039e65298db890c99e596cb5d66b04e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

039e65298db890c99e596cb5d66b04e4_JaffaCakes118
Size

195KB
MD5

039e65298db890c99e596cb5d66b04e4
SHA1

37788d0bae06633c506d7e914886e1b85fa3ff4d
SHA256

dcba252d6699bc1e376c50b408724c46d541af609f8e296ba7dcdce7f6146473
SHA512

500ae66f957150d466c493665bea4832d4a9b51a76d262b766416de978928f6253021a132797192e08b0f93c0263ab0e453380143e7d8bf64f47d04897dd89c4
SSDEEP

6144:/tvCgIq8Cn6t/INO01JMMhl6zp1OMOmPsTJ/j57:/Fh/V6MOQJoVJOBj57

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
039e65298db890c99e596cb5d66b04e4_JaffaCakes118

Files

039e65298db890c99e596cb5d66b04e4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff484ef57ba20e160314c891178ff882

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscmp
_wunlink
_unlink
_wrename
rename
fseek
toupper
wcsrchr
strrchr
wcscpy
_wmktemp
_mktemp
sprintf
_open
time
_read
_close
wcslen
wcscat
_wfopen
strcat
memmove
printf
free
_initterm
__dllonexit
fopen
fread
fclose
fwrite
strncpy
strcpy
strcmp
strlen
_onexit
_strnicmp
_stricmp
_strupr
_filelength
_wcsicmp
__CxxFrameHandler
_CxxThrowException
strstr
atoi
_purecall
isdigit
strncmp
_memccpy
sscanf
?terminate@@YAXXZ
malloc
memcmp
memcpy
memset
_ultoa

kernel32

GetTickCount
lstrlenW
GetSystemTime
DeviceIoControl
GetVersion
HeapFree
GetProcessHeap
GetModuleHandleA
FlushFileBuffers
lstrcpynA
ReadFile
WriteFile
SetFilePointer
HeapAlloc
VirtualFree
VirtualAlloc
GetModuleFileNameA
DuplicateHandle
GetCurrentThread
CreateEventA
ExitThread
OutputDebugStringA
FlushInstructionCache
VirtualProtect
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
GetProcessAffinityMask
CreateThread
SetThreadAffinityMask
SetThreadPriority
ResumeThread
SetEvent
GetSystemInfo
GetCurrentThreadId
LocalFree
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
WaitForSingleObject
GetLocalTime
GetSystemDirectoryW
SetFileAttributesW
GetSystemDirectoryA
lstrcmpA
RemoveDirectoryW
GetWindowsDirectoryW
CreateDirectoryW
LoadLibraryExA
SetFileAttributesA
GetFileAttributesW
GetWindowsDirectoryA
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
CreateMutexA
OpenMutexA
GetLogicalDriveStringsA
GetFileAttributesA
CreateFileW
CreateFileA
GetFileSize
CloseHandle
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
lstrcatA
DeleteFileW
DeleteFileA
MoveFileW
GetLastError
MoveFileA
CopyFileW
CopyFileA
lstrcpyA
GetDriveTypeA
SetErrorMode
CompareStringA
GetModuleHandleW
lstrcpynW
GetVolumeInformationA
IsBadWritePtr
lstrlenA
GetVersionExW
GetDiskFreeSpaceA
CompareStringW
QueryDosDeviceA
InterlockedExchange
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GlobalMemoryStatus
Sleep
WaitNamedPipeW
ResetEvent

user32

LoadIconA
LoadImageA
RegisterWindowMessageA
CharUpperA
CharLowerA
SendMessageA
wsprintfW
CharNextW
CharNextA
wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyA
RegEnumKeyA
RegQueryValueExW
RegCreateKeyExA
RegEnumKeyExA
CloseServiceHandle
OpenSCManagerA
ControlService
StartServiceA
QueryServiceStatus
OpenServiceA
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
RegSetKeySecurity
RegDeleteValueA
RegOpenKeyW
RegSetValueExW
RegCloseKey

ole32

CLSIDFromString
StringFromCLSID
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree
CoLoadLibrary
CoFreeLibrary
CoGetCancelObject
OleCreateLink
HACCEL_UserUnmarshal
IsValidPtrIn
SNB_UserMarshal
HMETAFILEPICT_UserFree
CoRegisterClassObject
CoRegisterSurrogate
StgOpenStorageEx
EnableHookObject
HGLOBAL_UserFree
CoGetInstanceFromFile
StgOpenPropStg
OleConvertIStorageToOLESTREAMEx
DllGetClassObjectWOW
StgGetIFillLockBytesOnILockBytes
HICON_UserMarshal
CoSetState
HDC_UserFree
PropSysAllocString
CoUnmarshalHresult
OleRegGetUserType

winmm

mmioSendMessage
waveOutGetErrorTextW
timeSetEvent
midiStreamClose
mciGetDeviceIDW
mmioAdvance
PlaySound
mmioOpenW
mixerGetDevCapsA
mciDriverNotify
mciLoadCommandResource
mmioWrite
midiStreamPosition
waveInStart
midiOutGetErrorTextA
waveInGetDevCapsW
mmsystemGetVersion
mciSendCommandA
midiStreamPause
mciGetDeviceIDA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff484ef57ba20e160314c891178ff882

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

winmm

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 145KB - Virtual size: 329KB

.rdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 24KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 145KB - Virtual size: 329KB

.rdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 24KB