2a8f50be71bc689dbc15bc706f1763d6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2a8f50be71bc689dbc15bc706f1763d6_JaffaCakes118
Size

197KB
MD5

2a8f50be71bc689dbc15bc706f1763d6
SHA1

20f64f89c8cd3f9991373c205bb8628929fd5aa1
SHA256

7dfbae01c54162a523d7115d62ca465147ca66987e2eae57731d392360d043f9
SHA512

80f9bdd9d0e06b6d16fcc9a01a2de588ac2ada65d929b7488036e0c75aa32923adb9fa6c2b345ef3a17e4a178aca2df7d3e79bb3004b9352441e5fa69ee08795
SSDEEP

6144:UdvwMwjEmOInjZ5O/ET9z7Nwfb/Z3ZEaFqqDLu50:UdvwMwjnna+7I/Z3Ziqnu50

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a8f50be71bc689dbc15bc706f1763d6_JaffaCakes118

Files

2a8f50be71bc689dbc15bc706f1763d6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

16d96ad56ec9d399552cb8007322fa75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetProfileStringA
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
GetSystemDirectoryA
GetProfileStringW
FindClose
LoadLibraryExA
OutputDebugStringW
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
LoadLibraryA
lstrlenW
WideCharToMultiByte
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsGetValue
GetStdHandle
GetACP
GetOEMCP
WriteFile
VerLanguageNameW
FlushFileBuffers
SetStdHandle
GetSystemInfo
VirtualQuery
InterlockedIncrement
InterlockedDecrement
lstrlenA
HeapDestroy
GlobalUnlock
GlobalLock
lstrcpynA
SizeofResource
LoadResource
FindResourceA
lstrcpyA
lstrcatA
GlobalFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcmpiA
InterlockedCompareExchange
InterlockedExchange
GetComputerNameW
VerLanguageNameA
SetErrorMode
GetModuleFileNameA
DisableThreadLibraryCalls
GetVersionExA
GetDateFormatA
GetThreadLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
GetTempFileNameA
GetTempPathA
GetSystemDirectoryW
FreeLibrary
FormatMessageW
LoadLibraryExW
CloseHandle
SetEvent
GetProcAddress
lstrcpyW
Sleep
LoadLibraryW
GetCurrentThread
CreateThread
GetModuleHandleW
GetCurrentProcess
TerminateThread
LocalAlloc
LocalFree
FindAtomA
DeleteAtom
GetCommandLineA
VirtualAlloc
VirtualProtect

user32

MessageBoxW
EnableWindow
SetWindowLongA
LoadStringA
SendMessageW
CharNextA
SetDlgItemInt
RegisterClipboardFormatA
GetWindowRect
GetDlgItem
SendMessageA
LoadCursorA
GetWindow
CharUpperBuffW
GetActiveWindow
wsprintfA
EndDialog
SetFocus
SetCursor
DialogBoxParamW
ShowWindow
PostMessageA
IsWindow
SetWindowTextW
SetWindowTextA
GetWindowLongA
GetWindowTextW
LoadStringW
GetDesktopWindow
MoveWindow
GetSystemMetrics
GetWindowTextA
GetParent
GetDlgCtrlID
MessageBoxA
DialogBoxParamA

advapi32

LookupAccountSidW
GetLengthSid
CopySid
OpenProcessToken
OpenThreadToken
RegCloseKey
SetServiceStatus
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegFlushKey
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumValueW
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyW
RegEnumKeyExW
RegGetKeySecurity
RegConnectRegistryW
RegSaveKeyW
RegUnLoadKeyW
RegSetKeySecurity
RegQueryInfoKeyW
RegSetValueExW
RegLoadKeyW
RegDeleteKeyW
InitializeSecurityDescriptor
GetTokenInformation

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

rpcrt4

I_RpcMapWin32Status
RpcRevertToSelf
RpcImpersonateClient

msvcrt

free
_wcsnicmp
fopen
_winmajor
_wsplitpath
wcsncmp
wcsrchr
_errno
calloc
_fullpath
_wfullpath
_access
_waccess
_open
_wopen
_close
iswctype
_snwprintf
_wmakepath
sprintf
_splitpath
wcschr
_ltow
wcstol
fclose
fprintf
memset
memcpy
realloc
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
malloc
_wcsicmp
memmove
wcscpy
wcslen
wcscmp
wcsncpy
wcscat
wcsncat
swprintf
_except_handler3
__CxxFrameHandler

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16d96ad56ec9d399552cb8007322fa75

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

msvcrt

Sections

.text Size: 162KB - Virtual size: 161KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 20KB - Virtual size: 61KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 61KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB