171075e66d3d764ae57831e6207e16f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

171075e66d3d764ae57831e6207e16f1_JaffaCakes118
Size

533KB
MD5

171075e66d3d764ae57831e6207e16f1
SHA1

2fa6837ee4c974172720f6a062d7583807d9d16b
SHA256

78f7535da6010638da98c515c2e8cbeacdaf99bf9bf0e81e4908466cfbdc7930
SHA512

cdd3b454f78c203d16394940b55f24def8ef3ab23dac8c79a50f2a589c383663a2f4e402fa6f29727d4fb1c0102d9ba22c990bab43101d99e39c81d289af7ecb
SSDEEP

12288:EZKeVVrg/WOlH+IzbIIENpatCgnZVMsHLRglCIeG4wN:ERZTsHTYIXDMsHLRglveG4wN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
171075e66d3d764ae57831e6207e16f1_JaffaCakes118

Files

171075e66d3d764ae57831e6207e16f1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a9dde4de001a113cf315b39b7247815a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

U:\itself\inherent\but\events\acce.pdb

Imports

kernel32

SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
WriteFile
OutputDebugStringA
InterlockedIncrement
WriteConsoleW
GetFileType
OutputDebugStringW
LoadLibraryW
SetHandleCount
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
CloseHandle
GetLocaleInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
CreateFileW
SetEndOfFile
GlobalFree
GetProfileStringA
HeapCreate
lstrlenW
WideCharToMultiByte
CreateFileA
GetLogicalDrives
FindFirstFileA
FindNextFileA
GetModuleFileNameA
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
GetCPInfo
MultiByteToWideChar
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
GetModuleHandleW
GetProcAddress
RtlUnwind
RaiseException
FreeEnvironmentStringsW
GetStdHandle
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
FindClose
HeapAlloc
GlobalAlloc
GetModuleHandleA
GetLastError
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapValidate
IsBadReadPtr
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetProcessHeap

user32

GetForegroundWindow
SendMessageA
GetIconInfo
EnumWindows
EndDialog
SendDlgItemMessageA
FillRect
SetRect
ScreenToClient
ReleaseDC
SetScrollPos
InvalidateRect
GetDC
SetScrollRange
DialogBoxParamA
SetWindowLongA
GetDlgItem
GetWindow
DefRawInputProc
MessageBoxW
DrawIcon
GetDesktopWindow
SetFocus
GetClientRect
MoveWindow
ShowWindow
GetClipCursor
GetWindowRect
IsWindowVisible
GetWindowLongA
SetActiveWindow
GetWindowTextA
GetParent
SetDlgItemTextA
SetWindowPos
GetSystemMetrics
MessageBoxA
FindWindowExA
PostQuitMessage
LoadBitmapA
CreateWindowExA
FindWindowA
SetWindowRgn
DefWindowProcA
UpdateWindow

gdi32

CreateEllipticRgnIndirect
CreateMetaFileA
SetMapMode
SetWindowExtEx
SetWindowOrgEx
CreateFontIndirectA
SelectObject
ExtTextOutA
MoveToEx
LineTo
DeleteObject
CloseMetaFile
DeleteMetaFile
StartDocA
StartPage
Escape
EndPage
EndDoc
CreateDCA
GetTextMetricsA
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateCompatibleBitmap
GetObjectA
BitBlt
ExcludeClipRect
SelectClipRgn
CreateSolidBrush
CreateHalftonePalette
GetPaletteEntries

comdlg32

PrintDlgA

advapi32

SetTokenInformation
AllocateAndInitializeSid
RegQueryValueExW
RegCloseKey
OpenTraceA
RegOpenKeyExW
FreeSid

shell32

SHGetFileInfoW
ord727
SHGetFolderPathW
SHGetFolderPathA

ole32

StgCreateDocfile
WriteClassStg
StgOpenStorage
CoUninitialize
CoCreateInstance
CoInitialize
ReadClassStg

ws2_32

inet_addr

iphlpapi

SendARP

shlwapi

PathAppendA
StrStrIA

comctl32

ImageList_Create
ord17
ImageList_Add
CreateToolbarEx

Sections

.text
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9dde4de001a113cf315b39b7247815a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

iphlpapi

shlwapi

comctl32

Sections

.text Size: 417KB - Virtual size: 417KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 13KB - Virtual size: 21KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 41KB - Virtual size: 40KB

.text
Size: 417KB - Virtual size: 417KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 13KB - Virtual size: 21KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 41KB - Virtual size: 40KB