26dd5533573689d72c412e3ab4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetModuleHandleA
SetConsoleActiveScreenBuffer
lstrcpyA
GetLongPathNameA
GlobalAddAtomA
ExitProcess
GetFileInformationByHandle
ExpandEnvironmentStringsW
DeleteCriticalSection
DebugBreak
_lopen
SetEndOfFile
SetConsoleOutputCP
GetConsoleMode
DeleteFiber
GetTimeZoneInformation
CloseHandle
FreeLibraryAndExitThread
GetOverlappedResult
GetACP
InitializeCriticalSection
GetCurrentProcessId
VirtualQueryEx
FindFirstFileW
GetBinaryTypeA
ReadFileScatter
GetCommModemStatus
GetPrivateProfileStringA
GlobalDeleteAtom
EnumSystemCodePagesW
RemoveDirectoryA
SetProcessWorkingSetSize
SetFileAttributesA
VirtualAlloc

user32

GetClassInfoW
DefWindowProcA
CreatePopupMenu
CreateDialogIndirectParamA
ChangeDisplaySettingsExA
DialogBoxIndirectParamA
CopyIcon
SetWindowWord
LoadCursorW
CreateDesktopA
GetKeyState
GetActiveWindow

gdi32

LineDDA
LineTo
SetBkMode
PaintRgn
ExtFloodFill
CloseMetaFile
GetOutlineTextMetricsW
GetFontLanguageInfo
GetClipBox
ExtSelectClipRgn
CopyEnhMetaFileW
SetBrushOrgEx
CopyMetaFileA
SetMetaFileBitsEx

advapi32

RegQueryValueExA
LookupPrivilegeNameA
GetSecurityDescriptorControl
RegSetValueA
LookupAccountNameW
ReportEventW
SetPrivateObjectSecurity
SetSecurityDescriptorDacl
SetServiceStatus
StartServiceCtrlDispatcherW
LockServiceDatabase
SetKernelObjectSecurity
RegDeleteValueA
CryptGetHashParam
IsTextUnicode
InitializeSid
NotifyChangeEventLog
ReadEventLogW
RegOpenKeyExW
LookupPrivilegeValueA
RegLoadKeyA
CryptSetKeyParam
LookupAccountNameA
CryptReleaseContext
CryptVerifySignatureA
RegConnectRegistryW
GetTokenInformation
AdjustTokenPrivileges
UnlockServiceDatabase
BuildSecurityDescriptorW
RegCreateKeyExA
GetSecurityDescriptorOwner
CreateProcessAsUserA
SetFileSecurityA
GetSecurityInfo
LookupPrivilegeValueW
ReportEventA
ObjectCloseAuditAlarmW
QueryServiceStatus
OpenEventLogW

shell32

SHGetPathFromIDListA
Shell_NotifyIconW
SHGetSpecialFolderPathA
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHLoadInProc
SHGetSettings
SHFileOperationA

ole32

CreateOleAdviseHolder
PropVariantCopy
ReadClassStg
CoUninitialize
OleSetMenuDescriptor
RevokeDragDrop
OleInitialize
OleQueryLinkFromData
GetRunningObjectTable

oleaut32

SafeArrayGetElement
QueryPathOfRegTypeLi

comctl32

ImageList_GetImageInfo
ImageList_DragLeave
ImageList_Replace

shlwapi

UrlCanonicalizeW
PathFileExistsA
PathFindFileNameW
PathUnquoteSpacesW
PathFindNextComponentW
PathIsPrefixW

msvcrt

_vsnprintf
_controlfp
_except_handler3
__set_app_type
mbstowcs
_ismbblead
__p__fmode
iswspace
_kbhit
isalpha
_wgetcwd
_close
asctime
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_snwprintf
wscanf
_wcslwr
_mbsrchr
_wfreopen
wcsncpy
_mbsnbcat
_strdup
_dup
strncat
_splitpath
clock
strtoul
_endthread
wcscoll
_endthreadex
_fdopen
_isatty
rewind
fgets
_memicmp
_get_osfhandle
_filelength
signal
_i64tow
_spawnv
strtod
remove
_chmod
_tzset
_wremove
vfprintf
__p___argv
qsort
iswalnum
putc
wcsspn
vswprintf
_umask
longjmp
wcstoul
malloc
_errno
wprintf
iswprint
_ltow
towupper
strncmp

Sections

qgiog
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ecmggyy
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

eqyum
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ecskims
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9e84f26dd5533573689d72c412e3ab4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

msvcrt

Sections

qgiog Size: 2KB - Virtual size: 2KB

ecmggyy Size: 5KB - Virtual size: 5KB

eqyum Size: 292KB - Virtual size: 292KB

ecskims Size: 33KB - Virtual size: 32KB

qgiog
Size: 2KB - Virtual size: 2KB

ecmggyy
Size: 5KB - Virtual size: 5KB

eqyum
Size: 292KB - Virtual size: 292KB

ecskims
Size: 33KB - Virtual size: 32KB