1063399486d060deec0167677b8a5290_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1063399486d060deec0167677b8a5290_JaffaCakes118
Size

104KB
MD5

1063399486d060deec0167677b8a5290
SHA1

cd5802d76c627d054384bd9b873d14f6fc0e1c40
SHA256

11269e72bcc15814adc520c5058818ffd8eac1f3ec02e3baa45cb9ab333bf0d6
SHA512

eee331966a1571ffd5b2a2c65ef715d651baf007c83bac8fa25219ee4408ff0a11abb8ee5482d80fa208c77d6941a83377d8987e3991f95b849f65507e452926
SSDEEP

1536:hEuLKU4+dwC/p0cQ7ZCAINqPDHuXnvE0oK1acpO+ntaR1d9Uak:hFLrp0cQ7QAINqPDHQncdOO+taZuN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1063399486d060deec0167677b8a5290_JaffaCakes118

Files

1063399486d060deec0167677b8a5290_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b51f22a4896575229889a74a6c48f13a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
ReadFile
EnterCriticalSection
GetFileSize
WriteFile
UnmapViewOfFile
MapViewOfFile
GetVersionExA
SetEvent
LeaveCriticalSection
GetSystemTime
InterlockedIncrement
InterlockedDecrement
SystemTimeToFileTime
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
CompareFileTime
CreateDirectoryA
FindResourceA
GetFileAttributesA
FindFirstFileA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
SetFileAttributesA
SetFileAttributesW
FindNextFileA
FindNextFileW
FindFirstFileW
GetFileAttributesW
ReleaseMutex
GetPrivateProfileIntA
GetPrivateProfileIntW
GetLastError
CreateThread
QueryPerformanceFrequency
MultiByteToWideChar
LoadResource
QueryPerformanceCounter
MoveFileA
MoveFileW
RemoveDirectoryA
RemoveDirectoryW
CreateMutexA
CreateMutexW
LoadLibraryA
WritePrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileStringW
CreateProcessA
CreateProcessW
lstrcpynA
GetProcAddress
FreeLibrary
SetFilePointer
IsBadReadPtr
GetCurrentThreadId
IsDBCSLeadByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetProcessTimes
GetCurrentProcess
GetLocalTime
FlushFileBuffers
GetAtomNameA
lstrcmpA
IsBadWritePtr
CreateFileMappingA
CreateFileMappingW
GetVersionExW
DeleteCriticalSection
InitializeCriticalSection
GetACP
GlobalFree
GlobalAlloc
LocalAlloc
LocalReAlloc
LocalFree
OpenProcess
CloseHandle
WaitForSingleObject
lstrlenA
ExitProcess
GetCommandLineA
GetTickCount
lstrlenW
FindClose
lstrcmpiA
WideCharToMultiByte
TerminateProcess
RtlUnwind

user32

GetWindowLongA
GetWindowLongW
GetWindowTextLengthA
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadStringW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
CharNextA
SendMessageTimeoutA
SendMessageA
SendMessageW
SetWindowLongA
SetWindowLongW
RegisterClassExA
RegisterClassExW
PostQuitMessage
FindWindowExW
FindWindowExA
FindWindowW
DispatchMessageA
DispatchMessageW
DefWindowProcA
DefWindowProcW
CreateDialogParamW
CreateWindowExW
CreateWindowExA
CreateDialogParamA
GetSystemMetrics
TranslateMessage
MsgWaitForMultipleObjects
DestroyWindow
GetWindowTextA
IsWindow
GetWindowThreadProcessId
GetDesktopWindow
DestroyIcon
GetDlgItem

shlwapi

SHSetValueW
PathAddExtensionW
StrCatBuffW
StrStrIW
StrToIntExW
StrChrW
PathRemoveBackslashW
PathCombineW
PathFindExtensionW
SHGetValueW
StrCpyNW
PathRemoveFileSpecW
PathFindFileNameW
PathAppendW
PathFileExistsW
StrCmpIW
PathFindFileNameA
PathAddBackslashW
wvnsprintfA
SHStrDupW
PathRemoveFileSpecA
PathAddBackslashA
SHRegGetUSValueW
StrCatBuffA
wnsprintfA
StrCmpNIW
StrToIntW
StrCmpNW
wnsprintfW

shfolder

SHGetFolderPathW

oleaut32

SysAllocString
SysFreeString

ole32

CreateBindCtx
StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitialize

advapi32

RegCloseKey
AllocateAndInitializeSid
FreeSid
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA

shell32

SHFileOperationA

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeW
VerQueryValueA

urlmon

CreateURLMoniker
RegisterBindStatusCallback

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b51f22a4896575229889a74a6c48f13a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

shfolder

oleaut32

ole32

advapi32

shell32

version

urlmon

Sections

.text Size: 60KB - Virtual size: 56KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 60KB - Virtual size: 56KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 36KB - Virtual size: 36KB