ff0fe60a59f653effe45ead9f632086c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ff0fe60a59f653effe45ead9f632086c_JaffaCakes118
Size

246KB
MD5

ff0fe60a59f653effe45ead9f632086c
SHA1

4a659ec2fd55944f883c5565b92f82dbaf382a14
SHA256

5d7d194d228934729a2af11206e09aa6f9f10be14317d2dff1c1968bc6e0bec2
SHA512

17fa1bfae81af8a02c008c7e774dc03fa3409a1ffd9675b7cde2837893f839723ec0942464de7d6a2a6a43c896038dc529a2546088654b5e21ade889a220f4c1
SSDEEP

6144:74vbHYyd2VxMdP215vitUBlEUAnvRSeS0UgOqIlnu:eLJsIoBy12gOqOu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff0fe60a59f653effe45ead9f632086c_JaffaCakes118

Files

ff0fe60a59f653effe45ead9f632086c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c680cdecb19802e3d78dffb0c25e251

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
GetModuleFileNameExA
EnumProcesses

gdi32

MoveToEx
GetTextExtentPoint32W
CreateFontIndirectW
DeleteDC
CreateSolidBrush
SetBkMode
CreatePen
SetTextColor
GetStockObject
SetBkColor
BitBlt
SetTextJustification
LineTo
GetTextMetricsW
CreateCompatibleDC
DeleteObject
GetObjectW
GetCurrentObject
CreateCompatibleBitmap
SelectObject

shell32

ShellExecuteW
SHGetFolderPathW

comctl32

InitCommonControlsEx

advapi32

AdjustTokenPrivileges
RegCloseKey
RegQueryValueExW
LookupPrivilegeValueW
RegOpenKeyExW
GetUserNameW
OpenProcessToken

user32

GetDesktopWindow
GetSysColor
SetCursor
SetWindowPos
ClientToScreen
GetWindowLongW
GetClientRect
GetParent
GetCursorPos
LoadCursorW
ExitWindowsEx
DrawTextW
CopyRect
MessageBoxW
SendMessageW
FindWindowW
ScreenToClient
IsWindow
RedrawWindow
SetWindowLongW
FillRect
IsWindowVisible
GetWindowRect
PostMessageW
SetForegroundWindow
EnableWindow
PtInRect
SystemParametersInfoW
GetPropW
SetPropW
GetAncestor
RemovePropW

shlwapi

PathFindFileNameW

kernel32

FindClose
GetModuleHandleW
WriteFile
GetProcessTimes
FindNextFileW
UnmapViewOfFile
FreeLibrary
MapViewOfFile
LeaveCriticalSection
CreateProcessW
FormatMessageA
SetLastError
OpenFileMappingW
CreateThread
VirtualQuery
GetCommandLineW
OpenEventW
SetFilePointer
ReleaseMutex
OpenProcess
GetCurrentThreadId
DeleteFileW
ResetEvent
CreateFileW
OpenMutexW
FindFirstFileW
CreateMutexW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
CreateDirectoryW
EnterCriticalSection
GetLocalTime
CloseHandle
IsDebuggerPresent
DeleteCriticalSection
WaitForSingleObject
SetErrorMode
VirtualAllocEx

oleaut32

SysAllocString
SysFreeString

mscms

CreateProfileFromLogColorSpaceW
UnregisterCMMA
CreateProfileFromLogColorSpaceA
GetStandardColorSpaceProfileW
InstallColorProfileA
CheckBitmapBits

comuid

DllUnregisterServer
DllCanUnloadNow

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.AHC
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QlWd
Size: 1024B - Virtual size: 691B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kg
Size: 512B - Virtual size: 419B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Lm
Size: 1024B - Virtual size: 603B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BsTAyR
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gWDnqf
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bqbOIQ
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zoav
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ekIcMu
Size: 512B - Virtual size: 286B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vWK
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c680cdecb19802e3d78dffb0c25e251

Headers

DLL Characteristics

File Characteristics

Imports

psapi

gdi32

shell32

comctl32

advapi32

user32

shlwapi

kernel32

oleaut32

mscms

comuid

Sections

.text Size: 16KB - Virtual size: 16KB

.AHC Size: 512B - Virtual size: 428B

.QlWd Size: 1024B - Virtual size: 691B

.kg Size: 512B - Virtual size: 419B

.Lm Size: 1024B - Virtual size: 603B

.BsTAyR Size: 1KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 3KB

.gWDnqf Size: 1KB - Virtual size: 2KB

.bqbOIQ Size: 2KB - Virtual size: 3KB

.zoav Size: 1024B - Virtual size: 1024B

.data Size: 212KB - Virtual size: 379KB

.ekIcMu Size: 512B - Virtual size: 286B

.vWK Size: 512B - Virtual size: 420B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 16KB

.AHC
Size: 512B - Virtual size: 428B

.QlWd
Size: 1024B - Virtual size: 691B

.kg
Size: 512B - Virtual size: 419B

.Lm
Size: 1024B - Virtual size: 603B

.BsTAyR
Size: 1KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 3KB

.gWDnqf
Size: 1KB - Virtual size: 2KB

.bqbOIQ
Size: 2KB - Virtual size: 3KB

.zoav
Size: 1024B - Virtual size: 1024B

.data
Size: 212KB - Virtual size: 379KB

.ekIcMu
Size: 512B - Virtual size: 286B

.vWK
Size: 512B - Virtual size: 420B

.rsrc
Size: 3KB - Virtual size: 2KB