09aef66ef3747180a271fdb96265bb87_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

09aef66ef3747180a271fdb96265bb87_JaffaCakes118
Size

259KB
MD5

09aef66ef3747180a271fdb96265bb87
SHA1

04d1b5002e1feb51c95921c83eb5a86364d3ed1a
SHA256

0ed0b619edbc3c85e36f9c3224aa40687c796c63dd1eed267b2c37abc5b5a0a2
SHA512

80d11ad06704ce748d86f554157cb8be6d4fd8dd009e0688fabc02700ebd77c6df4bcad95de97428d64f1d5d3caa48de93e1743117234f2dec9295b050f1c982
SSDEEP

6144:B5xKftQnNCHpi2TtNtbhrxK2ytw2rbTXe:PxKftQnNCHpiKN31K2n2rbTXe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09aef66ef3747180a271fdb96265bb87_JaffaCakes118

Files

09aef66ef3747180a271fdb96265bb87_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8967d36777b0ea760ab28666a2bee12c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\nukorwvs\leafezev\stz\qrsyk.pdb

Imports

kernel32

GetCurrentThreadId
InitializeCriticalSection
RemoveDirectoryA
EnterCriticalSection
CreateMutexA
SetHandleCount
GetLocalTime
AddAtomW
FlushFileBuffers
HeapReAlloc
GetCurrentThread
CompareStringW
InterlockedDecrement
DeleteCriticalSection
GetSystemTime
SetLastError
GetVersion
TlsSetValue
GlobalFix
TlsAlloc
GetStartupInfoA
GetProcAddress
ReadFile
HeapFree
UnhandledExceptionFilter
CloseHandle
GetACP
GetModuleFileNameA
GetOEMCP
GetFileType
SetStdHandle
FreeEnvironmentStringsA
SetFilePointer
LCMapStringA
RtlUnwind
MultiByteToWideChar
IsBadWritePtr
LeaveCriticalSection
CompareStringA
GetCurrentProcess
GetTickCount
OutputDebugStringW
InterlockedExchange
GetStdHandle
VirtualAlloc
FreeEnvironmentStringsW
LoadLibraryA
TlsGetValue
ExitProcess
SetConsoleTitleA
GetStringTypeW
GetPrivateProfileIntA
VirtualFree
GetTimeZoneInformation
WideCharToMultiByte
GetLastError
GetCommandLineA
HeapDestroy
OpenMutexA
GetStringTypeA
TlsFree
TerminateProcess
FindNextFileA
GetModuleHandleA
VirtualQuery
GetEnvironmentStrings
lstrcmpW
InterlockedIncrement
ReadConsoleA
WriteFile
GetCPInfo
GetEnvironmentStringsW
LCMapStringW
QueryPerformanceCounter
MoveFileExW
HeapCreate
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
SetEnvironmentVariableA

user32

DestroyMenu
GetScrollPos
CreateWindowExW
CallWindowProcW
GetKeyNameTextA
GetForegroundWindow
ShowWindow
SetScrollRange
SwitchToThisWindow
SetWindowPlacement
GetWindowWord
MessageBoxA
EnumPropsA
GetMenuItemID
RedrawWindow
RegisterClassExA
ClientToScreen
RegisterClassA
BeginDeferWindowPos
GetCaretPos
TranslateAccelerator
VkKeyScanA
CreateDialogIndirectParamW
LoadMenuIndirectW
CharPrevA
LoadMenuA

gdi32

GetLogColorSpaceA
Rectangle
CreateFontA
EnumFontFamiliesW
GetGraphicsMode
SetBoundsRect
PlayMetaFileRecord
DescribePixelFormat
GetLayout
TranslateCharsetInfo
CreatePatternBrush
gdiPlaySpoolStream
ExtCreateRegion
GetCharWidthFloatA
CancelDC
SetBkMode
GetObjectType
ScaleWindowExtEx
UpdateICMRegKeyA
SetBitmapDimensionEx
EqualRgn
PolyTextOutW

comctl32

CreatePropertySheetPage
CreateToolbarEx
ImageList_SetFilter
ImageList_Read
ImageList_LoadImageA
ImageList_Destroy
DestroyPropertySheetPage
ImageList_SetImageCount
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_Draw
ImageList_GetImageInfo
InitCommonControlsEx
ImageList_GetIcon
_TrackMouseEvent
ImageList_SetOverlayImage

advapi32

RegDeleteKeyW
CryptReleaseContext
CryptEnumProvidersW
CryptSetProviderW
RegReplaceKeyW
CreateServiceA
RegCreateKeyA
GetUserNameW
RegOpenKeyW
RegEnumKeyExA
RegCreateKeyExA
CryptContextAddRef
CryptAcquireContextA
CryptEncrypt
RegLoadKeyA
InitializeSecurityDescriptor
LookupAccountSidW
CryptDecrypt
CryptGetHashParam
RegQueryInfoKeyA
LookupSecurityDescriptorPartsW
CryptSetKeyParam
CryptEnumProviderTypesW
CryptImportKey
RegSetValueW

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8967d36777b0ea760ab28666a2bee12c

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comctl32

advapi32

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 19KB - Virtual size: 37KB

.data Size: 87KB - Virtual size: 86KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 19KB - Virtual size: 37KB

.data
Size: 87KB - Virtual size: 86KB

.rsrc
Size: 9KB - Virtual size: 8KB