0df544944eaa329bfb5618027116b529_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0df544944eaa329bfb5618027116b529_JaffaCakes118
Size

455KB
MD5

0df544944eaa329bfb5618027116b529
SHA1

f362ad95c6b06aaad9d8489d890c9ec4f988f737
SHA256

ef6ed9a2d254fb10f1092eacb6e852e505bba16f4c17307bde56cbf6aaed06e2
SHA512

95cef0f01faff388010660e805ddb91a8fc8d546e3bb4ebbfccafa0371bccd82ce412680db7e0d520d852f75da70cff421971ff432b6b6c01f62dad814978b7a
SSDEEP

6144:+I+iejxwrqPFFNWWa/uP6fx80gXRFgxunCShSNdpRjFhRHbu8CKmT3fdJfe11wjU:kwmeWaG5X4uCS4dTjDJu8CKQjm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0df544944eaa329bfb5618027116b529_JaffaCakes118

Files

0df544944eaa329bfb5618027116b529_JaffaCakes118
.exe windows:5 windows x86 arch:x86

417414613590dbfcf7c48f9d88d9c88f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcRevertToSelf
RpcBindingFromStringBindingW

kernel32

LocalReAlloc
ExitProcess
GetStartupInfoW
SuspendThread
HeapDestroy
EnumResourceLanguagesW
GetFileTime
ReadFile
WritePrivateProfileStringW
lstrlenA
GetDriveTypeW
TlsAlloc
HeapSize
CreateEventW
CompareStringA
GlobalHandle
SystemTimeToFileTime
FatalAppExitA
GlobalFlags
GetCPInfo
CompareStringW
RaiseException
SetThreadPriority
FileTimeToLocalFileTime
lstrlenW
lstrcpyA
GetCurrentProcessId
LockResource
GetCommandLineW
GetFileAttributesA
GetCurrentThread
WaitForSingleObject
GetSystemInfo
CreateProcessW
VirtualFree
DeleteFileW
GlobalAlloc
CloseHandle
FindClose
GetThreadLocale
GetStdHandle
GetCommandLineA
LoadLibraryA
LoadResource
IsDebuggerPresent
FreeEnvironmentStringsA
SetFilePointer
HeapFree
GlobalFree
LCMapStringW
GetCurrentProcess
GetLastError
InterlockedIncrement
GlobalAddAtomW
GlobalGetAtomNameW
FreeEnvironmentStringsW
ConvertDefaultLocale
GetModuleFileNameW
GlobalFindAtomW
GetVersion
FileTimeToSystemTime
FindFirstFileW
GetFileAttributesW
FreeResource
ExitThread
SetLastError
CreateThread
SetEndOfFile
GlobalLock
SetUnhandledExceptionFilter
WriteFile
MoveFileW
CreateFileW
GlobalSize
CopyFileW
SetEvent
InterlockedExchange
GetACP
VirtualAlloc
DuplicateHandle
FindResourceW
GlobalReAlloc
TlsSetValue
TerminateProcess
SizeofResource
GetVolumeInformationW
HeapReAlloc
lstrcmpiW
TlsFree
MulDiv
GetStringTypeExW
SetErrorMode
GetCurrentThreadId
HeapCreate
WideCharToMultiByte
LeaveCriticalSection
GetOEMCP
GetFileSize
TlsGetValue
GetProcessHeap
GlobalDeleteAtom
UnhandledExceptionFilter
GetShortPathNameW
GetAtomNameW
GetLocaleInfoW
InitializeCriticalSection
HeapAlloc
LockFile
FormatMessageW
GlobalUnlock
DeleteCriticalSection
lstrcmpW
GetVersionExW
SetFileTime
GetEnvironmentStringsW
InterlockedDecrement
lstrcmpA
SetFileAttributesW
SetCurrentDirectoryA
FlushFileBuffers
EnterCriticalSection
LocalFileTimeToFileTime
ResumeThread
GetVersionExA
GetPrivateProfileIntW
GetFullPathNameW
GetModuleHandleA
SetHandleCount
LCMapStringA
GetPrivateProfileStringW
FindNextFileW
RtlUnwind
UnlockFile
IsValidCodePage
ResetEvent
GetEnvironmentStrings
GetCurrentDirectoryA
LocalAlloc
GetUserDefaultLCID
Sleep

version

GetFileVersionInfoSizeA

advapi32

RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyA
RegQueryValueExA
CryptAcquireContextA
RegDeleteValueA
CryptVerifySignatureA
RegEnumValueA
RegQueryInfoKeyA
CryptSetProviderA
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExA
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExA
RegEnumKeyExA
CryptSignHashA

comdlg32

PrintDlgA
GetOpenFileNameA

msvcrt

wcscat
atol
wcschr
bsearch
_except_handler3
_onexit
_initterm
_adjust_fdiv
sprintf
_wcsicmp
malloc
isdigit
strtoul
isupper
_snwprintf
isxdigit
wcslen
wcscpy
_ltoa
qsort
memmove
strncmp
_wcsnicmp
_itow
free
wcscmp
_ultoa
__dllonexit
_ltow

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CertCloseStore
CryptUnprotectData

wmi

WmiNotificationRegistrationW

comctl32

ImageList_Draw
ImageList_GetIconSize
PropertySheetW
CreatePropertySheetPageW
CreateToolbarEx
InitCommonControlsEx
ImageList_Destroy

ws2_32

WSALookupServiceBeginW
WSAAddressToStringA
freeaddrinfo
WSASendTo
WSARecvFrom
WSALookupServiceNextW
getnameinfo
WSAAddressToStringW
WSAStringToAddressA
WSAIoctl
WSAEventSelect
WSALookupServiceEnd
WSASocketW
getaddrinfo

shell32

SHGetFileInfoW
ExtractIconW

dnsapi

DnsReplaceRecordSetW
DnsValidateName_A
DnsApiAlloc

Sections

.data
Size: 4KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

417414613590dbfcf7c48f9d88d9c88f

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

version

advapi32

comdlg32

msvcrt

crypt32

wmi

comctl32

ws2_32

shell32

dnsapi

Sections

.data Size: 4KB - Virtual size: 1.8MB

.rsrc Size: 107KB - Virtual size: 107KB

.rdata Size: 28KB - Virtual size: 27KB

.text Size: 314KB - Virtual size: 314KB

.data
Size: 4KB - Virtual size: 1.8MB

.rsrc
Size: 107KB - Virtual size: 107KB

.rdata
Size: 28KB - Virtual size: 27KB

.text
Size: 314KB - Virtual size: 314KB