10f6c6f2b570cd1304687321236bc9a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10f6c6f2b570cd1304687321236bc9a1_JaffaCakes118
Size

65KB
MD5

10f6c6f2b570cd1304687321236bc9a1
SHA1

13882a201c4016960e9e49f63e2c21ac3758f460
SHA256

01bfa822f5d8f9a38147af09d1326383e0aef022a783b1729087c97952e139e7
SHA512

344319c41518d0a78c7e67526b51fa6b9da93c8bba23f34f341d48b74991db0a9143c04670cb83364cb67337b8ac561579dbec806c4ec3912cc95b4ebed93f54
SSDEEP

1536:HNKHWMQ14SFSEy2lLYuyshS7tnbr2uqQ1e3DU/9lJV8K:yWJ14SFfyMLYKSVqxDcl5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10f6c6f2b570cd1304687321236bc9a1_JaffaCakes118

Files

10f6c6f2b570cd1304687321236bc9a1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7346577445516ad3e97d77238515bc17

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsURLW
PathFindFileNameW
StrDupW
StrCatBuffW
PathRemoveFileSpecA
PathSkipRootW
PathIsRootW
StrChrW
StrToIntW
StrToIntExW
SHDeleteValueA
PathFindExtensionW
SHStrDupW
PathFindExtensionA
StrCpyW
PathRemoveFileSpecW
StrRetToBufW
SHSetValueW
PathIsUNCW
PathGetDriveNumberW
StrCmpW
PathRemoveBlanksW
SHGetValueW
PathFileExistsW
StrCmpNIA
PathAppendA
UrlCanonicalizeW
StrCatW
PathRemoveBackslashW

msvcrt

_wsplitpath
strrchr
_CIpow
_unlock
_ltoa
wcsstr
_wfopen
_ultow
iswalpha
wcsncat
srand
_ftol
_c_exit
__set_app_type
_snprintf
fread
fflush
__initenv
__p__commode
isalnum
strstr
isdigit
iswspace
__setusermatherr
__p__fmode
_vsnprintf
fprintf
memset

kernel32

GetCurrentProcessId
SetEndOfFile
LeaveCriticalSection
GetConsoleOutputCP
ExitProcess
GetCommandLineA
lstrcpynA
InitializeCriticalSectionAndSpinCount
ResetEvent
GetCurrentThreadId
GetFileAttributesW
GetModuleFileNameA
DeleteFileW
CreateFileW
VirtualFree
lstrcpynW
GetThreadLocale
WriteFile
QueryPerformanceCounter
TlsSetValue
GetFileType
CompareStringW
GetCurrentThread
GetProcessHeap
HeapAlloc
lstrcmpW
VirtualQuery
CreateEventW
LoadLibraryW
FindResourceA
DeleteFileA
CreateMutexA
GetStringTypeW
SetErrorMode
VirtualAlloc
lstrcatA
DisableThreadLibraryCalls
GetExitCodeThread
lstrcatW
HeapReAlloc
GetSystemDirectoryA
SetStdHandle
SystemTimeToFileTime
GetStringTypeA
lstrcmpA

ole32

CreateILockBytesOnHGlobal
ReadFmtUserTypeStg
CoSetProxyBlanket
OleRun
PropVariantClear
CoInitializeSecurity
OleLoadFromStream
IIDFromString
ProgIDFromCLSID
PropVariantCopy
OleRegGetUserType
CoUnmarshalInterface
CoFreeUnusedLibraries
MkParseDisplayName
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoMarshalInterface
StgOpenStorage
CoCreateGuid
CreateOleAdviseHolder
GetRunningObjectTable
StgCreateDocfileOnILockBytes
OleSaveToStream
GetHGlobalFromStream
CreateBindCtx
CoRevokeClassObject
OleUninitialize
OleRegGetMiscStatus
StringFromCLSID

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueA

ntdll

RtlSetSaclSecurityDescriptor
RtlRaiseStatus
RtlValidSid
RtlInitializeCriticalSection
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
NtCreateSection
NtAdjustPrivilegesToken
NtDeleteValueKey
NtQueryVolumeInformationFile
NtCancelIoFile
RtlAcquireResourceShared
RtlSystemTimeToLocalTime
RtlUpcaseUnicodeChar
memmove
NlsMbCodePageTag
DbgBreakPoint
NlsMbOemCodePageTag
DbgPrint
RtlOpenCurrentUser
RtlAppendUnicodeStringToString

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7346577445516ad3e97d77238515bc17

Headers

File Characteristics

Imports

shlwapi

msvcrt

kernel32

ole32

version

ntdll

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 24KB - Virtual size: 84KB

.idata Size: 21KB - Virtual size: 21KB

.reloc Size: 512B - Virtual size: 486B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 24KB - Virtual size: 84KB

.idata
Size: 21KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 486B