38773645f68b5edef4be3ea4231571ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38773645f68b5edef4be3ea4231571ba_JaffaCakes118
Size

133KB
MD5

38773645f68b5edef4be3ea4231571ba
SHA1

e50f7d0da155fad5ddf877349e70450ff526d60f
SHA256

12ce05412081324d7d343560642b6f7e8e5460c2e538e380e5d2550fecdc894c
SHA512

cae1c48453da633a70ad5195c4aabfb22d719c9f678d3b19384f4605b41c33a6f1a36d3abfb4e270d4c137441e2b896ea02f5259faf4683caa631679562421a9
SSDEEP

3072:YvbbaS42VUhV/SlpSKsUYDeehTEFdrKJ9UEf2bQHUMo:ObbP42VUv/BxfjhT4dra9UEf2U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38773645f68b5edef4be3ea4231571ba_JaffaCakes118

Files

38773645f68b5edef4be3ea4231571ba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc42b629fd6d26892f3db966d40c0eb5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExA
RegCreateKeyExA
CryptHashData
CryptDestroyHash
RegCloseKey
RegQueryInfoKeyW
CryptVerifySignatureA
RegQueryValueExA
RegQueryValueExW
RegDeleteValueA
RegEnumKeyExA
RegSetValueExW
RegOpenKeyExW
CryptCreateHash
CryptAcquireContextA
RegQueryInfoKeyA
CryptDestroyKey
RegSetValueExA
RegEnumValueW
RegDeleteKeyA
RegFlushKey
CryptReleaseContext
CryptImportKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHFileOperationW

user32

SetForegroundWindow
UnregisterClassA
LoadImageA
MessageBoxW
LoadIconA
CharNextA
LoadBitmapA
LoadStringW
CharNextW
GetSystemMetrics

ole32

CoTaskMemAlloc
OleInitialize
IIDFromString
CoMarshalInterface
CoTaskMemFree
StringFromGUID2
CoInitializeSecurity
CreateStreamOnHGlobal
OleUninitialize
CoReleaseMarshalData
CoDisconnectObject
CoCreateInstance
StringFromCLSID
CoTaskMemRealloc

gdi32

DeleteObject

ddraw

DirectDrawCreate
DirectDrawEnumerateA
DirectDrawCreateEx

shlwapi

SHCopyKeyW
PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW
PathIsDirectoryW
PathRemoveBlanksW
PathIsRelativeW
PathUnquoteSpacesW
SHDeleteKeyW

kernel32

GetModuleFileNameW
GetModuleHandleW
InterlockedCompareExchange
GetFileAttributesExW
GetStartupInfoA
InterlockedExchange
GetProcessHeap
EnterCriticalSection
QueryPerformanceCounter
OpenProcess
GlobalFree
GetLocaleInfoA
DuplicateHandle
WriteFile
GetCurrentProcessId
IsDBCSLeadByte
SetEvent
InitializeCriticalSection
FindFirstFileW
UnmapViewOfFile
OutputDebugStringW
CreateDirectoryW
CreateFileMappingA
GlobalLock
GetProcessVersion
lstrcpynW
lstrcmpiA
GetProcAddress
GetSystemDefaultLCID
GetFileSize
SetUnhandledExceptionFilter
GetTickCount
HeapReAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
FindResourceExA
CreateProcessW
Sleep
GetSystemTime
HeapFree
lstrlenA
DeleteAtom
GetVersionExA
MultiByteToWideChar
VirtualFree
CopyFileW
LoadLibraryA
SetCurrentDirectoryW
FindAtomW
GetStdHandle
GlobalUnlock
ExitProcess
GetUserDefaultLCID
UnhandledExceptionFilter
LeaveCriticalSection
GetEnvironmentVariableA
GetACP
GetThreadLocale
LockResource
InterlockedDecrement
GlobalAlloc
FreeLibrary
TerminateProcess
ReleaseMutex
lstrlenW
LoadLibraryExW
DeleteCriticalSection
ExpandEnvironmentStringsW
CreateProcessA
GetFileAttributesW
MapViewOfFile
VirtualAlloc
WaitForSingleObject
AddAtomW
CreateFileW
FindNextFileW
HeapDestroy
InterlockedIncrement
HeapAlloc
FormatMessageW
WideCharToMultiByte
HeapSize
MoveFileW
GetCurrentDirectoryW
SizeofResource
SystemTimeToFileTime
CreateMutexA
LoadResource
CreateFileMappingW
GetFileAttributesA
FindResourceA
GetUserDefaultUILanguage
GetModuleFileNameA
GetLastError
FindClose
CreateEventA
LoadLibraryW
GetCurrentThreadId
LoadLibraryExA
IsDebuggerPresent
LocalFree
RaiseException
CloseHandle
SetFileAttributesW

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc42b629fd6d26892f3db966d40c0eb5

Headers

File Characteristics

Imports

advapi32

shell32

user32

ole32

gdi32

ddraw

shlwapi

kernel32

Sections

.text Size: 75KB - Virtual size: 74KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 51KB - Virtual size: 51KB

.rsrc Size: 1024B - Virtual size: 88KB

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 51KB - Virtual size: 51KB

.rsrc
Size: 1024B - Virtual size: 88KB