11bf1dc9e5bad5b70d22e824482e0a17_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11bf1dc9e5bad5b70d22e824482e0a17_JaffaCakes118
Size

554KB
MD5

11bf1dc9e5bad5b70d22e824482e0a17
SHA1

77d3262774175c6dded19c0fbb0ad86fbe4bd0aa
SHA256

12c1d98db27e93ef70e5f23492f93cb28f8ac3208ad27cda7e9c356574fa2fa0
SHA512

94b18197b47aa429317bf0ff946aa6d3ca9d124579af74bac7aecd63035111d4987160dfc23b431c66fdd9ce13831298f84c9e75ab2ad600aafc6fdc4325fe14
SSDEEP

12288:eH3JEXP2+BIiKGUW6CxfjCw9b8z5615/tZewkUi:ugbeHRC9jv8i5/tYwa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11bf1dc9e5bad5b70d22e824482e0a17_JaffaCakes118

Files

11bf1dc9e5bad5b70d22e824482e0a17_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cafa14af13ac313465df227d4654ece9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProfileStringA
GetDriveTypeW
FindFirstFileA
GetOverlappedResult
GetTickCount
CloseHandle
GetNumberFormatW
GlobalFlags
DuplicateHandle
GetFileType
EnumCalendarInfoW
GetCommState
CreateMutexW
SetErrorMode
GetFileAttributesExA
SetConsoleTitleA
GetTimeZoneInformation
TlsGetValue
CreateNamedPipeW
WaitNamedPipeA
lstrcpyA
FindNextChangeNotification
LocalFileTimeToFileTime
ConnectNamedPipe
GetFullPathNameA
PeekNamedPipe
GetSystemDefaultLangID
lstrcmpiW
GetAtomNameA
GetOEMCP
SetCommMask
CreateMutexA
GlobalGetAtomNameW
GetBinaryTypeA
WriteConsoleOutputW
GetCPInfo
SetProcessShutdownParameters
CreateWaitableTimerA
EnumSystemCodePagesA
SetConsoleWindowInfo
SizeofResource
GetSystemInfo
FormatMessageW
IsBadWritePtr
VirtualUnlock
_hread
MultiByteToWideChar
CreatePipe
PeekConsoleInputW
IsBadStringPtrA
ReadFileScatter
LoadResource
LocalAlloc
CompareStringA
LocalReAlloc
SetProcessAffinityMask
SetConsoleOutputCP
GetFileAttributesA
SearchPathW
GlobalAddAtomA
GetModuleFileNameW
SetEvent
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GlobalUnlock
CreateDirectoryExA
WriteConsoleOutputCharacterA
SetCurrentDirectoryA
FreeEnvironmentStringsA
ExitProcess
_lopen
GetPrivateProfileStringA
GetDiskFreeSpaceExA
WritePrivateProfileStructA
GetPrivateProfileStringW
ReadDirectoryChangesW
GetVersion
PrepareTape
SystemTimeToFileTime
ScrollConsoleScreenBufferA
LocalLock
PulseEvent
WritePrivateProfileSectionW
ExitThread
SetLastError
EnumResourceLanguagesW
ReleaseSemaphore
Beep
CreateDirectoryW
GetTapeParameters
EnumResourceNamesA
VirtualLock
ClearCommBreak
AllocConsole
VirtualAllocEx
GetConsoleMode
GetDateFormatA
SetConsoleCursorPosition
GlobalDeleteAtom
MoveFileExA
GetModuleHandleA
lstrcmpiA
GetProcessHeap
GetWindowsDirectoryA

user32

InternalGetWindowText
ReplyMessage
DrawAnimatedRects
PostThreadMessageA
FindWindowA
GetProcessWindowStation
ChildWindowFromPointEx
DestroyCaret
SetWinEventHook

gdi32

ExtEscape
GetTextCharsetInfo
GetOutlineTextMetricsW
BeginPath
ScaleViewportExtEx
AbortDoc
WidenPath
GetObjectA
PlayMetaFile
CreateRoundRectRgn
EnumFontsA
GetBitmapBits
GetPolyFillMode
ExcludeClipRect

advapi32

RegDeleteKeyW
OpenThreadToken
RegDeleteValueA
AdjustTokenPrivileges
RegQueryValueExW
ImpersonateLoggedOnUser
OpenProcessToken
OpenServiceA
EnumServicesStatusA
RegQueryValueA
CryptGenRandom
IsValidSecurityDescriptor
EnumDependentServicesW
ControlService
RegCloseKey
DeleteAce
OpenEventLogW
SetEntriesInAclW
StartServiceA
SetTokenInformation
SetServiceObjectSecurity
RegSetKeySecurity
ObjectCloseAuditAlarmW
GetUserNameA
PrivilegeCheck
CryptDestroyKey
RegisterServiceCtrlHandlerA
CryptExportKey
CryptSetHashParam
AccessCheckAndAuditAlarmW
CryptAcquireContextW
DeleteService
SetSecurityInfo
QueryServiceConfigW
IsValidSid
GetLengthSid
RegRestoreKeyA
StartServiceW
AccessCheck
AllocateLocallyUniqueId
RegSetValueExA
RegSaveKeyA

shell32

SHGetSpecialFolderPathW
SHAddToRecentDocs
SHGetPathFromIDListA
SHFileOperationA
SHGetDesktopFolder
Shell_NotifyIconA
DragQueryPoint
SHGetSpecialFolderLocation
FindExecutableA
DragAcceptFiles

ole32

StgCreateStorageEx
CoReleaseMarshalData
CoCreateInstance
ReadClassStg
OleSetMenuDescriptor
PropVariantCopy

oleaut32

SafeArrayPutElement
LoadTypeLi

comctl32

ImageList_DragLeave
ImageList_DrawEx
ImageList_Destroy

shlwapi

UrlApplySchemeW
PathRemoveFileSpecW
SHDeleteValueW
PathSkipRootW
PathStripToRootA
wvnsprintfW
PathIsNetworkPathW
SHRegWriteUSValueW
SHDeleteKeyA
PathGetDriveNumberA
SHRegCreateUSKeyW
PathRenameExtensionW
PathIsUNCServerW
PathStripPathW
SHRegGetBoolUSValueW
StrFormatByteSizeA
StrCatBuffA
PathIsUNCA
SHRegGetBoolUSValueA
StrCmpNIW
PathFileExistsW
StrStrA

msvcrt

_mbstrlen
iswxdigit
fgets
setlocale
_strdup
puts
_mbscmp
_mbscat
_fcvt
isprint
_mbsrchr
bsearch
_mbslwr
wcslen
isdigit
_spawnvp
_vsnprintf
strncmp
_wsopen
_flushall
_splitpath
atoi
setbuf
getenv
_tzset
_snprintf
strftime
_chdir
__p__environ
iswalnum
memchr
_getdcwd
wcsncmp
strcoll
tmpnam
_ismbcdigit
_fdopen
_sopen
rand
_mbslen
_wfopen
system

Sections

.text
Size: 9KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cafa14af13ac313465df227d4654ece9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

msvcrt

Sections

.text Size: 9KB - Virtual size: 225KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 261KB - Virtual size: 260KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 9KB - Virtual size: 225KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 261KB - Virtual size: 260KB

.rsrc
Size: 16KB - Virtual size: 16KB