52dbc8045d70b14e4955f82fc11c64c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

52dbc8045d70b14e4955f82fc11c64c1_JaffaCakes118
Size

556KB
MD5

52dbc8045d70b14e4955f82fc11c64c1
SHA1

3946f10280dcac0754bdc24a4f469d291652a193
SHA256

d03eefd558de567957772f44e0cf73f5faf4e9d9ffc1d02be5ea7d17266132a6
SHA512

0b4692018003a0fff781c78bcd73cc5e58ce890ffd31e86326c3bd78e7195f0030fabdbc3f821f11fce014a19a919c105085be533dad9da57d7eee1f6086c92c
SSDEEP

12288:mKGGGMMnMMMMMfkj+Cyh8UU7loA0qJGkqCCfK3D/aU6JdBCWFLQwY5njAFi2+qDS:mKGGGMMnMMMMMMj+Vh8fHwjlfKEJdBCn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52dbc8045d70b14e4955f82fc11c64c1_JaffaCakes118

Files

52dbc8045d70b14e4955f82fc11c64c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7f69002cf3e0598bce27cc97137907e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAConnect

ddraw

DirectDrawEnumerateA

advapi32

ReportEventA
RegDeleteValueW
DeregisterEventSource
RegSetValueA
RegEnumValueA
OpenProcessToken
RegQueryValueExA
RegOpenKeyW
RegEnumValueW
RegCreateKeyW
RegisterEventSourceA
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExW
InitializeSecurityDescriptor
RegDeleteKeyA
SetSecurityDescriptorDacl
RegQueryInfoKeyA
RegOpenKeyA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegOpenKeyExA
RegSetValueExW
RegDeleteKeyW
RegEnumKeyW
RegDeleteValueA

