071ffd7cab9501a925bac7f596907b48_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

071ffd7cab9501a925bac7f596907b48_JaffaCakes118
Size

133KB
MD5

071ffd7cab9501a925bac7f596907b48
SHA1

6c9bbd8b1a6cf1114db6d40603f41468fe855d8c
SHA256

b6d7e15ca9550b80ef867f2a10249621cd94ed16ba789615771f9ce32f3c7702
SHA512

86bac6b7686bdb0f24d1e3bdc810da1406afbe8729cfc3ee0e5da6298dcc333e1d9c7e0532373fe6ff63843ab335dfd06ee71b4f2c9554211404f3af7ee59b45
SSDEEP

3072:Ea8VjaBkNcbla5Hb4VmdRxtciwmpVuS/IryXp3jFz4g732hJ:CGBk28/HvDVuSQkp3jag732h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
071ffd7cab9501a925bac7f596907b48_JaffaCakes118

Files

071ffd7cab9501a925bac7f596907b48_JaffaCakes118
.exe windows:5 windows x86 arch:x86

445759e010ec6293b105dcc02d4488a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerFindFileW
GetFileVersionInfoA
VerQueryValueW

kernel32

ResumeThread
OpenProcess
HeapSize
GetCommandLineW
GetFileSize
IsBadCodePtr
GetTickCount
GetThreadLocale
GetConsoleMode
CreateDirectoryW
GetWindowsDirectoryA
GetFileAttributesW
HeapFree
WaitForSingleObject
ExitProcess
lstrcmpA
OpenMutexA
FreeEnvironmentStringsA
IsDebuggerPresent
GetVersion
GetDriveTypeW
GetFileType
GetModuleHandleA
GetLastError
GetModuleHandleW
InitializeCriticalSection
Sleep
CompareStringW
GetProcessHeap
GetModuleFileNameA
FindResourceW
GetSystemTime
WriteFile
MulDiv
GetCurrentThreadId
MapViewOfFile
GetSystemTimeAsFileTime
GetCurrentProcessId
VirtualAlloc
CreateMutexW
lstrcpyA
DisableThreadLibraryCalls
IsDBCSLeadByte
SetLastError

user32

GetDesktopWindow
RegisterClipboardFormatW
SetWindowLongA
GetSysColorBrush
SetDlgItemTextA
GetCapture
RegisterClassExW
IsWindowEnabled
CallNextHookEx
EnableMenuItem
SetWindowTextW
GetDlgItem
ExitWindowsEx
PostMessageW
GetPropA
SystemParametersInfoW
InflateRect
GetClientRect
GetWindowRect
MessageBeep
IsDlgButtonChecked
PostQuitMessage
DestroyWindow
GetClassNameA
ChangeMenuA
GetWindowPlacement
PtInRect
GetSubMenu
CallWindowProcA
FindWindowA
SetForegroundWindow
CheckMenuItem
DispatchMessageA
GetWindowTextA
CharPrevA

msvcrt

_CxxThrowException
__wgetmainargs
_CIacos
__initenv
??0exception@@QAE@ABV0@@Z
_CIsqrt
atoi
fread
isxdigit
iswctype
wcstombs
isdigit
__badioinfo
wcscat
__setusermatherr
_ftol
_wcsicmp
memset
_ltow
__set_app_type
_wfopen
_stricmp
tolower
__p__fmode
time
wcsncpy
?terminate@@YAXXZ
strstr
_snwprintf
wcstok
_c_exit
_adjust_fdiv
fprintf
_exit
printf
__pioinfo
fflush
_purecall
_beginthreadex
iswdigit
__p__commode
wcsstr

comdlg32

ChooseColorW
GetOpenFileNameW
ChooseFontW
CommDlgExtendedError
FindTextA
GetSaveFileNameA
GetFileTitleA

ole32

CreateStreamOnHGlobal
CoUnmarshalInterface
OleRegGetUserType
StringFromCLSID
CoFreeUnusedLibraries
PropVariantClear
MkParseDisplayName
CoGetClassObject
ProgIDFromCLSID
CoTaskMemRealloc
ReadOleStg
CoTaskMemFree
CoCreateGuid
StgCreateDocfileOnILockBytes
StringFromIID
GetHGlobalFromStream
CoMarshalInterface
OleRegGetMiscStatus
WriteClassStm
StringFromGUID2
OleRegEnumVerbs
CoCreateInstanceEx
CLSIDFromProgID
OleInitialize
OleSaveToStream

advapi32

IsTextUnicode
AddAce
GetSidSubAuthority
RevertToSelf
RegSetValueA
QueryServiceStatus
DeleteAce
CryptGetHashParam
RegCreateKeyExA
CryptHashData
RegOpenKeyW
LockServiceDatabase
InitializeAcl
CryptDestroyHash
GetTraceEnableLevel
CryptCreateHash
OpenSCManagerW
SetEntriesInAclW
GetTraceEnableFlags
RegSetValueExA
RegEnumKeyA
CheckTokenMembership
RegCreateKeyW
CloseServiceHandle
ControlService
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
RegNotifyChangeKeyValue
IsValidAcl
GetSecurityDescriptorOwner
RegisterTraceGuidsW
RegConnectRegistryW
GetAclInformation
RegDeleteValueW
RegOpenKeyExA
RegFlushKey
AddAccessAllowedAce
ConvertSidToStringSidW
RegCloseKey
GetLengthSid
GetSecurityDescriptorLength
IsValidSid
ChangeServiceConfigW
RegOpenKeyA
CryptReleaseContext
AllocateAndInitializeSid
SetThreadToken

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 47KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

445759e010ec6293b105dcc02d4488a9

Headers

File Characteristics

Imports

version

kernel32

user32

msvcrt

comdlg32

ole32

advapi32

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 47KB - Virtual size: 164KB

.reloc Size: 512B - Virtual size: 496B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 47KB - Virtual size: 164KB

.reloc
Size: 512B - Virtual size: 496B