3adc01bf7f3db651b524765b0f10710d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3adc01bf7f3db651b524765b0f10710d_JaffaCakes118
Size

792KB
MD5

3adc01bf7f3db651b524765b0f10710d
SHA1

5db952996f78ca18fb532eaae03692f611e5c2b4
SHA256

d6db688e7724bad6cb6a0bde992b7522fc1929c720e9a1229efc43dc19ef9911
SHA512

04d40a9187aebf20ae272a8320aa5f190ddb5f3599dd673a6a5c053aaf86a96f2950bff4c34a11a8bd09b663ab12f5e4722da9ca05baf31bc606b9f83dc985a5
SSDEEP

24576:X39sqkYU2qKRtbCQ9+Eqr3RnHbvv4ynX4yo4q8:HMDutbCQ43RLv4ID

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3adc01bf7f3db651b524765b0f10710d_JaffaCakes118

Files

3adc01bf7f3db651b524765b0f10710d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

408277ebf2cc623ac21aa375ef80c52d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsAlloc
GetEnvironmentStrings
ExitProcess
UnhandledExceptionFilter
GetEnvironmentVariableW
MapViewOfFile
GetFileSize
GetStartupInfoA
WideCharToMultiByte
GetVersionExW
LockFile
ReleaseMutex
CompareFileTime
SetFilePointer
CreateFileA
RtlUnwind
SizeofResource
FreeLibrary
CompareStringW
HeapFree
GetLocaleInfoA
LoadLibraryW
GetCurrentThreadId
GetModuleHandleA
HeapAlloc
GetProcessHeap
ExpandEnvironmentStringsA
MoveFileExW
DeleteCriticalSection
FreeEnvironmentStringsA
GetSystemDirectoryA
GlobalMemoryStatus
SetHandleCount
MultiByteToWideChar
GetCurrentThread
GetTempFileNameA
LoadResource
lstrlenW
FileTimeToLocalFileTime
VirtualQuery
GetTickCount
GetLocalTime
CreateSemaphoreW
OutputDebugStringW
VirtualFree
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
HeapDestroy
HeapReAlloc
Sleep
EnterCriticalSection
GetSystemTimeAsFileTime
SetEndOfFile
InitializeCriticalSection
GetACP
TlsFree
SetUnhandledExceptionFilter
VirtualAlloc
QueryPerformanceCounter
GetLastError
InterlockedCompareExchange
GetStringTypeW
GetCPInfo
ResetEvent
InterlockedExchange
DeviceIoControl
FlushFileBuffers
RaiseException
WriteFile
RemoveDirectoryA
GlobalReAlloc
CloseHandle
CreateEventA
GetProcAddress
GetModuleFileNameA
GetLocaleInfoW
LoadLibraryA
SetStdHandle
ReadFile
GetCurrentProcess
FindResourceW
GetOEMCP
GetTempPathA
TerminateProcess
SetConsoleCP
GetFileType
lstrcmpiW
LCMapStringW
QueryPerformanceFrequency
DisableThreadLibraryCalls
GetTempFileNameW
DeleteFileA
GlobalFree
GetVersion

advapi32

FreeSid
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegQueryInfoKeyW
RegEnumValueW
ReportEventW
RegQueryValueExW

user32

GetClassNameA
WindowFromPoint
RegisterClassExW
RemoveMenu
SetParent
DestroyIcon
LoadImageW
EnumWindows
EnableWindow
EndPaint
MsgWaitForMultipleObjects
FindWindowA
SetWindowPos
PostThreadMessageW
IsWindowVisible
FillRect
CloseClipboard
SystemParametersInfoW
ShowWindow
LoadStringW
LoadStringA
CreateWindowExW
DefWindowProcW
GetSysColorBrush
SetFocus
GetLastActivePopup
IsChild
CopyRect
PostMessageA
EnumChildWindows
IsDlgButtonChecked
GetClassInfoExW
GetPropW
GetWindowRect
ClientToScreen
GetFocus
wsprintfA
GetMenu
GetForegroundWindow
AdjustWindowRectEx
PostMessageW
ScreenToClient
DrawFocusRect
GetParent
PeekMessageW
GetSystemMetrics
CallWindowProcW
SetScrollInfo
MessageBoxA
GetMenuItemID
LoadMenuW
SetRect

ole32

CoUninitialize
CoTaskMemRealloc
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
GetDocumentBitStg

gdi32

GetDIBits
GetTextColor
RestoreDC
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreatePen
CreateSolidBrush
DeleteObject
SetWindowOrgEx
SelectObject
StretchBlt
GetClipBox
CreateRectRgnIndirect
GetDeviceCaps
LineTo
DeleteDC

msvcrt

_cexit
wcsstr
iswdigit
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memmove
_amsg_exit
__p__fmode
malloc
?what@exception@@UBEPBDXZ
_vsnprintf
?terminate@@YAXXZ
atoi
strchr

lz32

LZInit
LZStart
LZOpenFileW
LZSeek

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

408277ebf2cc623ac21aa375ef80c52d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

ole32

gdi32

msvcrt

lz32

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 17KB - Virtual size: 24KB

.idata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 7KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 17KB - Virtual size: 24KB

.idata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 7KB