16aa724ae6183da3c3e208f5d05f28a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16aa724ae6183da3c3e208f5d05f28a5_JaffaCakes118
Size

376KB
MD5

16aa724ae6183da3c3e208f5d05f28a5
SHA1

6797d97cad6cb88d6c189a6722d27b7c5269ff8a
SHA256

81411a241d436a11fd68e9866d6210ebc1c0a136307fa22798572593d477c218
SHA512

0792446fc75ccb88c792b574edc44f6511e095fa8a6a00ebce6b67b914a69a6d86846f83f3914480383b0e77941f831704b26b4a1ac6f78327b2184065f87e69
SSDEEP

6144:40eokfjEnHpofORs27QkhlnUdK5eltMqPkzjQQ:LeVjEnHpofORs271hJw6elSjQQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16aa724ae6183da3c3e208f5d05f28a5_JaffaCakes118

Files

16aa724ae6183da3c3e208f5d05f28a5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

448ba6918a655f6a15d24ebc193d1f23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

lstrlenA
DeleteFileA
CopyFileA
GetModuleFileNameA
lstrcpynA
GetCurrentThreadId
lstrcpyA
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
HeapFree
GetProcessHeap
MulDiv
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
CreateDirectoryA
GetFileAttributesA
GetTempPathA
SetFileAttributesA
GlobalMemoryStatus
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CloseHandle
GetFileSize
CreateFileA
SystemTimeToFileTime
CompareFileTime
GetFileTime
GetSystemDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
ReadFile
WriteFile
LockResource
FindResourceExA
SetLastError
WinExec
lstrcatA
GetWindowsDirectoryA
GlobalFree
GlobalHandle
QueryPerformanceCounter
GetCurrentProcessId
IsBadCodePtr
IsBadReadPtr
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
SetStdHandle
GetStdHandle
SetHandleCount
SetEndOfFile
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
GetLocalTime
SetFilePointer
GetFileType
TerminateProcess
ExitProcess
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
lstrcmpiA
InterlockedDecrement
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FileTimeToSystemTime
GetModuleHandleA
GetTickCount
SetFileTime

user32

MapWindowPoints
SetDlgItemTextA
KillTimer
SetTimer
BringWindowToTop
RegisterWindowMessageA
GetWindowTextLengthA
PostQuitMessage
DefWindowProcA
DispatchMessageA
TranslateMessage
SystemParametersInfoA
LoadStringA
RegisterClassA
LoadCursorA
FindWindowA
ShowWindow
CreateWindowExA
PostThreadMessageA
GetWindowRect
AdjustWindowRectEx
LoadIconA
SetWindowContextHelpId
MapDialogRect
EndDialog
MessageBoxA
CreateDialogParamA
CreateDialogIndirectParamA
IsDialogMessageA
GetMessageA
PeekMessageA
GetWindowTextA
SetWindowTextA
GetClassInfoExA
wsprintfA
RegisterClassExA
CreateAcceleratorTableA
GetParent
GetClassNameA
DestroyWindow
RedrawWindow
IsWindow
GetDlgItem
SetFocus
IsChild
DestroyAcceleratorTable
BeginPaint
EndPaint
InvalidateRgn
InvalidateRect
FillRect
SetCapture
ReleaseCapture
GetDC
ReleaseDC
GetDesktopWindow
GetSysColor
CallWindowProcA
GetFocus
MoveWindow
SendMessageA
GetWindow
GetClientRect
GetWindowLongA
SetWindowLongA
GetAsyncKeyState
GetKeyState
PostMessageA
CharNextA
UnregisterClassA
SetWindowPos

gdi32

CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetDeviceCaps
GetObjectA
GetStockObject

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA

ole32

OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleUninitialize
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StringFromCLSID
CoUninitialize
CoInitialize
OleLockRunning

oleaut32

LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
DispCallFunc
VariantClear
VariantInit
SysStringLen
SysAllocString
SysAllocStringLen
VarUI4FromStr
SysFreeString
LoadTypeLi

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msnc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

448ba6918a655f6a15d24ebc193d1f23

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 252KB - Virtual size: 250KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 28KB - Virtual size: 48KB

.rsrc Size: 28KB - Virtual size: 26KB

.msnc Size: 20KB - Virtual size: 20KB

.text
Size: 252KB - Virtual size: 250KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 28KB - Virtual size: 48KB

.rsrc
Size: 28KB - Virtual size: 26KB

.msnc
Size: 20KB - Virtual size: 20KB