3ca5e3b8abb644c650ecf80afc6531d0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3ca5e3b8abb644c650ecf80afc6531d0_JaffaCakes118
Size

760KB
MD5

3ca5e3b8abb644c650ecf80afc6531d0
SHA1

61488a12253916626a344aec1d19f23e6ddc1c48
SHA256

2616dbf48ec47daa8abbbb595f354f55e94e3b245c55c6399ae1780c9f44a1f0
SHA512

f4146ee3131b0c30277b56c6f269517177a36819c6eb061765ff24a9717f25de77ee96d85c05a74e7e18c380ed438787417a0217893464fe517c7f92a54e6e85
SSDEEP

6144:53FXV3DpbW0ZB1TjCz7wdo4AnPlAADhXWA9/hKuuiwMhbgOurkaZq6KMSuRzOOeI:533dLLZjCz8SGERsq03M6KMQOE0N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ca5e3b8abb644c650ecf80afc6531d0_JaffaCakes118

Files

3ca5e3b8abb644c650ecf80afc6531d0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6455c3a938101142b9879a091e74d5d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
DebugBreak
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindResourceW
FlushFileBuffers
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeA
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLongPathNameA
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleW
GetProcessHeap
GetStartupInfoW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
CreateFileMappingW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
HeapAlloc
HeapDestroy
CreateMutexW
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryW
LoadResource
LockResource
MapViewOfFile
MultiByteToWideChar
QueryDosDeviceW
QueryPerformanceCounter
ReadFile
ReleaseMutex
RtlUnwind
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenA
lstrlenW
CreateFileMappingA
CreateFileA
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CompareFileTime
CloseHandle
VirtualAllocEx
LoadLibraryA
GetProcAddress
GetDriveTypeW
Sleep
CreateMutexA
HeapFree
CreateFileW
GetVolumeInformationW
GetModuleHandleA

user32

LoadIconA
CharNextA
DispatchMessageW
GetMessageA
KillTimer
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageW
PostThreadMessageA
SetTimer
TranslateMessage
LoadIconW

gdi32

DeleteMetaFile
DeleteEnhMetaFile

advapi32

RegOpenKeyExA
GetFileSecurityW
GetSecurityDescriptorControl
GetSecurityDescriptorLength
IsValidSecurityDescriptor
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW
TraceMessage
RegQueryValueExA

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
SHFileOperationW
SHGetSpecialFolderLocation

ole32

CLSIDFromString
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoGetMalloc
StringFromCLSID
PropVariantCopy
PropVariantClear
CreateStreamOnHGlobal
CoUnmarshalInterface
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoReleaseMarshalData
CoMarshalInterface
CoMarshalInterThreadInterfaceInStream
CoInitializeEx

shlwapi

PathUndecorateW
PathRemoveFileSpecW
PathRemoveBackslashW
PathGetCharTypeA
PathGetCharTypeW

msvcrt

_snwprintf
wcstoul
wcstombs
wcsstr
wcsrchr
wcspbrk
wcsncpy
wcsncmp
wcslen
wcscpy
wcschr
towupper
towlower
swscanf
rand
qsort
memset
memmove
memcpy
_CIpow
_CIsqrt
_XcptFilter
__dllonexit
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
_adjust_fdiv
_amsg_exit
_beginthreadex
_cexit
_controlfp
_exit
_initterm
_lock
_onexit
_purecall
_unlock
_vsnwprintf
_wcmdln
_wcsicmp
_wcsnicmp
_wtoi
_wtoi64
_wtol
abs
atoi
bsearch
exit
floor
free
iswalnum
iswdigit
iswspace
malloc
memcmp

Sections

.text
Size: 731KB - Virtual size: 731KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6455c3a938101142b9879a091e74d5d9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

msvcrt

Sections

.text Size: 731KB - Virtual size: 731KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 1KB - Virtual size: 1KB

.text2 Size: 16KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 376B

.text
Size: 731KB - Virtual size: 731KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 1KB - Virtual size: 1KB

.text2
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 376B