044f1af71b39c42e44c0f9dacf575e56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

044f1af71b39c42e44c0f9dacf575e56_JaffaCakes118
Size

133KB
MD5

044f1af71b39c42e44c0f9dacf575e56
SHA1

56166f7d489cd9ad0188439cc66cca6ac7fc2f07
SHA256

f72daff51f23190a200b50a3d7696e01304a3ce130a291c3ae6f1e51117eec10
SHA512

90f3670ea39f8b1915923180571aa98e9d69494f5fce62b5778c22d2ac489bca124736c7e863b9526d9130604397ec640f658b559cd080d6a3801d914b048e15
SSDEEP

3072:4ppwSNt39aRWSihBAAmvTO6zNiPte1eIlQXPy0Q5ip2:4ppwSNt39EWSkAAmLO6zU1e1eIlQXK03

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
044f1af71b39c42e44c0f9dacf575e56_JaffaCakes118

Files

044f1af71b39c42e44c0f9dacf575e56_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b9c1564cd44256286992ebefd1db04a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\build\source\rnadmin\rel32\RealOneMessageCenter.pdb

Imports

kernel32

DeleteFileA
CreateFileA
GetFileAttributesA
CreateDirectoryA
MoveFileA
GetTickCount
GetSystemInfo
GetVersion
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
SetCurrentDirectoryA
GetCurrentDirectoryA
IsBadWritePtr
VirtualProtect
IsBadReadPtr
GetModuleHandleA
WideCharToMultiByte
SetUnhandledExceptionFilter
TerminateThread
WaitForSingleObject
GetCurrentThreadId
SetProcessWorkingSetSize
GetCurrentProcess
CreateEventA
LocalFree
SetEvent
WaitForMultipleObjects
WriteFile
GetThreadContext
VirtualQuery
GetCurrentProcessId
OpenProcess
SetFilePointer
GlobalMemoryStatus
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
SetErrorMode
OpenMutexA
WinExec
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
CreateMutexA
GetLastError
CloseHandle
ReleaseMutex
CreateThread

user32

GetSystemMetrics
CharNextA
ReleaseDC
GetDC
DestroyMenu
DestroyIcon
GetSubMenu
SetTimer
IsWindow
KillTimer
FindWindowA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
RegisterWindowMessageA
BeginPaint
EndPaint
DefWindowProcA
PostMessageA

advapi32

RegEnumKeyExA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueA
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
FreeSid
RegQueryValueA

version

GetFileVersionInfoA
VerQueryValueA

gdi32

GetDeviceCaps

msvcr90

_time32
_putenv
_itoa
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
memset
atoi
strrchr
strncpy
malloc
free
realloc
memcpy
sprintf
_vsnprintf
memmove
getenv
printf
strchr
strstr
_ismbblead
_stricmp
??_V@YAXPAX@Z
??_U@YAPAXI@Z
strnlen
memcpy_s
memmove_s
_gmtime32
vsprintf
asctime
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv

shell32

SHGetFolderPathA

shlwapi

PathAddBackslashA
PathAppendA

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9c1564cd44256286992ebefd1db04a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

version

gdi32

msvcr90

shell32

shlwapi

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 6KB - Virtual size: 6KB

.rrdata Size: 60KB - Virtual size: 60KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 6KB

.rrdata
Size: 60KB - Virtual size: 60KB