26d571bced7ab9266962c6846180971e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26d571bced7ab9266962c6846180971e_JaffaCakes118
Size

2.2MB
MD5

26d571bced7ab9266962c6846180971e
SHA1

743aa2bb9ec6f89e754a245f160cfb2ff6c9ed90
SHA256

673d0c32fb89f96b4ef2d34e628ccd51bd2483505c9c1af7b673b0d160539623
SHA512

7db940e1efe5712b71603a105b1c8710a4fca419fec4afec31d20d06a625b0e0853abe6e24c4c40da3e9f6214a1bd37e825af1a4014181070e241254e8583d44
SSDEEP

49152:/TJEDWoyeRMKfyKAZ7CoDSbq0GoCpijOjSZEHb9ipELmBhO:/tE6teRVyF0ATSqRs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26d571bced7ab9266962c6846180971e_JaffaCakes118

Files

26d571bced7ab9266962c6846180971e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7cd8d4f08be9e5e2df12b349f146d4d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

gdi32

ModifyWorldTransform
SelectPalette
SetTextAlign
GetMapMode
PolyDraw
SetRectRgn
ScaleWindowExtEx
StartDocW
GetClipRgn
PatBlt
GetCurrentPositionEx
IntersectClipRect
CombineRgn
GetDCOrgEx
GetObjectW
ExtTextOutW
SetBkColor
CreateCompatibleDC
SelectObject
BitBlt
CreatePatternBrush
GetObjectType
LineTo

comctl32

ImageList_GetIconSize
PropertySheetW
CreateToolbarEx
ImageList_Destroy
ImageList_Draw
CreatePropertySheetPageW
InitCommonControlsEx

dnsapi

DnsApiFree
DnsReplaceRecordSetW
DnsValidateName_W

msvcrt

_wcsicmp
isupper
_itow
_ltoa
__dllonexit
strncpy
strtoul
_ltow
_except_handler3
strncmp
wcscat
qsort
free
wcschr
_snwprintf
isxdigit
atol
_wcsnicmp
sprintf
wcscpy
_onexit
_ultoa
_initterm
bsearch
wcscmp
wcslen

advapi32

RegDeleteValueW
CryptSignHashA
RegEnumValueW
RegCreateKeyExA
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueA
CryptVerifySignatureA
RegEnumKeyExA
RegCreateKeyExW
CryptAcquireContextA
RegSetValueExA
RegQueryInfoKeyA
RegQueryValueExA
CryptSetProviderA
RegCloseKey
RegDeleteKeyA
RegDeleteKeyW
RegEnumValueA
RegQueryValueExW

shell32

SHGetFileInfoW
ExtractIconW

kernel32

GetACP
SetEvent
GetSystemInfo
CreateProcessW
SuspendThread
GetAtomNameW
GetCurrentThreadId
lstrcmpiW
LockFile
LocalReAlloc
InterlockedDecrement
SetEndOfFile
GlobalFree
GetVolumeInformationW
LCMapStringW
GetVersionExA
GetModuleHandleA
WriteFile
VirtualAlloc
VirtualFree
GetShortPathNameW
SizeofResource
GetLocaleInfoW
GetPrivateProfileStringW
FindResourceW
ResumeThread
SetFileTime
GetLastError
CompareStringA
SystemTimeToFileTime
InitializeCriticalSection
GetUserDefaultLCID
CreateFileW
UnlockFile
ConvertDefaultLocale
GetVersion
GlobalDeleteAtom
HeapAlloc
EnumResourceLanguagesW
HeapCreate
TlsSetValue
lstrcpyA
LoadLibraryA
LoadResource
GetModuleFileNameW
LocalAlloc
TerminateProcess
FindClose
GetCommandLineW
lstrlenW
ReadFile
GetFileSize
SetErrorMode
LockResource
FreeEnvironmentStringsA
GetStringTypeExW
DeleteCriticalSection
SetHandleCount
SetCurrentDirectoryA
GetVersionExW
GetCurrentProcessId
MoveFileW
GlobalLock
GetStdHandle
CompareStringW
lstrcmpW
FormatMessageW
FindNextFileW
GlobalUnlock
SetFilePointer
CreateEventW
GetCommandLineA
TlsGetValue
GetDriveTypeW
FindFirstFileW
LCMapStringA
FreeResource
GetFullPathNameW
ExitThread
IsDebuggerPresent
HeapFree
lstrlenA
RaiseException
GetOEMCP
SetLastError
GetProcessHeap
DeleteFileW
SetThreadPriority
ExitProcess
TlsFree
GetFileAttributesW
GlobalAddAtomW
GlobalHandle
HeapReAlloc
GetEnvironmentStrings
GetStartupInfoW
GlobalReAlloc
FileTimeToSystemTime
GetFileAttributesA
GetCurrentProcess
TlsAlloc
GetFileTime
WritePrivateProfileStringW
DuplicateHandle
WideCharToMultiByte
FlushFileBuffers
GetThreadLocale
FatalAppExitA
InterlockedExchange
GetPrivateProfileIntW
HeapDestroy
SetUnhandledExceptionFilter
EnterCriticalSection
GetCurrentThread
GlobalFlags
WaitForSingleObject
CopyFileW
ResetEvent
lstrcmpA
GetCurrentDirectoryA
CreateThread
GlobalFindAtomW
Sleep
GetEnvironmentStringsW
LeaveCriticalSection
SetFileAttributesW
UnhandledExceptionFilter
GlobalSize
GlobalGetAtomNameW
GetCPInfo
GlobalAlloc
MulDiv
FileTimeToLocalFileTime
RtlUnwind
FreeEnvironmentStringsW
IsValidCodePage
LocalFileTimeToFileTime
InterlockedIncrement
HeapSize
CloseHandle

comdlg32

PrintDlgA
GetOpenFileNameA

Sections

.data
Size: 1.2MB - Virtual size: 12.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7cd8d4f08be9e5e2df12b349f146d4d7

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

comctl32

dnsapi

msvcrt

advapi32

shell32

kernel32

comdlg32

Sections

.data Size: 1.2MB - Virtual size: 12.8MB

.rsrc Size: 455KB - Virtual size: 455KB

.text Size: 313KB - Virtual size: 313KB

.reloc Size: 512B - Virtual size: 36B

.rdata Size: 219KB - Virtual size: 219KB

.tls Size: 512B - Virtual size: 4KB

.data
Size: 1.2MB - Virtual size: 12.8MB

.rsrc
Size: 455KB - Virtual size: 455KB

.text
Size: 313KB - Virtual size: 313KB

.reloc
Size: 512B - Virtual size: 36B

.rdata
Size: 219KB - Virtual size: 219KB

.tls
Size: 512B - Virtual size: 4KB