19536f5a190df20b8d8b94b6c58aab88_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

19536f5a190df20b8d8b94b6c58aab88_JaffaCakes118
Size

329KB
MD5

19536f5a190df20b8d8b94b6c58aab88
SHA1

bc54b52e37168a1442002030d48c489b7347fb89
SHA256

63a6658162b60cb7d2ba971b9c4efd6b54e7845592023e240310e8ca141f4924
SHA512

4f27c06cfd5e2ec75050bdb57e279ece02a485450e481ed82f4eece456c2e4144ceae93b5a87bd94e8b82e1458629d5df4575aa45b3aae778044ced18a518c64
SSDEEP

6144:FKzdgl/ZWKOtAObo7zoooocIuFp1rgvW+TrGlbiRenD+uwELn6eVJTOF:ugnWvtFoQvmvW8KlshVAG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
19536f5a190df20b8d8b94b6c58aab88_JaffaCakes118

Files

19536f5a190df20b8d8b94b6c58aab88_JaffaCakes118
.exe windows:5 windows x86 arch:x86

64a574328faca3de90597572f0eb40b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RealChildWindowFromPoint
SendMessageW
GetMouseMovePointsEx
ToAsciiEx
VkKeyScanExA
SetScrollPos
GetFocus
GetDC
GetWindowTextA
CloseWindow
GetScrollPos
AppendMenuA
GetGUIThreadInfo
GetScrollBarInfo
IsCharLowerA
ReleaseCapture

ole32

CoDisconnectObject
OleDestroyMenuDescriptor

advapi32

RegDeleteValueW

gdi32

DeleteMetaFile
GetAspectRatioFilterEx
EndPage
Arc
SetColorSpace
ColorMatchToTarget
GetDCOrgEx
CreateHatchBrush
CreateCompatibleDC
StartDocW
SetROP2
GetBrushOrgEx
GetGlyphOutlineW
GetMapMode
GetCharABCWidthsA
SetViewportExtEx
GetCharWidth32W
ResetDCW
FrameRgn
SetBkMode
GetTextMetricsW
GetLayout
GetRgnBox
MaskBlt
GetTextColor
EnumICMProfilesA

netapi32

NetWkstaTransportAdd

winspool.drv

DocumentPropertiesW

kernel32

GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapSize
VirtualProtect
GetCPInfo
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
UnhandledExceptionFilter
OpenProcess
CreateMemoryResourceNotification
DefineDosDeviceW
SetPriorityClass
SetProcessPriorityBoost
EncodeSystemPointer
LockFile
MapUserPhysicalPagesScatter
GetCurrentProcess
GetEnvironmentStrings
CreateDirectoryA
CreateProcessA
DeleteFileA
FindResourceA
FormatMessageA
GetACP
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFullPathNameA
GetLocaleInfoA
GetModuleFileNameA
GetProcAddress
GetSystemDefaultLCID
GetSystemInfo
GetUserDefaultLangID
GetVersionExA
GetWindowsDirectoryA
IsDBCSLeadByte
LoadLibraryA
LoadResource
LockResource
RemoveDirectoryA
SetErrorMode
SetLastError
SizeofResource
Sleep
VirtualQuery
CloseHandle
CreateFileA
ExitProcess
GetFileType
GetSystemTime
GetFileSize
GetStdHandle
RaiseException
ReadFile
RtlUnwind
SetEndOfFile
SetFilePointer
WriteFile
GetCommandLineA
GetLastError
GetModuleHandleA
MultiByteToWideChar
TlsGetValue
TlsSetValue
WideCharToMultiByte
LocalAlloc
LocalFree
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateSemaphoreW
lstrcmpW
lstrcmpiA
GetSystemDirectoryW
DebugActiveProcessStop
SetThreadContext
FindClose
HeapCreate
GlobalMemoryStatus
GetVolumeInformationA
FindFirstFileW
CreateProcessW
GetTimeFormatA
HeapReAlloc
HeapAlloc
GetStartupInfoA
HeapFree
SetUnhandledExceptionFilter
GetModuleHandleW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
TlsAlloc
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64a574328faca3de90597572f0eb40b6

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

advapi32

gdi32

netapi32

winspool.drv

kernel32

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 13KB - Virtual size: 339KB

.rsrc Size: 198KB - Virtual size: 197KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 13KB - Virtual size: 339KB

.rsrc
Size: 198KB - Virtual size: 197KB