1652a480cf96efcfbdf7f36799d2715e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1652a480cf96efcfbdf7f36799d2715e_JaffaCakes118
Size

1.2MB
MD5

1652a480cf96efcfbdf7f36799d2715e
SHA1

5236c4d2d34147e1ab024ad1464855a5b956af13
SHA256

c5d7f538d62acfdb25bb75e27cbdd8dd07653b8d4aab66c59cae981cce2566fc
SHA512

6cec9aae413d61a5e38365864cebbfb98900eb9d46444513b5720fe345c5a1ee96155c417de4b201d059f8d5a6880802280094997921698a75f7cd0bb44cd592
SSDEEP

24576:2+9HIPYNJdYoLdCxUtJv3EQCNBXMfWExCHflVJw65mKE0J3njvOw5ZN8pa2:tIg/WI9qzByMl5v3n7Ow5ZNEa2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1652a480cf96efcfbdf7f36799d2715e_JaffaCakes118

Files

1652a480cf96efcfbdf7f36799d2715e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

36b8909eeeca8918b49ec58509b74d13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

wcscspn
NtSetQuotaInformationFile
towupper

msvcrt

__wgetmainargs
fread
wcsrchr
fwrite
_controlfp
_errno
calloc
_wcslwr
fflush
wcslen
_wcsdup
wcscpy
_filelength
realloc
_mbscpy
wcsncmp
_wcmdln
isspace
_snwprintf
_CxxThrowException
_putenv
isalpha
_wcsicmp
_ftol
swscanf
free
fclose

ole32

CoCreateGuid
CoInitializeSecurity
CoCreateInstance

user32

CopyRect
RegisterClassExA
ShowWindow
IsIconic
GetWindowRect
CreateIconFromResource
SetActiveWindow
CreateWindowExA
FlashWindow
GetSystemMetrics
GetMenuItemCount
DestroyWindow
UpdateWindow
TranslateMessage
GetCursorPos
DestroyIcon
GetDesktopWindow
GetAsyncKeyState
SetTimer
ExitWindowsEx
MonitorFromWindow
CallNextHookEx
DefWindowProcA
RemoveMenu
SendMessageA
DrawFocusRect
GetMessageA
DispatchMessageA
SetParent

syssetup

AsrFreeContext

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder

kernel32

TerminateThread
HeapQueryInformation
GetVersion
OpenMutexA
ReleaseSemaphore
LeaveCriticalSection
CloseHandle
GetProcessHeap
EraseTape
LoadLibraryA
QueryPerformanceCounter
CreateMutexA
GetSystemTime
GetFileSize
LockFile
GetCurrentThreadId
MultiByteToWideChar
SetTapePosition
VerSetConditionMask
InitializeCriticalSection
GetLastError
ReleaseMutex
GetLocalTime
VirtualAlloc
TerminateProcess
GetTapeParameters
GetCurrentProcessId
Sleep
FindClose
SystemTimeToTzSpecificLocalTime
HeapAlloc
SetLastError
SetErrorMode

gdi32

DeleteObject
Rectangle

advapi32

DeleteAce
AllocateAndInitializeSid
CloseEncryptedFileRaw
RegOpenKeyExA
AdjustTokenPrivileges
OpenThreadToken
CheckTokenMembership
WriteEncryptedFileRaw
CloseServiceHandle
QueryServiceStatus
ControlService
AddAccessAllowedAce
FreeSid

setupapi

SetupFindNextLine

mpr

WNetCloseEnum

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 844KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36b8909eeeca8918b49ec58509b74d13

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

ole32

user32

syssetup

shell32

kernel32

gdi32

advapi32

setupapi

mpr

Sections

.text Size: 264KB - Virtual size: 264KB

.data Size: 95KB - Virtual size: 95KB

.rsrc Size: 844KB - Virtual size: 3.9MB

.text
Size: 264KB - Virtual size: 264KB

.data
Size: 95KB - Virtual size: 95KB

.rsrc
Size: 844KB - Virtual size: 3.9MB