user32

LoadAcceleratorsA
CharLowerA
SubtractRect
CheckMenuItem
SetScrollPos
GetMenuItemCount
SetRect
CharUpperA
GetMenuStringA
OpenClipboard
IsRectEmpty
PostMessageA
DefFrameProcA
EnumClipboardFormats
GetSubMenu
GetCursorPos
DdeCreateDataHandle
TranslateMDISysAccel
GetWindowTextLengthA
GetMessagePos
GetScrollPos
GetCaretBlinkTime
SendMessageA
PeekMessageA
DdeFreeStringHandle
MoveWindow
SetWindowPos
DdeDisconnect
ClientToScreen
GetForegroundWindow
DestroyIcon
LoadBitmapA
CreatePopupMenu
SetCapture
ToAscii
DdeUninitialize
EnableWindow
VkKeyScanW
PostQuitMessage
GetClassInfoExA
PtInRect
SetMenuDefaultItem
HideCaret
GetSystemMetrics
SetWindowRgn
DdeAbandonTransaction
SetClipboardData
IsDialogMessageA
SetDlgItemTextA
EnableMenuItem
DeferWindowPos
IntersectRect
GetPropA
GetKeyboardLayout
TrackPopupMenu
IsWindowEnabled
CreateCursor
EndDeferWindowPos
GetMenuItemID
DdeCmpStringHandles
ClipCursor
EnumThreadWindows
GetLastActivePopup
DrawFocusRect
IsZoomed
DdeConnect
EndPaint
GetFocus
LoadImageA
DdeClientTransaction
WaitForInputIdle
IsWindow
SetMenu
MessageBoxIndirectA
MsgWaitForMultipleObjects
CloseClipboard
ShowWindow
GetDoubleClickTime
CreateMenu
SetActiveWindow
TranslateMessage
RemoveMenu
ScreenToClient
LoadStringA
AppendMenuA
IsCharAlphaA
IsWindowVisible
InflateRect
CreateAcceleratorTableA
TabbedTextOutA
CharUpperBuffW
DdeNameService
DrawMenuBar
SetScrollInfo
GetMenuState
DestroyCursor
SendDlgItemMessageA
SetFocus
CopyRect
GetDCEx
GetCapture
BeginDeferWindowPos
SetCaretPos
GetUpdateRect
BeginPaint
LoadCursorA
RegisterClassA
keybd_event
SetScrollRange
SetMenuItemInfoA
SetParent
GetCursor
FindWindowA
GetWindowDC
GetCaretPos
WinHelpA
FillRect
CharToOemBuffA
GetSysColor
SetTimer
GetWindow
DestroyCaret
GetClipboardFormatNameA
GetClassNameA
DdeGetData
CallWindowProcA
GetClassInfoA
WaitMessage
SetWindowContextHelpId
GetKeyboardState
GetDesktopWindow
SetPropA
MessageBoxA
KillTimer
EqualRect
SetWindowLongA
DdeQueryConvInfo
AdjustWindowRect
wsprintfA
SetCursor
GetDlgItem
SetWindowsHookExW
InvalidateRect
CreateWindowExA
ShowCursor
DialogBoxParamA
DefMDIChildProcA
ShowCaret
VkKeyScanA
GetWindowLongA
ModifyMenuA
GetWindowRect
AttachThreadInput
OemToCharA
IsClipboardFormatAvailable
CreateIcon
GetSystemMenu
GetMenuItemInfoA
GetClientRect
GetQueueStatus
ShowScrollBar
EmptyClipboard
CharLowerBuffA
ReleaseDC
DispatchMessageA
IsChild
SetForegroundWindow
DdePostAdvise
GetWindowTextA
CharUpperBuffA
GetKeyState
MapWindowPoints
GetUpdateRgn
CopyAcceleratorTableA
DrawFrameControl
InvalidateRgn
SetCursorPos
DestroyAcceleratorTable
SetWindowTextA
SetKeyboardState
DrawTextA
EndDialog
DestroyWindow
CharLowerBuffW
LoadIconA
GetWindowRgn
BringWindowToTop
GetDC
LockWindowUpdate
UpdateWindow
DrawIcon
CharPrevA
PostMessageW
GetMenu
CharNextA
GetIconInfo
OffsetRect
ReleaseCapture
GetScrollInfo
FrameRect
SystemParametersInfoA
InsertMenuA
CreateDialogParamA
RegisterClassExA
DdeInitializeA
WindowFromPoint
FindWindowW
GetWindowThreadProcessId
CreateCaret
MessageBeep
AdjustWindowRectEx
UnregisterClassA
DeleteMenu
CharToOemA
DdeSetUserHandle
RegisterClipboardFormatA
GetParent
GetTabbedTextExtentA
CallNextHookEx
IsIconic
GetAsyncKeyState
GetMessageTime
PeekMessageW
PostThreadMessageA
GetActiveWindow
DefWindowProcA
DdeFreeDataHandle
SetWindowsHookExA
DdeQueryStringA
DestroyMenu
RemovePropA
DdeCreateStringHandleA
DdeGetLastError
UnhookWindowsHookEx
GetClipboardData

olecli32

OleClone

ole32

CoRegisterMessageFilter
OleSetMenuDescriptor
ReleaseStgMedium
OleCreateFromFile
OleGetAutoConvert
CreateDataAdviseHolder
CoDisconnectObject
OleCreateLinkFromData
RegisterDragDrop
OleCreateMenuDescriptor
OleCreateFromData
IsAccelerator
OleCreateLink
MkParseDisplayName
CreateILockBytesOnHGlobal
OleGetIconOfClass
OleCreateLinkToFile
CoFreeUnusedLibraries
CreateOleAdviseHolder
StringFromGUID2
StgOpenStorage
OleRun
CLSIDFromProgID
ReadClassStm
OleSave
CreateBindCtx
OleSaveToStream
StgIsStorageILockBytes
StgCreateDocfileOnILockBytes
OleDestroyMenuDescriptor
OleDoAutoConvert
OleLoad
BindMoniker
OleSetClipboard
CoCreateInstance
GetClassFile
CoUnmarshalInterface
StgOpenStorageOnILockBytes
OleLoadFromStream
ReadClassStg
OleInitialize
CreateStreamOnHGlobal
ProgIDFromCLSID
CLSIDFromString
OleRegGetUserType
OleFlushClipboard
DoDragDrop
CoMarshalInterface
OleQueryCreateFromData
CoIsOle1Class
CoRevokeClassObject
OleTranslateAccelerator
OleQueryLinkFromData
CoLockObjectExternal
OleGetClipboard
OleDuplicateData
IIDFromString
CoRegisterClassObject
OleUninitialize
CoGetMalloc
OleIsCurrentClipboard
CoGetClassObject
OleConvertOLESTREAMToIStorage
StgCreateDocfile
OleConvertIStorageToOLESTREAM
RevokeDragDrop
WriteClassStg
StringFromCLSID
OleIsRunning
OleLockRunning

