43ccb4b11dc26e22aae04e48ace2adec_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

43ccb4b11dc26e22aae04e48ace2adec_JaffaCakes118
Size

292KB
MD5

43ccb4b11dc26e22aae04e48ace2adec
SHA1

bf3f8e1920a0a2fa2f98de7ab8316ad6b848fe1e
SHA256

ebf9d7d3f993751602a7b7be467592e47796a1d0504edb1b32cb7fffd42d46fa
SHA512

52f42f97510763fb6e1d839c60c622b0e7cfc6e31de0338053d8583d0cd2aa726728dccd179d1e7756477874d3c28bb5726ca66ecd9d9d535c865abdf7ff21af
SSDEEP

6144:tshVAJFC7AXJYTbcW93pw0aEmHuRc8CwwyXuilJO:tdFHqTf9iVHuSTij

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43ccb4b11dc26e22aae04e48ace2adec_JaffaCakes118

Files

43ccb4b11dc26e22aae04e48ace2adec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

147ba8cc98ad0d68890c1a591f92a266

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
LsaOpenPolicy
LsaFreeMemory
LsaQueryInformationPolicy
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
LsaClose
RegOpenKeyExW
OpenServiceW
RegQueryInfoKeyW
QueryServiceConfigW
RegOpenKeyW
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
RegEnumKeyExW
RegCreateKeyExW

oleaut32

SysAllocString
SafeArrayDestroy
GetErrorInfo
SafeArrayGetElement
SysStringLen
OleCreateFontIndirect
VarBstrCat
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
SafeArrayGetDim
LoadTypeLi
VarUI4FromStr
SysAllocStringLen
VarBstrCmp
VariantClear
LoadRegTypeLi
SysStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
SysFreeString

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon

kernel32

PeekNamedPipe
LCMapStringW
GlobalLock
GetTimeZoneInformation
IsProcessorFeaturePresent
FindFirstFileW
OutputDebugStringW
GetVolumeInformationW
IsValidCodePage
GetUserDefaultLCID
GlobalFree
GetOEMCP
LoadLibraryExW
DeviceIoControl
SystemTimeToFileTime
GetCurrentThreadId
HeapAlloc
TlsAlloc
WriteFile
TlsSetValue
HeapFree
FindNextFileW
GlobalAlloc
GetLogicalDrives
CreateProcessW
SetEnvironmentVariableA
InterlockedPopEntrySList
CreateEventW
SetFilePointer
LockResource
ExpandEnvironmentStringsW
GetCommandLineW
SetUnhandledExceptionFilter
lstrlenW
GetFileSize
CreateDirectoryW
GetWindowsDirectoryW
CloseHandle
FlushFileBuffers
EnumUILanguagesW
FreeEnvironmentStringsW
VirtualFree
HeapSize
TlsFree
CompareStringW
RemoveDirectoryW
RaiseException
GetACP
GlobalHandle
GetFullPathNameW
GetPrivateProfileSectionW
GetTempFileNameW
GetFileInformationByHandle
SetLastError
GetShortPathNameW
RtlUnwind
FreeLibrary
CreateThread
TlsGetValue
FormatMessageW
CreateFileW
InitializeCriticalSectionAndSpinCount
HeapDestroy
GetSystemInfo
FlushInstructionCache
FindResourceW
EnterCriticalSection
UnmapViewOfFile
GetStdHandle
ResetEvent
GetDriveTypeW
LeaveCriticalSection
IsValidLocale
GlobalUnlock
UnhandledExceptionFilter
IsDebuggerPresent
lstrcmpW
ReadFile
GetCurrentDirectoryW
LoadResource
SizeofResource
GetConsoleCP
WriteConsoleW
GetDiskFreeSpaceExW
InterlockedPushEntrySList
SetErrorMode
IsWow64Process
GetPrivateProfileStringW
GetSystemTimeAsFileTime
ExitThread
GetSystemDirectoryW
WaitForSingleObject
GetConsoleMode
DeleteFileW
SetCurrentDirectoryW
GetCommandLineA
WideCharToMultiByte
lstrcmpiW
GlobalReAlloc
DuplicateHandle
CreateFileMappingW
HeapReAlloc
GetLocalTime
GetModuleHandleW
VirtualAlloc
MulDiv
CopyFileW
LocalAlloc
GetLogicalDriveStringsW
TerminateThread
EnumSystemLocalesA
lstrlenA
SetStdHandle
GetTempPathW
MapViewOfFile
FindResourceExW
SetHandleCount
DeleteCriticalSection
ResumeThread
GetFileType
FindClose
CreateMutexW
LocalFree
FileTimeToSystemTime
FindFirstFileExW
GetProcessHeap
ReleaseMutex
SetEndOfFile
HeapCreate

