4161be02a8851d5d6e998c26484cf32c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4161be02a8851d5d6e998c26484cf32c_JaffaCakes118
Size

1.7MB
MD5

4161be02a8851d5d6e998c26484cf32c
SHA1

975f84b0af0acbcdfd162412debff0ad0acbccf2
SHA256

d9a61b60685a682cbb1687fd6700cffc9ce9d97520abedec34ef7510364f1d2f
SHA512

c8f8b4b9f904187662cb1b7a5fc038e87576143f636b33f481fb14da9619657bc2f784a16f4d1ef245e0790e152b8959000bfabced60ddbe3afebf9999212de8
SSDEEP

6144:DX5BL26jUkbAzL44Xn095y7pdUn0PS3qnfMFad1SyeY0MIXh4r8gpVj:DzLNUbQ4k9M7HOV3in05aFp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4161be02a8851d5d6e998c26484cf32c_JaffaCakes118

Files

4161be02a8851d5d6e998c26484cf32c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8302d9191ff52ff3587941ee43051af9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetCurrentProcessId
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
SetLastError
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetDiskFreeSpaceExW
FindFirstVolumeW
FindVolumeClose
GetVersionExW
FindNextVolumeW
OpenMutexW
CreateMutexW
ReleaseMutex
GetCommandLineW
lstrcmpA
lstrlenA
GetOEMCP
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
FileTimeToSystemTime
FindNextVolumeMountPointW
GetCurrentDirectoryW
FindVolumeMountPointClose
GetLocalTime
FindFirstVolumeMountPointW
GetDriveTypeW
GlobalLock
GlobalUnlock
CreateDirectoryW
RaiseException
OpenProcess
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetFileSizeEx
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
RtlUnwind
LoadLibraryA
VirtualAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
IsDebuggerPresent
GetVolumeInformationW
SetFileAttributesW
DeleteFileW
SetFileTime
FindNextFileW
FindFirstFileW
FindClose
lstrcmpW
WriteFile
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CreateProcessW
FreeConsole
SetErrorMode
CopyFileW
LoadLibraryW
MoveFileW
GetProcAddress
GetSystemTime
GetCurrentThread
GetTickCount
GetModuleHandleW
SetThreadPriority
SleepEx
MultiByteToWideChar
GetACP
lstrcmpiW
ExitProcess
TerminateProcess
SystemTimeToFileTime
SetUnhandledExceptionFilter
GetLastError
GetCurrentProcess
GetExitCodeThread
ExitThread
Sleep
TerminateThread
CreateThread
WaitForSingleObject
GetModuleFileNameW
lstrcpynW
GetWindowsDirectoryW
GetComputerNameW
OutputDebugStringW
LocalAlloc
SetFilePointer
GetTempPathW
lstrlenW
lstrcpyW
LocalFree
UnhandledExceptionFilter
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetCPInfo
HeapSize
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoA
GetProcessHeap
GetVersionExA
GetCommandLineA
CreateFileW
ReadFile
CloseHandle
lstrcatW
VirtualQuery

user32

ShowWindow
GetRawInputData
PostQuitMessage
RegisterRawInputDevices
GetMessageW
PeekMessageW
GetWindowTextW
DispatchMessageW
SetWindowLongW
GetKeyboardState
GetAsyncKeyState
ToUnicodeEx
GetKeyboardLayout
GetWindowThreadProcessId
GetKeyboardLayoutNameW
GetDC
GetForegroundWindow
DefWindowProcW
RegisterClassExW
IsGUIThread
CloseDesktop
OpenInputDesktop
OpenWindowStationW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW
CreateWindowExW
GetClipboardData
OpenClipboard
CloseClipboard
DestroyWindow
SendMessageW
wsprintfA
SetProcessWindowStation
ReleaseDC
GetWindowRect
GetDesktopWindow
GetThreadDesktop
SetThreadDesktop
CloseWindowStation

gdi32

BitBlt
DeleteDC
GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
LookupPrivilegeValueW
ChangeServiceConfigW
QueryServiceStatus
LsaQueryInformationPolicy
LsaClose
CryptCreateHash
CryptAcquireContextW
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptDestroyHash
AddAccessAllowedAce
InitializeAcl
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
RegEnumKeyExW
GetLengthSid
RegOpenKeyExW
RegSetKeySecurity
RegEnumValueW
OpenThreadToken
GetTokenInformation
CheckTokenMembership
GetUserNameW
LookupAccountSidW
OpenSCManagerW
StartServiceW
CloseServiceHandle
OpenServiceW
AdjustTokenPrivileges
OpenProcessToken
SetEntriesInAclW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance
IIDFromString

rpcrt4

UuidToStringW
UuidCreate

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

secur32

GetComputerObjectNameW

ws2_32

send
WSAStartup
closesocket
WSASetLastError
connect
__WSAFDIsSet
ioctlsocket
socket
recv
WSACleanup
shutdown
htons
select
htonl
WSAGetLastError

crypt32

PFXExportCertStoreEx
CertCloseStore
CryptUnprotectData
CertOpenStore

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8302d9191ff52ff3587941ee43051af9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

rpcrt4

wtsapi32

secur32

ws2_32

crypt32

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 76KB - Virtual size: 74KB

.data Size: 276KB - Virtual size: 307KB

.rsrc Size: 4KB - Virtual size: 936B

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 76KB - Virtual size: 74KB

.data
Size: 276KB - Virtual size: 307KB

.rsrc
Size: 4KB - Virtual size: 936B