00d35b9c57d40ae5c31ddc5aaa62cb00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00d35b9c57d40ae5c31ddc5aaa62cb00_JaffaCakes118
Size

360KB
MD5

00d35b9c57d40ae5c31ddc5aaa62cb00
SHA1

7d121c8d6eabae36b5d8bb1cabc64ffbf7d41fc1
SHA256

4e27a9f25dd1212e08661aa1356e28b53212ed185531560ef4b8df3fdebbe922
SHA512

7b365b1338245f551e246ae49f3f712464734b6468baa924b06241b70aaadbb5a1c2ae459c8511f31d90cd4d6164f7ce7b08ae65c7e07ae13c27732e26980a0a
SSDEEP

6144:Sc+Mm86uIXASvk4h/ac7CE+RmG0bz/iqIV15yw+yv:SfM56uIXAUh/aW8WbDpIVnyw+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00d35b9c57d40ae5c31ddc5aaa62cb00_JaffaCakes118

Files

00d35b9c57d40ae5c31ddc5aaa62cb00_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5a1f195297642c812d0c09ba0f8daedc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\ts

Imports

comdlg32

GetSaveFileNameA

advapi32

CryptSignHashW
CryptGetKeyParam
CryptGetHashParam
CryptDuplicateHash
InitiateSystemShutdownW
CryptSetProviderExA
RegSetKeySecurity
RegQueryMultipleValuesA
CryptDecrypt
CreateServiceW
RegSaveKeyW
CryptReleaseContext
CryptDuplicateKey
RegSetValueExA

wininet

HttpSendRequestExA
InternetSetOptionExA
InternetConfirmZoneCrossing
InternetTimeToSystemTimeA
ShowX509EncodedCertificate
InternetAutodial
DeleteUrlCacheEntry
FindNextUrlCacheContainerA
InternetConfirmZoneCrossingA

comctl32

InitCommonControlsEx
ImageList_DragLeave
ImageList_GetIconSize
CreatePropertySheetPageA
ImageList_BeginDrag
ImageList_GetIcon
CreateStatusWindowA
ImageList_Duplicate
ImageList_Merge
ImageList_Copy
DrawInsert
ImageList_GetDragImage
ImageList_GetBkColor
DrawStatusTextW
ImageList_AddMasked
ImageList_Create
ImageList_Replace
ImageList_GetImageRect
InitMUILanguage
DrawStatusTextA
ImageList_Destroy
ImageList_Add

user32

CreateAcceleratorTableW
DdeInitializeA
EnumDisplayDevicesA
UnregisterClassW
CopyImage
CreateWindowExA
SetWindowsHookExW
DestroyWindow
GetWindowLongW
DrawFrame
CreateMenu
CloseWindow
ShowWindow
RegisterClassExA
ToAscii
FindWindowW
SetWindowTextW
RealChildWindowFromPoint
DrawCaption
DdeQueryStringW
InvalidateRect
DefWindowProcA
ShowScrollBar
MessageBoxA
SendInput
UnionRect
wvsprintfA
GetCursor
WinHelpA
GetClipboardData
GetDlgCtrlID
SetDlgItemInt
GetMenuDefaultItem
DrawTextExA
LoadMenuA
TranslateAcceleratorW
GetMessageExtraInfo
GetGuiResources
OpenIcon
GetCaretBlinkTime
DialogBoxParamA
DdeConnect
SetWindowLongA
SendMessageTimeoutA
RegisterClassA
DestroyCursor
MapDialogRect
GetNextDlgGroupItem
GetKeyboardState
DdeUnaccessData
CharToOemA

kernel32

SetLastError
GetCommandLineA
GetFileType
HeapAlloc
SetStdHandle
ExitProcess
GetCalendarInfoW
GetCurrentThreadId
GetModuleHandleW
VirtualAlloc
IsValidCodePage
EnumResourceLanguagesA
TerminateProcess
QueryPerformanceCounter
GetEnvironmentStringsW
TlsSetValue
GetCurrentDirectoryA
CompareStringA
GetProcAddress
GetCurrentProcess
WideCharToMultiByte
GetModuleFileNameA
TlsAlloc
UnhandledExceptionFilter
HeapReAlloc
ExpandEnvironmentStringsA
CreateFileMappingW
CreateMutexA
HeapFree
HeapCreate
GetPrivateProfileStringW
GetTimeFormatA
IsValidLocale
InterlockedDecrement
RemoveDirectoryW
GetLastError
GetLocaleInfoW
ReadFile
FlushFileBuffers
SetConsoleCtrlHandler
TlsGetValue
GetTickCount
InterlockedExchange
GetCurrentThread
GetACP
FreeEnvironmentStringsW
EnterCriticalSection
VirtualQuery
FreeEnvironmentStringsA
GetLocaleInfoA
LCMapStringA
WriteConsoleW
GetSystemTimeAsFileTime
GetConsoleOutputCP
CreateFileA
HeapDestroy
SetHandleCount
LoadLibraryA
RtlUnwind
EnumCalendarInfoA
OpenMutexA
VirtualFree
TlsFree
HeapSize
WriteConsoleA
GetOEMCP
SetFilePointer
GetCurrentProcessId
DeleteCriticalSection
GetTimeZoneInformation
GetConsoleMode
GetPrivateProfileSectionA
FindNextChangeNotification
GetAtomNameA
CompareStringW
GetUserDefaultLCID
SetFileAttributesA
SetEnvironmentVariableA
LeaveCriticalSection
GetEnvironmentStrings
MultiByteToWideChar
EnumSystemLocalesA
GetStdHandle
GetConsoleCP
LCMapStringW
GetDateFormatA
FreeLibrary
GetCPInfo
CreateDirectoryW
IsDebuggerPresent
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
GetStringTypeW
Sleep
GetStringTypeA
GetStartupInfoA
WriteFile
ConnectNamedPipe
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a1f195297642c812d0c09ba0f8daedc

Headers

File Characteristics

PDB Paths

Imports

comdlg32

advapi32

wininet

comctl32

user32

kernel32

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 88KB - Virtual size: 117KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 88KB - Virtual size: 117KB

.rsrc
Size: 24KB - Virtual size: 20KB