301d0c64f1e0005f72e9028c3b353a08_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

301d0c64f1e0005f72e9028c3b353a08_JaffaCakes118
Size

151KB
MD5

301d0c64f1e0005f72e9028c3b353a08
SHA1

50749c65f1b1c2693d6ec09a85a344498d7f6883
SHA256

bc49819ca1e9ad2e546a25576b7c674b78414bf9103bff5e9bab5593730aa7b7
SHA512

0bf7dd437f6e781de8fef744861b0978879c62605374687d159a3fa999b50325b7736dad911f8015493e8df196f3e6b329458ab728915464f0f42c69c80c3497
SSDEEP

1536:aINhkQ2lu6bwmleIHLKsNjCRfqgyYKKHsLKMKF6hJDE0mtMwIEvH1y9SL3eL+ggd:aINbKwgJLgf7nDVF6PUp1Yo3ICg4g3K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
301d0c64f1e0005f72e9028c3b353a08_JaffaCakes118

Files

301d0c64f1e0005f72e9028c3b353a08_JaffaCakes118
.exe windows:6 windows x86 arch:x86

c0e20b21e1b9caef7857d64a3fdea474

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

notepad.pdb

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyW
IsTextUnicode
RegSetValueExW

kernel32

GetFileInformationByHandle
FindNLSString
GlobalAlloc
GlobalUnlock
GlobalLock
CreateFileMappingW
GetDateFormatW
GetLocalTime
LocalUnlock
MapViewOfFile
MultiByteToWideChar
UnmapViewOfFile
LocalReAlloc
GetACP
DeleteFileW
SetEndOfFile
LocalLock
FormatMessageW
WideCharToMultiByte
SetLastError
WriteFile
GetLastError
LocalSize
GetFullPathNameW
MulDiv
GetCommandLineW
HeapSetInformation
GetCurrentProcessId
FoldStringW
lstrcmpW
GetFileAttributesW
FindFirstFileW
FindClose
GetTimeFormatW
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
lstrlenW
GetLocaleInfoW
GlobalFree
lstrcmpiW
SetErrorMode
CreateFileW
ReadFile
CloseHandle
LocalAlloc
InterlockedDecrement
LocalFree
InterlockedIncrement
GetUserDefaultUILanguage
UnhandledExceptionFilter

gdi32

SelectObject
SetMapMode
SetViewportExtEx
SetWindowExtEx
LPtoDP
SetBkMode
GetTextMetricsW
SetAbortProc
StartDocW
StartPage
EndPage
AbortDoc
EndDoc
DeleteDC
TextOutW
GetTextExtentPoint32W
CreateDCW
GetTextFaceW
EnumFontsW
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
DeleteObject

user32

GetClientRect
SetCursor
ReleaseDC
GetDC
DialogBoxParamW
SetActiveWindow
GetKeyboardLayout
PostQuitMessage
DefWindowProcW
GetForegroundWindow
IsIconic
DestroyWindow
MessageBeep
GetWindowPlacement
CharUpperW
RegisterClassExW
LoadImageW
LoadCursorW
SetWindowLongW
LoadAcceleratorsW
GetSystemMenu
SetWindowPlacement
CreateWindowExW
RegisterWindowMessageW
SetProcessDPIAware
SetScrollPos
ShowWindow
GetWindowLongW
PeekMessageW
EnableWindow
DrawTextExW
CreateDialogParamW
GetWindowTextW
MoveWindow
InvalidateRect
SendMessageW
CharNextW
CheckMenuItem
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetMenuState
EnableMenuItem
GetSubMenu
GetMenu
SetWinEventHook
GetMessageW
PostMessageW
MessageBoxW
GetFocus
WinHelpW
GetDlgCtrlID
EndDialog
GetWindowTextLengthW
LoadIconW
IsDialogMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
UpdateWindow
UnhookWinEvent
ChildWindowFromPoint
GetDlgItemTextW
SetDlgItemTextW
SetFocus
SetWindowTextW
GetParent
LoadStringW
SendDlgItemMessageW
GetCursorPos
ScreenToClient

msvcrt

?terminate@@YAXXZ
_controlfp
_vsnwprintf
memset
_wtol
memcpy
iswctype
localtime
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_amsg_exit
_initterm
_acmdln
exit
time
__getmainargs
_ismbblead
_XcptFilter
_exit
_cexit
__setusermatherr

comdlg32

GetSaveFileNameW
FindTextW
ReplaceTextW
PageSetupDlgW
PrintDlgExW
GetOpenFileNameW
CommDlgExtendedError
ChooseFontW
GetFileTitleW

shell32

DragAcceptFiles
DragQueryFileW
DragFinish
SHCreateItemFromParsingName
ShellAboutW

winspool.drv

GetPrinterDriverW
ClosePrinter
OpenPrinterW

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

shlwapi

PathIsFileSpecW
SHStrDupW

comctl32

CreateStatusWindowW
ord345

oleaut32

SysAllocString
SysFreeString

ntdll

WinSqmAddToStream

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0e20b21e1b9caef7857d64a3fdea474

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comdlg32

shell32

winspool.drv

ole32

shlwapi

comctl32

oleaut32

ntdll

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 103KB - Virtual size: 102KB

.reloc Size: 7KB - Virtual size: 20KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 103KB - Virtual size: 102KB

.reloc
Size: 7KB - Virtual size: 20KB