2aa87ec0cde1448732ca1b57de5f1fea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2aa87ec0cde1448732ca1b57de5f1fea_JaffaCakes118
Size

688KB
MD5

2aa87ec0cde1448732ca1b57de5f1fea
SHA1

88b840d32893fd032bc2fc5a19ebd0ebac976d06
SHA256

6f33055857f560ea1f54db2a21970c919a3197893648697deadf3bfefcdd9f40
SHA512

47f9456087ae69ea25549fe2ba7d3d00fee0a35a2d2251652faceb71f0d97011357a7c8ff92b1a04602cdbbaa1450b95ee57e6345655bd4ebdf641e12046f236
SSDEEP

6144:8+PbnFqcF4PbgCmbSekHPgM0E87zyd99P5e/Q+RXL7lEzm41:8M5qiYbCOYE872d1mRXL7lESU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2aa87ec0cde1448732ca1b57de5f1fea_JaffaCakes118

Files

2aa87ec0cde1448732ca1b57de5f1fea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

39f29e70e2389022f9208bd40f57afb9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Ladik\Appdir\FileSpy\bin\Win32\Release\FileSpy.pdb

Imports

kernel32

SetEvent
GetCurrentThread
GetVersionExW
GetProcessHeap
CompareFileTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetStdHandle
GetSystemDirectoryW
GetDiskFreeSpaceW
SearchPathW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
FreeLibrary
LoadLibraryW
FindResourceW
SizeofResource
LoadResource
LockResource
GetTickCount
GetCurrentProcess
OpenProcess
HeapReAlloc
CreateMutexW
ReleaseMutex
QueryDosDeviceW
SetFilePointer
WideCharToMultiByte
GetFileType
SetEnvironmentVariableA
CompareStringA
CreateFileA
HeapSize
SetEndOfFile
FreeResource
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
InterlockedExchange
FlushFileBuffers
InitializeCriticalSection
GetLocaleInfoW
LoadLibraryA
SetConsoleCtrlHandler
VirtualAlloc
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
FatalAppExitA
RaiseException
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoW
GetVersionExA
RtlUnwind
FormatMessageW
CompareStringW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
GetWindowsDirectoryW
Sleep
SetStdHandle
GetModuleHandleW
GetFileSize
ReadFile
MultiByteToWideChar
OutputDebugStringW
CreateEventW
GetProcAddress
GetDateFormatW
GetTimeFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
DeviceIoControl
HeapAlloc
CreateFileW
WriteFile
DeleteFileW
GetLastError
GetFileAttributesW
MoveFileW
MoveFileExW
CreateThread
SetThreadPriority
CloseHandle
GetSystemInfo
GetLogicalDrives
GetDriveTypeW
HeapFree
WriteConsoleW

user32

GetSystemMetrics
CallWindowProcW
SetCursor
GetWindowLongW
GetClassNameW
SetWindowLongW
SendMessageW
SendMessageA
PtInRect
GetDC
ReleaseDC
GetClassInfoExW
RegisterClassExW
DefWindowProcW
EnableMenuItem
GetMenu
MoveWindow
FindWindowW
EnumWindows
LoadAcceleratorsW
TranslateAcceleratorW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
GetWindowPlacement
LoadMenuW
GetSubMenu
TrackPopupMenu
DestroyMenu
WaitForInputIdle
LoadIconW
InvalidateRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadStringA
RemoveMenu
IsWindow
IsIconic
ClientToScreen
CharUpperW
BringWindowToTop
GetSystemMenu
GetMenuState
AppendMenuW
CheckMenuItem
GetCursorPos
WindowFromPoint
GetMenuItemCount
GetMenuStringW
GetMenuItemID
IsWindowEnabled
GetCursor
LoadCursorW
GetDlgItemTextW
GetDlgItemInt
GetWindowTextLengthW
SetFocus
SetWindowTextW
GetAsyncKeyState
CreateDialogParamW
KillTimer
SetTimer
PostMessageW
GetParent
SetForegroundWindow
SetDlgItemInt
SetDlgItemTextW
ShowWindow
MessageBeep
ScreenToClient
LoadImageW
CreateCursor
MessageBoxW
DestroyWindow
CreateDialogIndirectParamW
SendDlgItemMessageA
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetDlgItemTextA
IsWindowVisible
EnableWindow
GetClientRect
GetWindowRect
SetWindowPos
LoadStringW
CreateWindowExW
IsDlgButtonChecked
CheckDlgButton
DialogBoxParamW
EndDialog
GetWindow
GetDlgItem
GetWindowTextW

gdi32

SetBkMode
GetStockObject
SetTextColor
TextOutW
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W
SetWindowOrgEx
GetWindowOrgEx
RestoreDC
SaveDC
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

comdlg32

GetSaveFileNameW
ChooseFontW

advapi32

LookupPrivilegeValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
EnumServicesStatusExW
GetLengthSid
CreateServiceW
StartServiceW
QueryServiceConfigW
DeleteService
ControlService
QueryServiceStatus
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CloseServiceHandle
InitiateSystemShutdownW
RegDeleteKeyW
RegEnumKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenThreadToken
OpenProcessToken
DuplicateToken
AllocateAndInitializeSid
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AddAccessAllowedAce
InitializeAcl
AdjustTokenPrivileges

shell32

ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

comctl32

ImageList_Create
ImageList_ReplaceIcon
ord17

ntdll

RtlInitUnicodeString
NtQueryInformationProcess
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlNtStatusToDosError
NtQueryInformationFile
NtOpenFile
NtQuerySystemInformation
NtCreateFile
NtClose
NtQueryVolumeInformationFile

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 296KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39f29e70e2389022f9208bd40f57afb9

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ntdll

version

Sections

.text Size: 296KB - Virtual size: 294KB

.rdata Size: 208KB - Virtual size: 206KB

.data Size: 28KB - Virtual size: 43KB

.rsrc Size: 152KB - Virtual size: 148KB

.text
Size: 296KB - Virtual size: 294KB

.rdata
Size: 208KB - Virtual size: 206KB

.data
Size: 28KB - Virtual size: 43KB

.rsrc
Size: 152KB - Virtual size: 148KB