0370eb162e2d7b1f79ca971d4cafc7e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0370eb162e2d7b1f79ca971d4cafc7e2_JaffaCakes118
Size

3.5MB
MD5

0370eb162e2d7b1f79ca971d4cafc7e2
SHA1

15b8709b44a3c91a30bc5800b5ed8915f6b225cc
SHA256

0ed7101a29f3cbd1a136290272e45929137b93cb134f0b3d135dd0ea37d1087c
SHA512

fcaeee56e9c85fb57c995c9f28c26e26e0667f479780e2bff648b05fcdbd98af555a9b9f16eef01d8211f429c76fb9b931bbeb55d97e06fe1a86d1b97f1f6a1b
SSDEEP

49152:r1+Ftbh4444aaaaNkWq3UtC5CTogbO/lQfYxjHtB72r/GqOlAEu0HydDN:r1At4WqGC3Ha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0370eb162e2d7b1f79ca971d4cafc7e2_JaffaCakes118

Files

0370eb162e2d7b1f79ca971d4cafc7e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dadc9302f5ee0b288a5b86e4bdb8b189

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
CloseHandle
WaitForSingleObject
GetModuleFileNameW
CreateThread
MoveFileExA
GetTempPathW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
FlushFileBuffers
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCurrentThreadId
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidCodePage
GetOEMCP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
WriteFile
ExitProcess
HeapCreate
HeapDestroy
GetStartupInfoA
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameA
MulDiv
lstrcmpA
GetCurrentProcess
FlushInstructionCache
IsDBCSLeadByte
MultiByteToWideChar
lstrcmpiA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
GetLastError
lstrlenW
WideCharToMultiByte
GetTickCount
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WriteConsoleW

user32

LoadCursorA
SetWindowLongA
GetWindowLongA
CreateWindowExA
SendMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
MessageBoxA
CallWindowProcA
ReleaseDC
GetDC
GetDesktopWindow
CharNextA
DefWindowProcA
GetSysColor
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
UnregisterClassA
LoadIconA
ShowWindow
SetForegroundWindow
DestroyIcon
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
RegisterClassExA
RegisterWindowMessageA
GetClassInfoExA
IsWindow
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
DestroyWindow
FillRect
ReleaseCapture

advapi32

CloseServiceHandle
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
OpenSCManagerW
OpenServiceW
StartServiceW
ControlService
RegDeleteKeyA

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize

oleaut32

SysAllocStringLen
VarUI4FromStr
SysStringByteLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString

gdi32

GetStockObject
GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetDeviceCaps

ntdll

NtSetInformationFile
ZwEnumerateKey
_stricmp
RtlAllocateHeap
RtlFreeHeap
NtQuerySystemInformation
RtlUnwind
NtCreateFile
ZwOpenKey
ZwQueryValueKey
NtWriteFile
NtReadFile
NtQueryInformationFile
NtClose

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dadc9302f5ee0b288a5b86e4bdb8b189

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

gdi32

ntdll

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 3.4MB - Virtual size: 3.4MB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB