525c9bd21e93d211acc462169d593e04_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

525c9bd21e93d211acc462169d593e04_JaffaCakes118
Size

322KB
MD5

525c9bd21e93d211acc462169d593e04
SHA1

480ab9e4f65db70f59a8027539e3f23967eebaf1
SHA256

dfe4df730d6e102049b3f30ff34efeb60171363f8ce70a69fc94d6444ca3077d
SHA512

404fb0bf50485f64dac612669817d43e8aa6bcdce4198344ba70f7b532f4c5cc7dda45edacaf8be5681a76d92ae8eddf4b79ba5bb61ca742ab71559bfb980587
SSDEEP

6144:UBbeMUKRFwze/B6/OZXHBNvNZ+tDDW1HQwiy7CP+J9lWtE:ctUKRFwcA2ZXlZED6HVibPE9lWtE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
525c9bd21e93d211acc462169d593e04_JaffaCakes118

Files

525c9bd21e93d211acc462169d593e04_JaffaCakes118
.exe windows:4 windows x86 arch:x86

22543a3a10e22980fa4296a5d1b0e8df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\wwshe\dtbezcht\bkfihaya\eoseoy\epyarxo\g

Imports

gdi32

OffsetViewportOrgEx
UnrealizeObject
GetCharABCWidthsFloatW
SetTextAlign
StartDocW
DeleteDC
SetPixelFormat
GetStockObject
CreateHalftonePalette
SetDIBits
GetDeviceCaps
ExtCreatePen
GetCharABCWidthsFloatA
GdiPlayDCScript
SetBkColor
IntersectClipRect
CreateDCA
GetKerningPairs
GetTextCharsetInfo
SwapBuffers
SetColorAdjustment
ResetDCW
GetCharWidthA
SetDIBitsToDevice
SetMagicColors

shell32

ShellHookProc
RealShellExecuteExW

comctl32

ImageList_DrawEx
ImageList_GetBkColor
ImageList_GetImageInfo
DrawStatusText
DestroyPropertySheetPage
CreateMappedBitmap
MakeDragList
InitCommonControlsEx
ImageList_Destroy
ImageList_DragLeave
ImageList_Remove
ImageList_SetBkColor
ImageList_Create

wininet

RunOnceUrlCache
InternetSecurityProtocolToStringA
GopherFindFirstFileW
InternetFindNextFileW
FtpPutFileW
ShowClientAuthCerts

advapi32

CryptSetKeyParam
RegConnectRegistryA
RegSetKeySecurity
LookupAccountNameW
RegCreateKeyW
RegRestoreKeyA
CryptDestroyKey
RegConnectRegistryW
InitiateSystemShutdownA
LookupPrivilegeDisplayNameA
RegLoadKeyW
CryptSignHashW
CryptHashSessionKey
CryptAcquireContextA
RegQueryMultipleValuesW
CryptGetHashParam
RegCreateKeyA
CryptDestroyHash
CryptVerifySignatureW
AbortSystemShutdownA

kernel32

GetEnvironmentStrings
GetTimeFormatA
IsValidCodePage
InterlockedDecrement
IsValidLocale
InitializeCriticalSection
WriteConsoleW
GetConsoleCP
GetConsoleOutputCP
GetACP
FreeLibrary
CompareStringW
lstrcmpA
GetOEMCP
UnhandledExceptionFilter
GetCommandLineA
GetStringTypeW
GetTickCount
SetFilePointer
MultiByteToWideChar
GetUserDefaultLCID
SetHandleCount
SetUnhandledExceptionFilter
GetEnvironmentStringsW
VirtualAlloc
HeapCreate
GetStringTypeA
ExitProcess
GetTimeZoneInformation
GetModuleFileNameW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
RtlUnwind
GetStdHandle
SetConsoleCtrlHandler
TlsFree
OpenMutexA
GetExitCodeProcess
InterlockedIncrement
GetLocaleInfoW
CloseHandle
GetProcessHeap
CreateFileA
SetLastError
WriteFile
FlushFileBuffers
HeapSize
GetLocaleInfoA
ReadFile
GetCurrentProcessId
LeaveCriticalSection
LCMapStringA
EnumSystemLocalesA
TerminateProcess
GetCPInfo
CreateDirectoryExA
GetStartupInfoW
CompareStringA
LCMapStringW
GetCommandLineW
QueryPerformanceCounter
GetConsoleMode
GetCurrentThreadId
HeapAlloc
HeapReAlloc
TlsSetValue
SetEnvironmentVariableA
GetModuleFileNameA
GetStartupInfoA
GetCurrentProcess
GetModuleHandleA
DeleteCriticalSection
IsDebuggerPresent
EnterCriticalSection
HeapFree
GetLastError
GetDateFormatA
GetCurrentThread
GetSystemTimeAsFileTime
GetVersionExA
HeapDestroy
LoadLibraryA
VirtualFree
VirtualQuery
Sleep
GetProcAddress
InterlockedExchange
SetStdHandle
WriteConsoleA
TlsGetValue
WideCharToMultiByte
CreateMutexA
GetFileType
TlsAlloc

user32

MessageBoxIndirectW
CreateWindowExA
EmptyClipboard
GetWindowInfo
EnumDisplayDevicesW
OpenIcon
GetClassInfoExW
RegisterClassExA
PackDDElParam
RegisterClassA
WindowFromPoint
MessageBoxA
GetClassInfoA
OpenWindowStationW
ShowWindow
LookupIconIdFromDirectory
IsCharAlphaW

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22543a3a10e22980fa4296a5d1b0e8df

Headers

File Characteristics

PDB Paths

Imports

gdi32

shell32

comctl32

wininet

advapi32

kernel32

user32

Sections

.text Size: 190KB - Virtual size: 189KB

.rdata Size: 28KB - Virtual size: 44KB

.data Size: 89KB - Virtual size: 89KB

.rsrc Size: 14KB - Virtual size: 13KB

.text
Size: 190KB - Virtual size: 189KB

.rdata
Size: 28KB - Virtual size: 44KB

.data
Size: 89KB - Virtual size: 89KB

.rsrc
Size: 14KB - Virtual size: 13KB