3f01b15c51de45154ff2aa270a53086a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f01b15c51de45154ff2aa270a53086a_JaffaCakes118
Size

71KB
MD5

3f01b15c51de45154ff2aa270a53086a
SHA1

6c2511a4a2614a58b386dc4d71033a4f38b74de4
SHA256

ef1eebb6dbfc25274b68edf206c86a2c58db666cce46b2c1ff88b485a89b76a5
SHA512

992fe575fa93579c0f17b5c7c349b0a9e72649d58f36f6fbd3657cfaab538df0a9345fb428d0a9387a0eb1c2b0228526bd1fa37be89771cad4283637bb9477ac
SSDEEP

1536:c5kr8+IqhwW6DWeG6HLH1Sf0WSioNTCenjhUy/G4RuaGjfxYyCpe4bjT:cWjIcwDw8HE03HVUypRolbCpe4vT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f01b15c51de45154ff2aa270a53086a_JaffaCakes118

Files

3f01b15c51de45154ff2aa270a53086a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af734e2764b51005fc1bd7d5ad8f2089

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreate
DirectDrawCreateEx

shell32

Shell_NotifyIconW
FindExecutableW
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW
SHAppBarMessage
ShellExecuteExW

secur32

GetUserNameExW

kernel32

UnhandledExceptionFilter
Sleep
LoadLibraryExW
GetVersionExW
MulDiv
IsDebuggerPresent
FormatMessageW
FindResourceW
FreeLibrary
SetUnhandledExceptionFilter
CreateFileW
GetCurrentThreadId
InterlockedIncrement
CloseHandle
CreateEventW
GetModuleFileNameW
GetSystemTimeAsFileTime
InterlockedDecrement
LoadResource
LockResource
InterlockedExchange
EnterCriticalSection
GetSystemInfo
InitializeCriticalSection
GetStartupInfoW
GetThreadLocale
ReleaseMutex
LocalAlloc
LoadLibraryA
GlobalLock
GetSystemDirectoryW
GetACP
OpenProcess
IsProcessorFeaturePresent
LocalFree
RaiseException
VirtualLock
VirtualAlloc
SizeofResource
HeapSetInformation
GetProcAddress
HeapSize
CreateThread
WaitForMultipleObjects
lstrcmpW
GetLocaleInfoW
lstrlenW
GetComputerNameW
SetEvent
LCMapStringW
VirtualUnlock
FindResourceExW
GlobalAlloc
ResetEvent
FlushInstructionCache
MultiByteToWideChar
TerminateProcess
GlobalHandle
GetTickCount
HeapAlloc
ProcessIdToSessionId
WideCharToMultiByte
HeapDestroy
LoadLibraryW
GetCurrentProcess
LeaveCriticalSection
GetLastError
GlobalFree
lstrlenA
VirtualFree
HeapFree
WaitForSingleObject
SetLastError
HeapReAlloc
DeleteCriticalSection
GlobalUnlock
GetProcessId
GetVersionExA
QueryPerformanceCounter
InterlockedCompareExchange
GetLocaleInfoA
CreateMutexW
GetTempPathW
GetModuleHandleW

gdi32

DeleteDC
GetStockObject
GetDeviceCaps
CreateCompatibleDC
DeleteObject
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
SelectObject
GetObjectW

msvcrt

_wcmdln
_cexit
_initterm
?terminate@@YAXXZ
__set_app_type
fabs
memset
__p__commode
_exit
__setusermatherr
memcpy
exit
_controlfp
_wtoi64
__p__fmode
__wgetmainargs
_amsg_exit
iswdigit
_initterm
_XcptFilter

ole32

OleUninitialize
CoGetClassObject
CLSIDFromString
CreateStreamOnHGlobal
CoSetProxyBlanket
StringFromGUID2
OleInitialize
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoInitializeSecurity
CoTaskMemAlloc
CoUninitialize
CoAllowSetForegroundWindow
OleLockRunning
CoInitializeEx
CLSIDFromProgID
CoCreateGuid

shlwapi

UrlApplySchemeW
PathCombineW
UrlCanonicalizeW
UrlCombineW
UrlGetPartW
PathAppendW

crypt32

CryptUnprotectData
CryptProtectData

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSFreeMemory
WTSRegisterSessionNotification

gdiplus

GdipAlloc
GdiplusShutdown
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipFree
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromFileICM

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af734e2764b51005fc1bd7d5ad8f2089

Headers

File Characteristics

Imports

ddraw

shell32

secur32

kernel32

gdi32

msvcrt

ole32

shlwapi

crypt32

version

wtsapi32

gdiplus

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 22KB - Virtual size: 22KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 2KB - Virtual size: 2KB