1618b70040a67d91ee2b90537c1e8ec1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1618b70040a67d91ee2b90537c1e8ec1_JaffaCakes118
Size

117KB
MD5

1618b70040a67d91ee2b90537c1e8ec1
SHA1

42bbe29f65e08350238e23ec31bb4f88857d59d9
SHA256

1db9c9d526bf9b23627d15a2c5cd0f29aac3e141e62bb134f5ee59a6b99c4f94
SHA512

af93262acd32e6bbe8fad475d23d4179f43c191876ee2fcfe4d417703907579aaafc8bd8666f649e1d06a4158fb9d277ff93665f1a85d49d5f63ff8bfc798b8a
SSDEEP

3072:zGrzJgxC5+ITyLZYB+TAp9Rj2idAEjrWmc3+zIjB+FQJD:S3Sk+ITyLItbRn9jr7/zIjEQJD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1618b70040a67d91ee2b90537c1e8ec1_JaffaCakes118

Files

1618b70040a67d91ee2b90537c1e8ec1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

49657a3c9bceba9abfd541410f6e1a58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyW
RegCreateKeyExW
GetTraceLoggerHandle
RegisterTraceGuidsW
RegQueryValueExW
UnregisterTraceGuids
RegSetValueExW
GetTraceEnableLevel
GetTraceEnableFlags
RegOpenKeyExW
RegCloseKey
TraceMessage

powrprof

CallNtPowerInformation

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

gdi32

SetBkColor
CreateSolidBrush
SetTextColor
CreateFontIndirectW
DeleteObject

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsExW

user32

DestroyWindow
RegisterClassExW
TranslateMessage
SetWindowLongW
ShowWindow
GetSysColorBrush
FindWindowW
SendDlgItemMessageW
UnregisterDeviceNotification
LoadIconW
GetWindowTextLengthW
GetParent
GetMessageW
DialogBoxParamW
GetDlgItem
CreateWindowExW
EnableWindow
SendMessageW
GetSysColor
PostMessageW
SetForegroundWindow
SetWindowTextW
SetTimer
GetDlgCtrlID
SetFocus
DefWindowProcW
SetActiveWindow
UnregisterClassW
DispatchMessageW
FindWindowExW
PostQuitMessage
IsDlgButtonChecked
CheckDlgButton
EndDialog
SetDlgItemTextW
LoadStringW
GetWindowTextW
GetWindowLongW
RegisterDeviceNotificationW
KillTimer

uxtheme

CloseThemeData
OpenThemeData
GetThemeColor
GetThemeFont

msvcrt

__p__commode
__set_app_type
_wcmdln
__setusermatherr
_vsnwprintf
exit
_cexit
_XcptFilter
__wgetmainargs
??3@YAXPAX@Z
?terminate@@YAXXZ
??2@YAPAXI@Z
_amsg_exit
_wcsicmp
_exit
__p__fmode
wcstoul
_initterm
memset
_controlfp

kernel32

GetLastError
GetTickCount
GetCurrentProcess
DeleteCriticalSection
GlobalAlloc
CloseHandle
GetCurrentThreadId
GetProcessVersion
SetUnhandledExceptionFilter
LeaveCriticalSection
InterlockedIncrement
WaitForSingleObject
CreateThread
WideCharToMultiByte
TerminateProcess
InterlockedDecrement
LocalAlloc
GetSystemTimeAsFileTime
FreeResource
ExitProcess
InitializeCriticalSection
EnterCriticalSection
GetStartupInfoW
UnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
LocalFree
LockResource
FindResourceW
InterlockedExchange
InterlockedCompareExchange
LoadResource
Sleep

shell32

CommandLineToArgvW
ShellExecuteExW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx

crypt32

CryptEncodeObjectEx
CertEnumSystemStoreLocation
CryptEncodeObject

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49657a3c9bceba9abfd541410f6e1a58

Headers

File Characteristics

Imports

advapi32

powrprof

wtsapi32

gdi32

setupapi

user32

uxtheme

msvcrt

kernel32

shell32

ole32

crypt32

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 46KB - Virtual size: 45KB

.rsrc Size: 1024B - Virtual size: 236KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 46KB - Virtual size: 45KB

.rsrc
Size: 1024B - Virtual size: 236KB