3dd738b15591daaecfdb344dc321544f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3dd738b15591daaecfdb344dc321544f_JaffaCakes118
Size

576KB
MD5

3dd738b15591daaecfdb344dc321544f
SHA1

b625ed961608ae341f6b1173f5f61993215e659c
SHA256

1acb66ad815707bb062747e5d4c67c9b379f4c65bd230ac31ae2e6a6b60d2422
SHA512

88bc761275b6e37efdd5062a4e5327dc93db6a0091d843af46443492355498541f8901d5fa8175b98831a322f382bdeadefc63152abb9d2d1c693a7e1d68ca39
SSDEEP

6144:ZL0Fq7NKD3yml8DRUu+zSDvZB9bZQ+tbAOgQm3uldxnE5x/htk+gMBCzkNbkmhL:yFsNYy7ND4OgQm+plXzkNBL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dd738b15591daaecfdb344dc321544f_JaffaCakes118

Files

3dd738b15591daaecfdb344dc321544f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21cd2bc25fb3134400a7e7d9e6cd1136

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\_vss\Reuse\Exe\SaleDetect\cookiemonlib\startupmon\Release\startupmon.pdb

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
InterlockedDecrement
InterlockedIncrement
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCurrentThreadId
lstrcpyA
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcpynA
GetCPInfo
GetOEMCP
GetCurrentProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
LocalFree
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryExA
FindResourceExA
lstrcmpA
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
SetFilePointer
FreeLibrary
LoadLibraryA
GetProcAddress
EndUpdateResourceW
BeginUpdateResourceW
UpdateResourceW
GetExitCodeThread
CreateThread
WaitForSingleObject
GetExitCodeProcess
DeleteFileA
Sleep
GetTempPathA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateDirectoryExA
GetFileSize
ReadFile
CreateFileA
WriteFile
FlushFileBuffers
LoadResource
LockResource
SizeofResource
GetModuleHandleA
FindResourceA
GetModuleFileNameA
CreateMutexA
CloseHandle
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

PostQuitMessage
DestroyMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowPos
SetWindowLongA
GetDlgItem
UnregisterClassA
GetMessageA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
ClientToScreen
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
LoadCursorA
UnhookWindowsHookEx
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetFocus
SetWindowTextA
GetClassNameA
GetWindowTextA
SendMessageA
MessageBoxA
GetParent

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

rpcrt4

UuidCreate
UuidToStringA

wininet

InternetGetCookieA
InternetCanonicalizeUrlA

shlwapi

PathAppendA

comctl32

ord17

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

DeleteObject
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetMapMode
GetStockObject
CreateBitmap
GetDeviceCaps
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoCreateInstance
CoInitialize

oleaut32

VariantCopy
SysAllocStringLen
VariantClear
SysFreeString
VariantInit
VariantChangeType

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21cd2bc25fb3134400a7e7d9e6cd1136

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

rpcrt4

wininet

shlwapi

comctl32

oleacc

gdi32

winspool.drv

advapi32

ole32

oleaut32

Sections

.text Size: 156KB - Virtual size: 154KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 20KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 372KB - Virtual size: 371KB

.text
Size: 156KB - Virtual size: 154KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 20KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 372KB - Virtual size: 371KB