ff33f88881fbca198a62de81ad03aff7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff33f88881fbca198a62de81ad03aff7_JaffaCakes118
Size

704KB
MD5

ff33f88881fbca198a62de81ad03aff7
SHA1

8a7145899fa3ddb8b138cfc33001345795c95542
SHA256

ae868f14a6f7623b151e25c5bac823642af2408896dc100fbc40ad824dbd7ca1
SHA512

0f1cca24738ec01d58cf056339b0b1a3185b52f216745351183b66ba0aef2834538a13261530ece89bb66d34d0e7af1542ae53b907f625136f196d8b9c4be8d3
SSDEEP

12288:8sE6fxVQsZgZl+gYHBxQ1VkVJasvMMxF//SY/eW39bNk/dIQPru+anc8N7M:15x4Z+f0kPas/x4YqDu+ac8NY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff33f88881fbca198a62de81ad03aff7_JaffaCakes118

Files

ff33f88881fbca198a62de81ad03aff7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8bedc4d742a0be41cbcf56a8b5ba1e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\gcyqe\oeplkd\nisequkh\zjoetxwtr.pdb

Imports

gdi32

SetWindowOrgEx
GetDeviceCaps
CreateDCW
GetObjectW
DeleteObject
DeleteDC

kernel32

GetTickCount
GetDateFormatA
lstrcpyW
LCMapStringA
GetLocaleInfoA
TlsFree
CreateFileA
GetVersionExA
SetStdHandle
GetCPInfo
FlushFileBuffers
SetEnvironmentVariableA
RtlUnwind
GetTimeZoneInformation
LocalFree
LCMapStringW
GetStartupInfoA
DeleteFileW
SystemTimeToFileTime
GetStdHandle
SetHandleCount
IsBadReadPtr
GetLastError
CreateMutexW
GetCommandLineA
GetSystemTimeAsFileTime
LoadLibraryA
GlobalReAlloc
LoadLibraryW
DeleteCriticalSection
TlsGetValue
WriteConsoleA
GetDriveTypeA
GetCurrentThreadId
MultiByteToWideChar
SizeofResource
CompareStringW
LoadResource
HeapAlloc
MulDiv
InterlockedDecrement
lstrcpyA
GetProcAddress
GetACP
lstrcmpA
GetCurrentProcessId
GetLocalTime
HeapDestroy
GetEnvironmentStrings
VirtualProtect
SetErrorMode
GetStartupInfoW
GetThreadLocale
HeapCreate
lstrcpynA
MoveFileW
TlsAlloc
SetFileTime
GlobalFlags
OutputDebugStringA
GetModuleHandleA
Sleep
GetSystemInfo
CopyFileW
EnterCriticalSection
TlsSetValue
GetStringTypeA
GetTimeFormatA
GetFileAttributesA
QueryPerformanceCounter
ReadFile
VirtualFree
GetFileTime
FreeEnvironmentStringsW
TerminateThread
SetLastError
ExitProcess
GetFileType
DebugBreak
FindNextFileA
VirtualAlloc
WaitForSingleObject
GetUserDefaultLCID
FreeLibrary
IsBadWritePtr
GlobalUnlock
RaiseException
SetFileAttributesW
UnhandledExceptionFilter
GetTempFileNameA
GlobalHandle
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStringsW
GetModuleFileNameA
InitializeCriticalSection
lstrcpynW
HeapSize
VirtualQuery
DuplicateHandle
ReleaseMutex
InterlockedExchange
HeapReAlloc
FindClose
GetFullPathNameW
InterlockedIncrement
SetEvent
GlobalAlloc
CompareStringA
GetSystemDirectoryA
GetCurrentProcess
GetOEMCP
LeaveCriticalSection
SetUnhandledExceptionFilter
CreateFileW
LocalFileTimeToFileTime
HeapFree
FindFirstFileW
GetModuleHandleW
GetProcessHeap
GetFileSize
WideCharToMultiByte
IsBadCodePtr
SetEndOfFile
TerminateProcess
FileTimeToLocalFileTime
CreateThread
GlobalDeleteAtom
GetStringTypeW
GetModuleFileNameW
ResumeThread
CloseHandle
GetCommandLineW
lstrlenA
WriteFile
LockResource
FindNextFileW
lstrcmpiW

shell32

Shell_NotifyIconW
ShellExecuteExW

user32

CreateWindowExW
RegisterClassExW
RegisterClassW
DefWindowProcW
LoadIconW
DestroyIcon
LoadCursorW
ShowWindow
MessageBoxW
LoadStringW
DestroyWindow

oleaut32

LoadTypeLi

comctl32

ImageList_GetImageInfo
ImageList_DrawEx
ImageList_Draw
ImageList_Create
ImageList_DragEnter
ImageList_GetIconSize
_TrackMouseEvent
ImageList_GetIcon
ord17
ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetImageCount
ImageList_LoadImageA

ole32

ReleaseStgMedium
OleFlushClipboard
CreateStreamOnHGlobal
OleSetClipboard
WriteClassStm
OleCreateStaticFromData
CoCreateInstance
CoRegisterMessageFilter
CLSIDFromString
OleInitialize

advapi32

RegQueryInfoKeyA
GetLengthSid
RegQueryValueExA
FreeSid
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
RegSetValueExA
GetSidSubAuthorityCount
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegSetKeySecurity
RegCreateKeyA
GetSidSubAuthority
RegOpenKeyA
RegGetKeySecurity
GetTokenInformation
AllocateAndInitializeSid
OpenProcessToken
GetUserNameA
InitializeAcl
RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExW
CopySid
SetSecurityDescriptorDacl

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 476KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8bedc4d742a0be41cbcf56a8b5ba1e2

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

shell32

user32

oleaut32

comctl32

ole32

advapi32

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 476KB - Virtual size: 472KB

.data Size: 108KB - Virtual size: 117KB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 476KB - Virtual size: 472KB

.data
Size: 108KB - Virtual size: 117KB

.rsrc
Size: 28KB - Virtual size: 26KB