user32

DialogBoxIndirectParamW
MonitorFromWindow
GetDlgItem
ScreenToClient
DefWindowProcW
GetWindow
MsgWaitForMultipleObjects
SetFocus
GetWindowTextW
CreateAcceleratorTableW
BeginPaint
GetMonitorInfoW
CharNextW
RedrawWindow
SetWindowPos
GetWindowRect
GetFocus
GetDesktopWindow
MapWindowPoints
LoadAcceleratorsW
GetClassNameW
GetCursor
KillTimer
FillRect
SetCursor
SetCapture
InvalidateRgn
AppendMenuW
MoveWindow
LoadIconW
IsDlgButtonChecked
IsWindow
IsChild
SendDlgItemMessageW
CharPrevW
CreatePopupMenu
UnregisterClassA
ReleaseCapture
CreateCaret
SetScrollPos
PeekMessageW
MessageBoxW
DestroyMenu
TranslateMessage
SetWindowLongW
LoadImageW
GetSystemMetrics
GetParent
SetDlgItemTextW
SetWindowContextHelpId
CheckRadioButton
ReleaseDC
ClientToScreen
IsDialogMessageW
LoadCursorW
GetClientRect
EndPaint
GetActiveWindow
GetClassInfoExW
SetScrollInfo
CreateWindowExW
SendMessageW
EndDialog
EnableWindow
GetDC
RegisterWindowMessageW
SystemParametersInfoW
GetSysColor
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
PostQuitMessage
DialogBoxParamW
MapDialogRect
GetWindowTextLengthW
DestroyAcceleratorTable
DestroyIcon
SetWindowTextW
CallWindowProcW
PostMessageW
InvalidateRect
IsWindowVisible
DispatchMessageW
ShowWindow
DrawTextW
SetTimer
GetWindowLongW
RegisterClassExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdi32

GetObjectW
DeleteObject
PatBlt
SetDIBitsToDevice
DeleteDC
SelectObject
CreateSolidBrush
CreateCompatibleDC
CreateDIBitmap
GetTextExtentPoint32W
SetBkMode
GetPaletteEntries
BitBlt
CreateCompatibleBitmap
SetTextColor
GetDeviceCaps
SelectPalette
CreateFontIndirectW
CreatePalette
RealizePalette
GetStockObject
CreateDCW
CreateDIBSection
CreatePen
CreateFontA
RemoveFontResourceExA
RemoveFontResourceExW
GetMetaFileA
GetEnhMetaFileA
StretchDIBits

setupapi

SetupIterateCabinetW

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetDesktopFolder
ShellExecuteW
SHGetSpecialFolderLocation

ole32

CoTaskMemRealloc
StringFromGUID2
CoGetClassObject
OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoInitializeEx
StringFromCLSID
CoTaskMemAlloc
OleRun
CoUninitialize
CoInitialize
OleLockRunning
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
CLSIDFromString

clbcatq

UpdateFromAppChange

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 250KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

147ba8cc98ad0d68890c1a591f92a266

Headers

File Characteristics

Imports

advapi32

oleaut32

comctl32

kernel32

user32

version

gdi32

setupapi

shell32

ole32

clbcatq

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 250KB - Virtual size: 854KB

.rsrc Size: 12KB - Virtual size: 21KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 250KB - Virtual size: 854KB

.rsrc
Size: 12KB - Virtual size: 21KB