0be754407adb9a4fbbebf9817e106828_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0be754407adb9a4fbbebf9817e106828_JaffaCakes118
Size

199KB
MD5

0be754407adb9a4fbbebf9817e106828
SHA1

45e72a75e09871f949cc4d6eaeae7cccaf56b155
SHA256

6239c3ac2fba6ea2f268dc598afd14837237c31dcca44076a337994d9402d4e5
SHA512

d59d3006e7b4fa9e0cbc3581459848043c7472ac074998188e2dcf26a9d32aa38668d3fce820a3c58ee05949dada7b748aa1301ca45f530173ae5463d03e1121
SSDEEP

1536:pfmwDzObRHh7YMzl2fwV5/MvZAFFRkpGKohP4mRXJyErXutihdr:p+wDzCRHh0Mzlsy1tFRkLohPlH+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0be754407adb9a4fbbebf9817e106828_JaffaCakes118

Files

0be754407adb9a4fbbebf9817e106828_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b174f6695e016be15a38e3edb911f80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegEnumValueW
RegEnumKeyExA
GetAce
GetLengthSid
InitializeAcl
GetAclInformation
ImpersonateLoggedOnUser
RegSetValueExA
AdjustTokenPrivileges
IsValidAcl
MakeSelfRelativeSD
EqualSid
GetTokenInformation
GetTraceEnableLevel
OpenServiceW
GetSecurityDescriptorControl
RegEnumKeyW
RegSetValueExW
RegNotifyChangeKeyValue
GetSecurityDescriptorDacl
OpenProcessToken
RegOpenKeyA
RegOpenKeyW
UnregisterTraceGuids
StartServiceW
CryptDestroyKey
OpenThreadToken
IsValidSecurityDescriptor
ReportEventW
InitializeSecurityDescriptor
AllocateAndInitializeSid
RegEnumKeyExW
RegQueryInfoKeyW
CryptAcquireContextA
CryptGetHashParam
SetSecurityDescriptorDacl
SetEntriesInAclW

user32

GetDesktopWindow
LoadCursorA
GetWindowRect
CheckDlgButton
LoadBitmapA
GetMessageW
MessageBoxW
EndDialog
RegisterClassExW
PeekMessageA
FindWindowA
GetMenu
CallWindowProcA
ClipCursor
TranslateMessage
GetClassNameW
GetSystemMenu
GetCapture
GetFocus
SetCapture
CallWindowProcW
DragObject
GetSysColorBrush
GetActiveWindow
GetSubMenu
ReleaseCapture
GetCursorPos
IntersectRect
IsChild
GetSystemMetrics
IsWindow
PostMessageA
GetClientRect

msvcrt

_XcptFilter
wcsrchr
_ultoa
__wgetmainargs
memset
_strnicmp
__p__osver
_fileno
fseek
_iob
rand
wcsncat
isleadbyte
_itoa
time
sscanf
wcstol
towupper
fclose
_stat
strstr
_ftol
_strdup
strrchr
srand
iswdigit
_rotr
_controlfp
_except_handler3
towlower
__set_app_type

comdlg32

GetOpenFileNameA
ChooseFontA
ChooseColorA
ChooseFontW
GetOpenFileNameW
GetSaveFileNameA
FindTextA
GetFileTitleA

kernel32

FormatMessageA
GetUserDefaultLCID
CreateDirectoryA
GetCurrentThreadId
RemoveDirectoryW
lstrcmpW
FileTimeToSystemTime
LeaveCriticalSection
ReadFile
lstrcatA
GetOEMCP
GetThreadLocale
CloseHandle
CompareStringW
SetFileAttributesW
ReleaseMutex
DeviceIoControl
WriteConsoleW
lstrcpynA
GetModuleHandleA
IsDBCSLeadByte
LCMapStringA
ExitProcess
CreateFileA
VirtualAlloc
ReleaseSemaphore
GetCommandLineW
lstrcpynW
FileTimeToLocalFileTime
FreeLibrary

shell32

SHGetMalloc
DragQueryFileW
DragQueryFileA
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHFileOperationW
ShellExecuteExW

ole32

OleLoadFromStream
StgCreateDocfile
CoUnmarshalInterface
CoInitialize
StringFromGUID2
OleUninitialize
OleInitialize
CoDisconnectObject
OleRegGetMiscStatus
StgIsStorageFile
CreateILockBytesOnHGlobal
CoMarshalInterThreadInterfaceInStream
CLSIDFromString
CoReleaseMarshalData
OleSaveToStream
OleRegGetUserType
GetRunningObjectTable
CoCreateInstanceEx
CoTaskMemFree
CoSetProxyBlanket
ReleaseStgMedium
CreateDataAdviseHolder

oleaut32

SysAllocStringLen
RegisterTypeLib
SafeArrayCreate
VariantChangeTypeEx
SysStringLen
VariantCopy
SysReAllocStringLen
GetErrorInfo
SafeArrayPtrOfIndex

Sections

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 69KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 77KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b174f6695e016be15a38e3edb911f80

Headers

File Characteristics

Imports

advapi32

user32

msvcrt

comdlg32

kernel32

shell32

ole32

oleaut32

Sections

.rdata Size: 7KB - Virtual size: 6KB

.text Size: 10KB - Virtual size: 9KB

DATA Size: 34KB - Virtual size: 34KB

BSS Size: 69KB - Virtual size: 81KB

.rdata Size: 77KB - Virtual size: 126KB

.rdata
Size: 7KB - Virtual size: 6KB

.text
Size: 10KB - Virtual size: 9KB

DATA
Size: 34KB - Virtual size: 34KB

BSS
Size: 69KB - Virtual size: 81KB

.rdata
Size: 77KB - Virtual size: 126KB