154203bd648f89c326645632c33bf61d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

154203bd648f89c326645632c33bf61d_JaffaCakes118
Size

452KB
MD5

154203bd648f89c326645632c33bf61d
SHA1

2a3159ed31f32e4d6539cdf9dd583286a9dd1c90
SHA256

bacf343837d0ffb2245dbaa8c4a5f9b486c4a0b9aa804e9c6d2e6e4e36b766a8
SHA512

66f455b3e0d5f578f708134ebdd9acea41d47391d6798d6840c25af7867e9c026300a0afeec5e7bf2008e0972818fee215b9b260fec06ec20451002f2a1b3dd4
SSDEEP

6144:Mmf11f1os+kQ2lHwMZLSNk0olUukrUgr9rRbjLSspZ3I9CJC+EF+gE33rLXEbret:lvC2XiolUzrUm9rRPLzb49CDwet

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
154203bd648f89c326645632c33bf61d_JaffaCakes118

Files

154203bd648f89c326645632c33bf61d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0dd24a051b59a12ef4e6fe6f0a2acd9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
MultiByteToWideChar
SetUnhandledExceptionFilter
HeapAlloc
GetProcessHeap
HeapFree
GetExitCodeProcess
WaitForSingleObject
LocalAlloc
SetEvent
OpenEventW
CreateThread
lstrcmpiW
LoadLibraryW
GetModuleHandleW
GetWindowsDirectoryW
LocalFree
GetSystemWow64DirectoryW
GetFullPathNameW
lstrlenW
CreateEventW
CloseHandle
GetProcAddress
FreeLibrary
LoadLibraryExW
GetVolumePathNamesForVolumeNameW
ExpandEnvironmentStringsW
MoveFileExW
CreateFileW
QueryPerformanceCounter
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
SetErrorMode
GetFileAttributesW
DeleteFileW
CreateDirectoryW
FormatMessageW
FindClose
FindNextFileW
FindFirstFileW
DeviceIoControl
UnmapViewOfFile
MapViewOfFile
GetSystemWindowsDirectoryW
lstrcatW
ReleaseMutex
CreateFileMappingW
lstrcpyW
GetComputerNameW
CreateMutexW
GetUserDefaultUILanguage
ResetEvent
SearchPathW
lstrcpynW
lstrlenA
lstrcpyA
MoveFileW
GetModuleHandleA
GetLastError
EnterCriticalSection
LeaveCriticalSection
VerSetConditionMask
WideCharToMultiByte
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
SetLastError
Sleep
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
GetSystemDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCommandLineA
VirtualProtect
VirtualFree
VerifyVersionInfoW
VirtualAlloc

user32

GetDC
GetSystemMetrics
SetWindowTextW
MoveWindow
FindWindowW
CharPrevW
SetCursor
GetSysColor
LoadIconW
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
GetDlgItemTextW
SetDlgItemTextW
CheckDlgButton
GetWindow
SendDlgItemMessageW
DestroyIcon
GetWindowLongW
SetWindowLongW
IsDlgButtonChecked
SetTimer
KillTimer
RegisterWindowMessageW
EndDialog
IsWindow
ShowWindow
LoadStringW
GetParent
PostMessageW
MessageBoxW
CheckRadioButton
GetDlgItem
SendMessageW
GetWindowRect
EnableWindow

advapi32

CreateProcessWithLogonW
RegCloseKey
RegQueryValueExW
TraceMessage
ConvertStringSecurityDescriptorToSecurityDescriptorW
CloseTrace
DuplicateToken
CreateWellKnownSid
GetTokenInformation
CheckTokenMembership
StartTraceW
ControlTraceW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ReportEventW
RegOpenKeyExW

gdi32

GetObjectW
DeleteObject
CreateFontIndirectW
GetDeviceCaps

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoInitialize
CoUninitialize

rpcrt4

RpcImpersonateClient
RpcRevertToSelf

msvcr71

__setusermatherr
__getmainargs
_cexit
_XcptFilter
_exit
_c_exit
_CxxThrowException
_finite
strncmp
_errno
_resetstkoflw
memmove
wcschr
_ultow
_ismbblead
memcpy
_wcsnicmp
_initterm
_acmdln
exit
_vscwprintf
iswspace
wcsrchr
_amsg_exit
memset
_vsnwprintf
free
malloc
_wcsicmp
_unlock
_except_handler3
__p__commode
__p__fmode
__set_app_type
_adjust_fdiv
_controlfp
_onexit
__dllonexit

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 267KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dd24a051b59a12ef4e6fe6f0a2acd9d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

rpcrt4

msvcr71

Sections

.text Size: 177KB - Virtual size: 176KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 267KB - Virtual size: 532KB

.sxdata Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 177KB - Virtual size: 176KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 267KB - Virtual size: 532KB

.sxdata
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB