184f8639ad32d91a0d187fd494489016_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

184f8639ad32d91a0d187fd494489016_JaffaCakes118
Size

528KB
MD5

184f8639ad32d91a0d187fd494489016
SHA1

201e35ba433a59784215e885bba0ea0eca65e832
SHA256

f3724b587bd6976474e6666df2c6df34733df9b134a09dd78cbda85ca2ae87cf
SHA512

026fd2e73b11318f58bdf4dbf32f81bf1ac1b7676715a6681ff987fd78ff0e9c3ec0af2d4771454bc3d42357a329fbe4949fec6c82c8b52c0d85c98f25e44ef4
SSDEEP

12288:Qf8C1ksEwg4xmaKp5bpGlp5szoUxp3mH+Xcnu6qTOwIbVZyrKBDTm7y:QfTJJgsup51GlUzoop3NsXmgbVAeBmy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
184f8639ad32d91a0d187fd494489016_JaffaCakes118

Files

184f8639ad32d91a0d187fd494489016_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e69118c5bd466dad711b4221b55f6597

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

m:\xhh\aseedvse\lqqtb\jsiuuilj\t

Imports

advapi32

StartServiceW
LookupSecurityDescriptorPartsA
CryptSetHashParam
RegRestoreKeyW
RegSetValueW
RegDeleteKeyA
RegConnectRegistryW
RegEnumKeyExW
CryptReleaseContext
CryptGetUserKey
CryptHashData
DuplicateToken
CryptAcquireContextW
RegQueryMultipleValuesW
CryptGetKeyParam
RegSetValueA

shell32

DragQueryFileA
ShellAboutA
ShellExecuteEx
ExtractAssociatedIconA

user32

SetTimer
LoadCursorFromFileW
IsIconic
DdeGetData
RegisterClassA
EndDeferWindowPos
GetMessageTime
IntersectRect
FlashWindow
RegisterClassExA

kernel32

TlsGetValue
GetTickCount
OpenMutexA
GetStartupInfoA
CompareStringA
HeapReAlloc
VirtualAlloc
GetStartupInfoW
DeleteCriticalSection
IsValidLocale
QueryPerformanceCounter
GetStdHandle
GetModuleFileNameW
VirtualQuery
GetFileType
GetCommandLineW
InitializeCriticalSection
EnumSystemLocalesA
GetProcAddress
InterlockedExchange
IsValidCodePage
GetCurrentThread
VirtualProtect
GetEnvironmentStrings
GetTimeZoneInformation
GetCurrentThreadId
GetCurrentProcess
GetUserDefaultLCID
LeaveCriticalSection
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
FreeEnvironmentStringsW
GetCurrentProcessId
TlsAlloc
WriteFile
GetStringTypeA
HeapAlloc
GetVersionExA
LoadLibraryA
LCMapStringA
GetDateFormatA
GetModuleFileNameA
SetStdHandle
UnhandledExceptionFilter
ReadFile
SetLastError
HeapCreate
LCMapStringW
SetHandleCount
GetLastError
GetOEMCP
RtlUnwind
GetSystemInfo
GetTimeFormatA
GetSystemTimeAsFileTime
SetFilePointer
GetCommandLineA
HeapFree
GetLocaleInfoW
GetLocaleInfoA
FlushFileBuffers
IsBadWritePtr
TerminateProcess
CloseHandle
HeapSize
EnterCriticalSection
TlsSetValue
GetStringTypeW
GetModuleHandleA
GetCPInfo
CreateMutexA
TlsFree
FreeEnvironmentStringsA
CompareStringW
GetACP
SetEnvironmentVariableA
VirtualFree
ExitProcess
HeapDestroy

gdi32

GetPixel
DeleteEnhMetaFile
CreateDCA
GetNearestPaletteIndex
ColorCorrectPalette
SelectClipRgn
GetDeviceCaps
TranslateCharsetInfo
DeleteDC
GetRasterizerCaps
SetPolyFillMode
SetColorAdjustment
EndDoc
GetKerningPairsA
SetAbortProc
ExtSelectClipRgn
EnumFontFamiliesExW
GetObjectW

comctl32

ImageList_Remove
ImageList_GetImageInfo
ImageList_DragLeave
ImageList_SetBkColor
ImageList_LoadImageW
ImageList_EndDrag
DrawStatusTextA
InitCommonControlsEx
ImageList_SetDragCursorImage
ImageList_Destroy
GetEffectiveClientRect
ImageList_Write
DrawStatusText
ImageList_SetFilter
ImageList_Duplicate
ImageList_GetIcon
ImageList_GetImageRect
ImageList_SetImageCount
ImageList_GetIconSize
ImageList_Copy
ImageList_GetFlags

wininet

DetectAutoProxyUrl
GopherGetLocatorTypeA
FtpSetCurrentDirectoryW
UnlockUrlCacheEntryFile
FtpDeleteFileW

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e69118c5bd466dad711b4221b55f6597

Headers

File Characteristics

PDB Paths

Imports

advapi32

shell32

user32

kernel32

gdi32

comctl32

wininet

Sections

.text Size: 371KB - Virtual size: 371KB

.rdata Size: 25KB - Virtual size: 42KB

.data Size: 116KB - Virtual size: 115KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 371KB - Virtual size: 371KB

.rdata
Size: 25KB - Virtual size: 42KB

.data
Size: 116KB - Virtual size: 115KB

.rsrc
Size: 13KB - Virtual size: 13KB