d38130f08ccc59b90c854f4d3870e082_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d38130f08ccc59b90c854f4d3870e082_JaffaCakes118
Size

253KB
MD5

d38130f08ccc59b90c854f4d3870e082
SHA1

0a2a41598b6bcbdc49301650a7d710083acaceb0
SHA256

cb0fcf33cec15e31f9bfda2bcea333ef4577a69e359d90d5deec4a539f49b80c
SHA512

bafcbb7f1ac222585d44352207362147eb8949b551e8b1e94442fbfe1bc18b6bd8b3c64e93db75f903ae433efb7004044d9345e2cc6067607e3d2f5fbe0a56d9
SSDEEP

6144:g3UaFS58Q+Sij0nVGtnQfNmPvwQ5rQidwByQotV:g35E2FjTnOCIQ5rn3QoP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d38130f08ccc59b90c854f4d3870e082_JaffaCakes118

Files

d38130f08ccc59b90c854f4d3870e082_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9f31ef69c7d04d1765cc1b5265073e4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyW
PathAppendW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

gdi32

CreateSolidBrush

comctl32

ord17

shell32

SHGetFolderPathW

kernel32

DeleteCriticalSection
GetStdHandle
TlsSetValue
WaitForSingleObject
GetTempFileNameW
lstrcmpW
EnterCriticalSection
CreateMutexW
FindClose
lstrlenW
GetShortPathNameW
GetLocalTime
IsValidCodePage
FreeLibrary
RemoveDirectoryW
GetConsoleMode
GetACP
ReadFile
TlsGetValue
SetFilePointer
CreateFileW
FreeEnvironmentStringsA
GetTempPathW
lstrcpyW
SetLastError
GetConsoleOutputCP
RaiseException
ResumeThread
MoveFileExW
RtlUnwind
LoadResource
VirtualFree
GetCommandLineW
GetCurrentThreadId
FormatMessageW
OutputDebugStringW
FindFirstFileW
lstrcmpiW
GetFileType
FreeEnvironmentStringsW
IsDebuggerPresent
CreateFileA
WriteConsoleW
lstrcatW
GetSystemTimeAsFileTime
VirtualAlloc
UnhandledExceptionFilter
CopyFileW
HeapReAlloc
SizeofResource
GetSystemTime
CloseHandle
LCMapStringW
LeaveCriticalSection
GetDateFormatW
HeapAlloc
TlsAlloc
TlsFree
HeapDestroy
GetConsoleCP
lstrcpynW
CreateProcessW
IsBadStringPtrW
SetEndOfFile
GetProcessHeap
GetThreadLocale
LCMapStringA
TerminateThread
SetStdHandle
FindResourceW
DeleteFileW
FindNextFileW
lstrlenA
GetSystemDirectoryW
WriteConsoleA
SetHandleCount
GetModuleHandleW
HeapFree
CreateDirectoryW
GetTimeFormatW
WriteFile
SetFileAttributesW
GetOEMCP
WideCharToMultiByte
ReleaseMutex
GetCommandLineA
FlushFileBuffers
SetUnhandledExceptionFilter
HeapSize
GetModuleHandleA
GetStartupInfoW
VirtualAllocEx

ole32

CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance

advapi32

SetSecurityDescriptorOwner
OpenSCManagerW
AdjustTokenPrivileges
RegCloseKey
InitializeAcl
RegDeleteValueW
DeleteService
QueryServiceLockStatusW
OpenProcessToken
GetLengthSid
RegEnumKeyExW
RegOpenKeyExW
SetNamedSecurityInfoW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
GetTokenInformation
RegSetKeySecurity
CreateServiceW
RegCreateKeyExW
CloseServiceHandle
InitializeSecurityDescriptor
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
OpenServiceW
AddAccessAllowedAce

oleaut32

SysAllocStringByteLen
SysAllocString
SysStringByteLen
VariantClear
VariantInit
SysFreeString
VariantChangeType

user32

LoadStringW
RegisterWindowMessageW
IsWindow
PostQuitMessage
SendMessageW
GetMessageW
PeekMessageW
TranslateMessage
DefWindowProcW
CharNextW
GetActiveWindow
LoadCursorW
MessageBoxW
GetWindowRect
wvsprintfW
LoadIconW
CharPrevW
ShowWindow
SetDlgItemTextW
SetWindowPos
UpdateWindow
RegisterClassW
CreateDialogParamW
GetSysColor
GetSystemMetrics
DispatchMessageW
GetDlgItem
MsgWaitForMultipleObjects
PostMessageW

mscms

CreateColorTransformW
IsColorProfileTagPresent
GetStandardColorSpaceProfileA
GetColorProfileFromHandle
InstallColorProfileW
InternalGetPS2CSAFromLCS
IsColorProfileValid

advpack

RegSaveRestoreOnINF
RegRestoreAll

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.G
Size: 1KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HXQoOM
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TypvbJ
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 213KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NH
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f31ef69c7d04d1765cc1b5265073e4d

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

gdi32

comctl32

shell32

kernel32

ole32

advapi32

oleaut32

user32

mscms

advpack

Sections

.text Size: 17KB - Virtual size: 17KB

.G Size: 1KB - Virtual size: 15KB

.rdata Size: 5KB - Virtual size: 4KB

.HXQoOM Size: 1KB - Virtual size: 2KB

.TypvbJ Size: 2KB - Virtual size: 2KB

.data Size: 213KB - Virtual size: 219KB

.NH Size: 512B - Virtual size: 3KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 17KB - Virtual size: 17KB

.G
Size: 1KB - Virtual size: 15KB

.rdata
Size: 5KB - Virtual size: 4KB

.HXQoOM
Size: 1KB - Virtual size: 2KB

.TypvbJ
Size: 2KB - Virtual size: 2KB

.data
Size: 213KB - Virtual size: 219KB

.NH
Size: 512B - Virtual size: 3KB

.rsrc
Size: 10KB - Virtual size: 10KB