df936f5cac3b901b44827284da02ad3a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

df936f5cac3b901b44827284da02ad3a_JaffaCakes118
Size

287KB
MD5

df936f5cac3b901b44827284da02ad3a
SHA1

16ca17e176d4071dda3557466b92f16200b81b28
SHA256

d0dfb1bad27c23193bbf470f0de3e1a3ee9e402acf0fd61315cfb6699ab2853f
SHA512

94f299549bfc0c3a1c834dc1e65addc16a362e3d6fe4e1374ac5550ef800cc0c257a293773daa38fe80fd32180d04a8872584c94e948cd86b08fca301aba9b8c
SSDEEP

6144:yedLuNMztvjKqU0Nu9fovgndAwznga0sNSRGg/DIfakIH:jd649UCu9fbdA5a/oPEGH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df936f5cac3b901b44827284da02ad3a_JaffaCakes118

Files

df936f5cac3b901b44827284da02ad3a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eb9411b3ede33169131c0a9a6571d7e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
MakeAbsoluteSD
RegNotifyChangeKeyValue
RegDeleteKeyA
GetSecurityDescriptorOwner
CopySid
InitializeSid
GetSecurityDescriptorDacl
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
IsValidSid
GetSidSubAuthority
EqualSid
RegCreateKeyExA
RegOpenKeyExA
OpenProcessToken
GetSidLengthRequired
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueA
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetLengthSid
GetTokenInformation
GetSecurityDescriptorLength

kernel32

WaitForSingleObject
FindFirstFileA
FreeLibrary
HeapDestroy
ReleaseMutex
lstrcpyA
GetACP
SetProcessWorkingSetSize
LoadLibraryExA
GetProcessHeap
lstrcatA
lstrlenW
lstrlenA
HeapReAlloc
LocalAlloc
FileTimeToSystemTime
FindResourceA
lstrcmpA
GetTimeFormatA
RemoveDirectoryA
lstrcmpiA
HeapSize
GetUserDefaultLangID
FindResourceExA
IsDBCSLeadByte
SetPriorityClass
WideCharToMultiByte
DeleteFileA
CreateEventA
GlobalLock
LoadResource
HeapAlloc
FormatMessageA
EnterCriticalSection
ResetEvent
HeapFree
GetSystemTimeAsFileTime
GetThreadLocale
LeaveCriticalSection
LockResource
FindClose
RaiseException
GlobalAlloc
CreateThread
GlobalUnlock
SizeofResource
GetModuleHandleA
FindNextFileA
SetLastError
SystemTimeToFileTime
LocalFree
CloseHandle
GetDateFormatA
OpenProcess
WaitForMultipleObjects
lstrcpynA
DeleteCriticalSection
CreateMutexA
GetCurrentThreadId
OpenEventA
VirtualAllocEx

oleaut32

VarUI4FromStr
GetErrorInfo
RegisterTypeLi
LoadTypeLi
SysStringByteLen
UnRegisterTypeLi
VariantInit
SysFreeString
VariantCopy
DispCallFunc
SysAllocString
LoadRegTypeLi
VariantClear
SysStringLen
SysAllocStringByteLen

shlwapi

PathFindExtensionA

ole32

CoInitialize
CLSIDFromProgID
CoRevokeClassObject
CoTaskMemFree
CoTaskMemRealloc
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CLSIDFromString
CoUninitialize
StringFromGUID2
CoFreeUnusedLibraries
StringFromCLSID
OleUninitialize
OleRun
CoTaskMemAlloc
CoRegisterClassObject

gdi32

CombineRgn
GetObjectA
CreateRectRgn
CreateRectRgnIndirect
GetTextExtentExPointA
CreateFontIndirectA
SetRectRgn

shell32

Shell_NotifyIconA
ShellExecuteA

user32

IsWindow
SendMessageA
CallNextHookEx
OpenClipboard
GetClientRect
PostMessageA
DrawIconEx
GetWindowThreadProcessId
GetDC
TranslateAcceleratorA
RedrawWindow
GetSystemMetrics
CharNextA
DrawTextA
UpdateWindow
SetFocus
LoadIconA
SetWindowRgn
SetForegroundWindow
GetDesktopWindow
SetWindowPos
PostQuitMessage
SetWindowsHookExA
MapDialogRect
DestroyIcon
InflateRect
TrackPopupMenu
CloseClipboard
LoadImageA
IsRectEmpty
LoadMenuA
FindWindowA
SetMenuDefaultItem
ReleaseDC
EmptyClipboard
LoadAcceleratorsA
UnhookWindowsHookEx
EnableWindow
IsZoomed
GetWindowRect
GetSubMenu
RegisterWindowMessageA
AttachThreadInput
EnableMenuItem
GetParent
GetCursorPos
RemoveMenu
SetClipboardData
CopyRect
GetForegroundWindow

security

ExportSecurityContext
DeleteSecurityPackageW
ImportSecurityContextW
AddSecurityPackageW

browseui

DllGetVersion

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 249KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb9411b3ede33169131c0a9a6571d7e7

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

shlwapi

ole32

gdi32

shell32

user32

security

browseui

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 249KB - Virtual size: 252KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 249KB - Virtual size: 252KB

.rsrc
Size: 10KB - Virtual size: 9KB