ff1a63cf057052ca77449ba900c38be6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff1a63cf057052ca77449ba900c38be6_JaffaCakes118
Size

269KB
MD5

ff1a63cf057052ca77449ba900c38be6
SHA1

00f8138e5d760fc7106bfd96d8abb720f28121a2
SHA256

4c19e20ae6d191e6801cb74c7a1650ba0e2eec3afd825b51cfa64a23464535ec
SHA512

69693037a22c19ea7589d9d1d4ed903a0674753de2a91afe3706ddcfc40c181178ba76130511adf523b94c7c2aeb6fca11a611a1972ffe4d74d51dd4e0ecd6b0
SSDEEP

6144:uBv99HElTc923+7UOJQmMaqy8iyCjOBRh:09x0Tc9UUBM2DjK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff1a63cf057052ca77449ba900c38be6_JaffaCakes118

Files

ff1a63cf057052ca77449ba900c38be6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f94f4faca26336936f28ea2e692fd96d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

mpr

WNetGetUserW

kernel32

LoadLibraryA
ExpandEnvironmentStringsA
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentThreadId
LocalFree
GetLogicalDriveStringsW
MoveFileW
GetTempFileNameW
SetErrorMode
GetCurrentProcessId
GetVersion
GetCurrentThread
lstrcpynA
lstrlenA
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
GetFileAttributesW
LoadLibraryW
GetLocalTime
GetSystemInfo
GetModuleHandleW
GetVersionExW
LoadResource
FindResourceW
InitializeCriticalSection
MultiByteToWideChar
CreateEventW
FreeLibrary
GetTickCount
GlobalAlloc
GetWindowsDirectoryW
Sleep
GetTempPathW
GetModuleFileNameW
GetLastError
GetCurrentProcess
GetModuleHandleA
GetModuleFileNameA
GetProcAddress

user32

SetWindowRgn
IsWindow
wsprintfW
LoadImageW
PeekMessageW
GetIconInfo
LoadBitmapW
GetMenuItemID
GetMenuItemCount
SetForegroundWindow
GetSubMenu
LoadMenuW
GetDesktopWindow
SetWindowPos
GetCursorPos
GetActiveWindow
OffsetRect
AppendMenuW
CreatePopupMenu
GetSysColor
SetTimer
DestroyCursor
LoadCursorW
DestroyIcon
CheckMenuItem
LoadIconW
EmptyClipboard
InvalidateRect
SetCapture
OpenClipboard
DestroyMenu
SendMessageW
GetFocus
SetCursor
EnableMenuItem
GetSystemMetrics
RemoveMenu
GetAsyncKeyState
GetClassInfoW
PostMessageW
EnableWindow
RegisterWindowMessageW
RegisterClassW

gdi32

CreateRectRgn
CreateDIBSection
DeleteObject
CreateBitmap
CreateCompatibleDC
CreatePen
CreateSolidBrush
CreateFontIndirectW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
SetThreadToken
DuplicateToken
LookupAccountSidW
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
DuplicateTokenEx
GetSidSubAuthority
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RevertToSelf
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
RegDeleteKeyW
RegDeleteKeyA
RegOpenKeyW
RegCreateKeyW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
LookupPrivilegeValueW
ImpersonateSelf

shell32

SHGetDesktopFolder
ShellExecuteW
ShellExecuteExW

msasn1

ASN1BEREncCheck
ASN1_CloseDecoder
ASN1CEREncGeneralizedTime
ASN1BEREncEndOfContents
ASN1_FreeDecoded
ASN1CEREncFlushBlkElement
ASN1CEREncBitString
ASN1ztchar16string_free
ASN1BERDecGeneralizedTime
ASN1BERDecU32Val
ASN1objectidentifier2_cmp
ASN1intx2uint32
ASN1BERDecLength
ASN1BEREncUTCTime
ASN1intx2int32
ASN1BEREncGeneralizedTime

rastls

DllUnregisterServer

Sections

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oDMWy
Size: 2KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 78KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Hvpmv
Size: 5KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 139KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Vnr
Size: 4KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f94f4faca26336936f28ea2e692fd96d

Headers

File Characteristics

Imports

comctl32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

shell32

msasn1

rastls

Sections

.idata Size: 9KB - Virtual size: 9KB

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 15KB

.oDMWy Size: 2KB - Virtual size: 275KB

.edata Size: 78KB - Virtual size: 174KB

.Hvpmv Size: 5KB - Virtual size: 1.1MB

.data Size: 6KB - Virtual size: 101KB

.edata Size: 139KB - Virtual size: 219KB

.Vnr Size: 4KB - Virtual size: 676KB

.rsrc Size: 2KB - Virtual size: 1KB

.idata
Size: 9KB - Virtual size: 9KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 15KB

.oDMWy
Size: 2KB - Virtual size: 275KB

.edata
Size: 78KB - Virtual size: 174KB

.Hvpmv
Size: 5KB - Virtual size: 1.1MB

.data
Size: 6KB - Virtual size: 101KB

.edata
Size: 139KB - Virtual size: 219KB

.Vnr
Size: 4KB - Virtual size: 676KB

.rsrc
Size: 2KB - Virtual size: 1KB