fe82053415ee7eea4b0e332ed7daf00d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fe82053415ee7eea4b0e332ed7daf00d_JaffaCakes118
Size

172KB
MD5

fe82053415ee7eea4b0e332ed7daf00d
SHA1

6a2b161e2ab361ec07fc287b9f01263613d014e2
SHA256

57c94bc230327f9853be917d567cab850fa526a824b1d0c2548c0d2fb699d01e
SHA512

faa08db14f111f50c9360275103a079274def5b7f1a6ae0d5c5a3ab091531e86aed41bb45c980a827750b0f792766ea78f535f60ba6dcb2c84accf6ec8329c6e
SSDEEP

3072:tWUC6CVIYnesG2k2/6zMKnOX0TeZEDIl4piR4SckyWis16vcTikDPU8u07vrB:Uv7VdneWbEDs4pvSFZ19Ta8u07v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe82053415ee7eea4b0e332ed7daf00d_JaffaCakes118

Files

fe82053415ee7eea4b0e332ed7daf00d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1da020a43d03211d84f2978ab10b3276

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpIW
PathRemoveBackslashW
SHDeleteValueW
StrStrIW
PathAddBackslashW
SHSetValueW
PathCombineW
StrToIntW
StrCmpNW
SHRegGetValueW
SHGetValueW
PathRemoveBlanksW
PathAppendW
PathAddExtensionW
SHDeleteKeyW
StrChrW
PathIsRootW
SHQueryValueExW
StrDupW
PathGetCharTypeW
PathIsUNCServerW
PathIsPrefixW
StrTrimW
PathIsDirectoryW
PathIsFileSpecW
PathIsURLW
StrCmpNIW
PathRemoveExtensionW
StrToIntExW
StrCmpW
SHDeleteEmptyKeyW
PathRenameExtensionW
ChrCmpIA
StrRChrW
PathFindFileNameW
StrSpnW
PathSkipRootW
PathUnquoteSpacesW
StrRetToStrW
PathGetDriveNumberW
PathFindExtensionW
StrChrIW
StrStrW
PathFindNextComponentW
PathRemoveFileSpecW
PathFileExistsW

ole32

CoCreateInstance
CoInitializeEx
CreateBindCtx
CoTaskMemAlloc
CoGetComCatalog
StringFromGUID2
CoCreateGuid
CoTaskMemRealloc
CoUninitialize

shell32

SHGetDesktopFolder
SHGetFolderPathAndSubDirW
SHSetLocalizedName
SHChangeNotify
ILCombine

setupapi

SetupFindFirstLineW
SetupGetIntField
SetupCloseInfFile
SetupGetStringFieldW
SetupGetLineTextW
SetupGetBinaryField
SetupOpenInfFileW
SetupFindNextLine

user32

LoadImageW
SendDlgItemMessageW
LoadStringW
GetTopWindow
GetSystemMetrics
GetDesktopWindow
CharLowerW
KillTimer
GetWindow
GetMessageW
TranslateMessage
SendMessageTimeoutW
SetTimer
CharNextW
GetClassNameA
DestroyIcon
PeekMessageW
LoadCursorW
SetCursor
DispatchMessageW
DialogBoxParamW
MsgWaitForMultipleObjects
EndDialog
PostMessageW

advapi32

AllocateAndInitializeSid
LookupPrivilegeNameW
ConvertStringSidToSidW
RegSaveKeyW
RegOpenKeyExA
SetSecurityDescriptorOwner
GetLengthSid
DuplicateTokenEx
RegCreateKeyExW
RevertToSelf
RegQueryValueExW
CreateProcessAsUserW
CloseServiceHandle
AdjustTokenPrivileges
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
SetFileSecurityW
RegQueryInfoKeyW
RegEnumValueW
LookupPrivilegeValueW
RegSetValueExW
RegQueryValueExA
RegEnumKeyExW
RegCloseKey
EnumServicesStatusExW
FreeSid
RegEnumKeyW
OpenSCManagerW
CopySid
GetTokenInformation
RegDeleteValueW
OpenProcessToken
RegOpenKeyExW

gdi32

CreateHatchBrush

kernel32

CloseHandle
GlobalFree
GetVersionExA
RemoveDirectoryW
lstrcmpiA
CreateFileW
SetFileAttributesW
LocalAlloc
GetTickCount
GetModuleHandleW
DeleteFileW
MapViewOfFile
GetCurrentProcessId
GetPrivateProfileSectionW
lstrcmpW
DelayLoadFailureHook
LoadLibraryExW
DecodePointer
InterlockedCompareExchange
GetExitCodeThread
SearchPathW
lstrlenA
LoadResource
CompareStringA
MultiByteToWideChar
FindResourceW
CreateDirectoryW
TerminateProcess
GetModuleFileNameW
GetSystemInfo
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetLocaleInfoW
LoadLibraryW
GetComputerNameW
GetProcAddress
IsDBCSLeadByte
MoveFileW
FindNextFileW
RtlUnwind
FreeLibrary
lstrlenW
GetVersionExW
SetFilePointer
CreateThread
InitializeCriticalSectionAndSpinCount
EnumUILanguagesW
QueryPerformanceCounter
CreateFileMappingW
WideCharToMultiByte
GetFileAttributesW
InterlockedDecrement
CompareStringW
WriteFile
LockResource
WaitForSingleObject
CopyFileW
GetVersion
EnterCriticalSection
OutputDebugStringW
GetWindowsDirectoryW
GetFileAttributesExW
FindFirstFileW
GetPrivateProfileStringW
SizeofResource
DisableThreadLibraryCalls
GetSystemDefaultUILanguage
MoveFileExW
UnmapViewOfFile
InterlockedExchange
GetUserDefaultUILanguage
FindResourceExW
HeapAlloc
GetFileSize
LoadLibraryA
ReadFile
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
FlushFileBuffers
ResumeThread
FindClose
FileTimeToSystemTime
WritePrivateProfileStringW
GetCurrentThreadId
GetPrivateProfileIntW
DeleteCriticalSection
GetPrivateProfileStringA
ExpandEnvironmentStringsW
LeaveCriticalSection
HeapFree
LocalReAlloc
Sleep
GetLocalTime
SetLastError
OutputDebugStringA
VirtualAlloc
GetCurrentProcess
GetProcessHeap
OpenEventW

Sections

.text
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1da020a43d03211d84f2978ab10b3276

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ole32

shell32

setupapi

user32

advapi32

gdi32

kernel32

Sections

.text Size: 512B - Virtual size: 400B

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 144KB - Virtual size: 144KB

.rdata Size: 17KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 28B

.data Size: 2KB - Virtual size: 3.5MB

.text
Size: 512B - Virtual size: 400B

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 144KB - Virtual size: 144KB

.rdata
Size: 17KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 28B

.data
Size: 2KB - Virtual size: 3.5MB