10905da22b22b49c1db20c3557bbeee6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10905da22b22b49c1db20c3557bbeee6_JaffaCakes118
Size

150KB
MD5

10905da22b22b49c1db20c3557bbeee6
SHA1

5c4741351b1f893ba89b9245ff99d7e85d0f1e6a
SHA256

06628da5226dfc59f70bfdb68be7bb7ab06ae8c5656cb5eeb5157f77f5489b48
SHA512

8b13aacbe2fcafd501fe5153fbb64041e73e2a6415c79d4d21e7ed102f3776fd9e1a466ec72647980976555b822b25267b5b12306795a41d1275cb296185f735
SSDEEP

3072:TYAWpz+LHEPJth3P/S+4XkXxzDGMjD3idn/jy2rQBsc:TC+LkPJ//ST0nrSxjy2rSx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10905da22b22b49c1db20c3557bbeee6_JaffaCakes118

Files

10905da22b22b49c1db20c3557bbeee6_JaffaCakes118
.exe .js windows:4 windows x86 arch:x86 polyglot

2f45fb0ef446119d6c3f305a42d55768

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\IPersist\Projects\KvmSMT\Midp_workspace_2_0_nhal_standalone-dll\Launcher\Release\Launcher.pdb

Imports

kernel32

GetLastError
MulDiv
GlobalUnlock
GlobalLock
lstrcmpA
WideCharToMultiByte
GetModuleFileNameA
SetLastError
lstrcmpiW
FreeLibrary
SizeofResource
LoadResource
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GlobalFree
GlobalHandle
LockResource
CloseHandle
UnmapViewOfFile
lstrlenW
MapViewOfFile
CreateFileMappingA
CreateFileA
GetProcAddress
LoadLibraryA
GetCurrentThreadId
ExitProcess
HeapSize
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
RtlUnwind
InterlockedIncrement
InterlockedDecrement
lstrlenA
FindResourceA
GlobalAlloc
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
IsBadReadPtr

user32

wsprintfA
RegisterClassExA
CreateWindowExA
CreateAcceleratorTableA
CharNextA
GetParent
GetClassNameA
SetWindowPos
GetDlgItem
IsWindow
SendMessageA
GetFocus
IsChild
GetWindow
SetFocus
BeginPaint
LoadCursorA
CallWindowProcA
GetDesktopWindow
UnregisterClassA
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetClientRect
FillRect
SetCapture
ReleaseCapture
GetSysColor
DestroyWindow
DefWindowProcA
DestroyAcceleratorTable
LoadStringA
GetWindowLongA
GetActiveWindow
MapDialogRect
SetWindowContextHelpId
GetWindowRect
SystemParametersInfoA
MapWindowPoints
EndDialog
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
EndPaint
GetClassInfoExA
SetWindowLongA
RedrawWindow
MessageBoxA

gdi32

CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject

advapi32

RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

ole32

CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

VariantCopyInd
VariantChangeType
DispCallFunc
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen
VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f45fb0ef446119d6c3f305a42d55768

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 916B

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 916B

.rsrc
Size: 12KB - Virtual size: 8KB