37c116f5adc831b3767f687447067b72_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37c116f5adc831b3767f687447067b72_JaffaCakes118
Size

294KB
MD5

37c116f5adc831b3767f687447067b72
SHA1

c4222b65833c45dd36ee5c0880afbdd1edbd2c68
SHA256

9d2c8d7a3b0e278c7ec4d1864bdd47664ac7af0ff6afca96ad1e189a3cb8968e
SHA512

bbea40dda4b332719ffd74e1479e14faa3164faca73de2edf2ceb4d6fc7d96abee59b383a4950a2b82fcbe346e5a3690be971b80e45d08e018e3c12c5e9c8a9c
SSDEEP

6144:kpQCd1au9KZBXD7Bp3A4JwQzVKINYtYpeRrBaS8dt:kpQyau9KbfBpw3QzVKINI/r8S8d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37c116f5adc831b3767f687447067b72_JaffaCakes118

Files

37c116f5adc831b3767f687447067b72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e814f6caefb67615e11a1e3d0d9ba5b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PeekMessageW
TranslateMessage
FindWindowExW
GetClassNameW
GetWindowThreadProcessId
DispatchMessageW
MsgWaitForMultipleObjectsEx
GetWindowLongW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoCreateGuid
OleRun

psapi

GetModuleFileNameExW
EnumProcessModules

shlwapi

PathRemoveFileSpecW
StrCmpW
StrStrIA
PathFileExistsW
SHDeleteEmptyKeyW

kernel32

SetThreadPriority
UnhandledExceptionFilter
ExpandEnvironmentStringsW
SizeofResource
OpenProcess
LockResource
WideCharToMultiByte
FormatMessageW
LoadLibraryExW
OpenFileMappingW
GetSystemTimeAsFileTime
HeapFree
GetTempFileNameW
ResumeThread
TerminateThread
IsDebuggerPresent
DeleteFileW
CloseHandle
WaitForMultipleObjects
ReleaseMutex
GetTempPathW
GlobalFree
SetLastError
LoadResource
WaitForSingleObject
CreateFileMappingW
CreateThread
RaiseException
GlobalAlloc
FindResourceW
GetCurrentThreadId
EnterCriticalSection
HeapDestroy
HeapReAlloc
lstrlenA
GlobalLock
GlobalUnlock
GetModuleHandleW
FindClose
FindNextFileW
CreateEventW
SetFilePointer
LeaveCriticalSection
FindFirstFileW
HeapAlloc
GetFileSize
MapViewOfFile
SetUnhandledExceptionFilter
CreateFileW
GetSystemInfo
GetProcessHeap
QueryPerformanceFrequency
UnmapViewOfFile
lstrcpyW
OpenMutexW
VirtualQuery
FreeLibrary
OpenEventW
FindResourceExW
CreateMutexW
OutputDebugStringW
DeleteCriticalSection
HeapSize
ResetEvent
WriteFile
lstrlenW
GetLocalTime
LocalAlloc
CreateDirectoryW
LocalFree
InitializeCriticalSectionAndSpinCount
CompareFileTime
VirtualAlloc

oleaut32

SysStringLen
VarUdateFromDate
SysFreeString
SysStringByteLen
VarCmp
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

advapi32

RegOpenKeyExW
FreeSid
SetNamedSecurityInfoW
RegOpenKeyW
RegQueryInfoKeyW
RegSetValueExW
InitializeSecurityDescriptor
RegEnumKeyW
GetSidSubAuthority
GetSidSubAuthorityCount
GetLengthSid
RegCloseKey
SetSecurityDescriptorSacl
CryptReleaseContext
InitializeAcl
GetNamedSecurityInfoW
GetAce
RegDeleteValueW
RegCreateKeyExW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountNameW
ConvertSidToStringSidW
RegEnumKeyExW
RegEnumValueW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetUserNameW
CryptAcquireContextW
GetSidIdentifierAuthority
CryptGenRandom
RegDeleteKeyW
RegQueryValueExW
GetAclInformation
AddAce
AllocateAndInitializeSid
AddAccessAllowedAce

mapi32

ord75
ord17
ord185
ord135
ord11
ord45
ord140

esent

JetOpenTable
JetFreeBuffer
JetOpenDatabase
JetGetObjectInfo
JetCreateIndex
JetBeginSession
JetGetTableIndexInfo
JetCloseDatabase
JetTerm
JetAttachDatabase
JetSetIndexRange
JetSetCurrentIndex
JetCommitTransaction
JetMove
JetSeek
JetGetInstanceInfo
JetSetSystemParameter
JetBeginTransaction
JetEndSession
JetCreateInstance
JetMakeKey
JetInit
JetGetTableColumnInfo
JetRetrieveColumn
JetDetachDatabase
JetCloseTable

comctl32

CreateStatusWindow
ImageList_GetImageCount
CreateUpDownControl
ImageList_EndDrag
ImageList_DragMove
ImageList_Destroy
CreateStatusWindowW
ImageList_GetImageRect

loadperf

RestorePerfRegistryFromFileW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e814f6caefb67615e11a1e3d0d9ba5b0

Headers

File Characteristics

Imports

user32

shell32

ole32

psapi

shlwapi

kernel32

oleaut32

version

advapi32

mapi32

esent

comctl32

loadperf

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 256KB - Virtual size: 274KB

.rsrc Size: 15KB - Virtual size: 118KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 256KB - Virtual size: 274KB

.rsrc
Size: 15KB - Virtual size: 118KB