kernel32

LCMapStringA
GlobalSize
CreateProcessW
IsBadReadPtr
MulDiv
GetSystemTime
GetStringTypeExA
HeapSize
WideCharToMultiByte
GetSystemInfo
FreeResource
GetCurrentProcessId
GetFileType
CreateFileA
HeapDestroy
ReadFile
CreateDirectoryA
ResumeThread
_lread
GetLocaleInfoA
FindResourceA
FileTimeToLocalFileTime
_llseek
CreateProcessA
SetEvent
TlsSetValue
FormatMessageW
lstrlenA
GlobalReAlloc
VirtualFree
GetStringTypeW
GetLastError
DuplicateHandle
GetStartupInfoA
_lclose
ReleaseSemaphore
GlobalDeleteAtom
GetModuleHandleA
SetFileAttributesA
GetFileAttributesA
HeapFree
GetEnvironmentStringsW
WaitForSingleObject
RemoveDirectoryA
GetOEMCP
CreateEventA
GetTempPathA
InterlockedIncrement
ResetEvent
GlobalAddAtomA
LoadResource
CreateThread
lstrcpyA
GlobalHandle
FreeEnvironmentStringsW
GetCurrentProcess
FreeLibrary
GetACP
CompareStringW
ExitThread
GetModuleFileNameA
GetSystemDirectoryA
SetEnvironmentVariableA
GetProcAddress
SystemTimeToFileTime
RaiseException
GetCurrentThreadId
GetVolumeInformationA
LeaveCriticalSection
DeleteCriticalSection
SetFilePointer
GetDriveTypeA
GetDateFormatA
SetHandleCount
GetFileTime
GetCPInfo
FileTimeToSystemTime
WinExec
WriteFile
GetCommandLineA
GlobalAlloc
SetErrorMode
FlushFileBuffers
GetTempFileNameA
GetTimeZoneInformation
SetLocalTime
SearchPathA
CompareStringA
GetTickCount
CreateSemaphoreA
lstrcmpiW
VirtualProtect
InterlockedDecrement
GetVersion
GetFullPathNameA
ExitProcess
IsDBCSLeadByte
lstrcatA
SetEndOfFile
SizeofResource
LoadLibraryExA
FormatMessageA
_lwrite
TerminateProcess
FindFirstFileA
RtlUnwind
GetUserDefaultLangID
FlushInstructionCache
LCMapStringW
lstrcmpA
SetFileTime
FindNextFileA
UnlockFile
GetCurrentDirectoryA
HeapCreate
GetStdHandle
GetUserDefaultLCID
SetStdHandle
Sleep
VirtualQuery
GetModuleFileNameW
GlobalLock
SetLastError
SetCurrentDirectoryA
MultiByteToWideChar
lstrcpynA
EnterCriticalSection
GlobalFree
HeapAlloc
GetWindowsDirectoryA
IsBadCodePtr
GetSystemDefaultLCID
LockResource
GetStringTypeA
TlsAlloc
GlobalUnlock
CloseHandle
GetShortPathNameA
HeapReAlloc
MoveFileA
GetSystemDefaultLangID
InitializeCriticalSection
GetEnvironmentStrings
TlsFree
GetLocalTime
VirtualAlloc
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteFileA
FindClose
LoadLibraryA
UnhandledExceptionFilter
GetVersionExA
LockFile
GetProfileStringA
lstrcmpiA
TlsGetValue

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7f69002cf3e0598bce27cc97137907e

Headers

File Characteristics

Imports

ws2_32

ddraw

advapi32

user32

olecli32

ole32

kernel32

Sections

.text Size: 4KB - Virtual size: 1KB

.idata Size: 16KB - Virtual size: 12KB

.rdata Size: 12KB - Virtual size: 10KB

.rsrc Size: 132KB - Virtual size: 128KB

.data Size: 388KB - Virtual size: 2.0MB

.text
Size: 4KB - Virtual size: 1KB

.idata
Size: 16KB - Virtual size: 12KB

.rdata
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 132KB - Virtual size: 128KB

.data
Size: 388KB - Virtual size: 2.0MB