5531172ad34a954cac34ad3f25f88e50_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5531172ad34a954cac34ad3f25f88e50_JaffaCakes118
Size

226KB
MD5

5531172ad34a954cac34ad3f25f88e50
SHA1

d10bc83431a6d6dafb978ce3e8d53d5427ebb269
SHA256

abafbdc617607da078515f4469c94090020392825b18dd0bb53ce108bd1d721b
SHA512

64117aa23d02a72099074857abc255ea0bc1c6b72c79254f2806b409bc810d7fb984901008a98d5d235a7319f4a62d1201035ca8eb1137587d952f259f072bbe
SSDEEP

3072:mD77n0CHaOzDtGNHHOGSB0sivkdo1XeuqVHX+5KulfHgn8sXLIhp7:m3ICHaOVnB0dvAo1O34l4pLIX7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5531172ad34a954cac34ad3f25f88e50_JaffaCakes118

Files

5531172ad34a954cac34ad3f25f88e50_JaffaCakes118
.exe windows:5 windows x86 arch:x86

00d668374e68f02307baf8cf729bad06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnumPropsExW
GetTabbedTextExtentW
ShowWindow
EndPaint
DrawTextA
FillRect
GetWindowTextW
SendMessageTimeoutW
GetDlgItemTextW
IsIconic
GetQueueStatus
CopyImage
SetUserObjectSecurity
GetCaretPos
CountClipboardFormats
DrawIcon
CallMsgFilterA
CharNextW
GetClientRect
BeginPaint
DefWindowProcA
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
DispatchMessageW
CharUpperBuffW
CallWindowProcW
GetKeyboardType
LoadStringW
MessageBoxA
GetShellWindow
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA

urlmon

FindMediaType
HlinkNavigateString

shell32

SHGetFileInfoA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
ShellExecuteExW
ShellAboutA
ExtractAssociatedIconA
SHBrowseForFolderA
Shell_NotifyIconA
DoEnvironmentSubstW

ole32

CoGetStandardMarshal
CreatePointerMoniker
OleSetMenuDescriptor
OleFlushClipboard
CoMarshalInterThreadInterfaceInStream
OleDuplicateData
CoFileTimeToDosDateTime

advapi32

RegEnumValueA
AddAccessDeniedObjectAce
DuplicateToken
RegUnLoadKeyA
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegReplaceKeyA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegQueryValueA
AreAnyAccessesGranted
CloseEventLog

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
ColorMatchToTarget
CloseMetaFile
AddFontResourceExW
CreateCompatibleBitmap
CreateDCA
CloseFigure
CreateBitmap
AddFontResourceA
ChoosePixelFormat
BitBlt
SetBkColor

opengl32

glGetLightiv
glGetBooleanv
glTexCoord3f
glGetPixelMapfv
glVertex3dv
glVertex4fv
glFrustum

dbghelp

SymGetLineFromAddr64
ImageRvaToSection
FindDebugInfoFileEx
StackWalk
ImageDirectoryEntryToData

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

SetHandleCount
GetSystemTimeAsFileTime
VirtualProtect
SizeofResource
SignalObjectAndWait
SetLastError
SetEvent
SetEndOfFile
ResetEvent
RemoveDirectoryW
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetLocalTime
GetFullPathNameW
GetFileAttributesW
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCPInfo
FormatMessageW
FindResourceW
EnumCalendarInfoW
HeapCreate
DeleteFileW
DeleteCriticalSection
CreateProcessW
GetFileType
CreateDirectoryW
CompareStringW
TlsSetValue
TlsGetValue
LocalAlloc
GetACP
VirtualFree
VirtualAlloc
GetSystemInfo
QueryPerformanceCounter
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetOEMCP
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
HeapAlloc
HeapReAlloc
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsFree
InterlockedIncrement
InterlockedDecrement
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapFree
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
CreateFileW
GetEnvironmentStringsW
VirtualQuery
WideCharToMultiByte
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FindFirstFileW
UnhandledExceptionFilter
RtlUnwind
HeapSize
CompareStringA
SetEnvironmentVariableA
EnterCriticalSection
GetTempPathA
RaiseException
GetStdHandle
CompareFileTime
SearchPathA
VirtualAllocEx
OpenProcess
GetCurrentProcessId
ConnectNamedPipe
EnumCalendarInfoExA
DeleteTimerQueueTimer
SetCommMask
CreateEventW
GetStartupInfoW
SetConsoleScreenBufferSize
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
MulDiv
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
GetVersion
GetSystemDirectoryA
lstrcatA
lstrlenA
GetTempFileNameA
CreateFileA
RemoveDirectoryA
CreateProcessA
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceA
lstrcpynA
LoadLibraryA
SetErrorMode
GetCommandLineA
SetFileTime
GetWindowsDirectoryA
ExitProcess
CopyFileA
GetCurrentProcess
GetModuleFileNameA
GetFileSize
GetTickCount
Sleep
SetFileAttributesA
CreateDirectoryA
GetLastError
GetFileAttributesA
SetCurrentDirectoryA
MoveFileA
GetFullPathNameA
GetShortPathNameA

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shrink
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00d668374e68f02307baf8cf729bad06

Headers

DLL Characteristics

File Characteristics

Imports

user32

urlmon

shell32

ole32

advapi32

gdi32

opengl32

dbghelp

comctl32

version

kernel32

Sections

.text Size: 125KB - Virtual size: 125KB

.data Size: 7KB - Virtual size: 70KB

.shrink Size: 53KB - Virtual size: 52KB

.rsrc Size: 39KB - Virtual size: 39KB

.text
Size: 125KB - Virtual size: 125KB

.data
Size: 7KB - Virtual size: 70KB

.shrink
Size: 53KB - Virtual size: 52KB

.rsrc
Size: 39KB - Virtual size: 39KB