eb74e32189e76cb1e1617d634fa4efef_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eb74e32189e76cb1e1617d634fa4efef_JaffaCakes118
Size

238KB
MD5

eb74e32189e76cb1e1617d634fa4efef
SHA1

850b4c5c6b22dbb3c4f725b9e29a601f38cef088
SHA256

b75ff3b1950341d71f9bf9787f3a70cd024ed35088c8edfcb9a082028082d51d
SHA512

4c4f3bece3045c01a86537f03811ac4a6122e9be5d26d19b85fb016eee52ce8fbf71e64dcfaad1884475a23cd09a9de0d0de8906954e8893e32b1554ab2556fd
SSDEEP

6144:pp+eyst+keNWhYLnCZrwrJ4PxI0HqbsJu2WXuku8ukrw:v+eyMhunX45IGqbnk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb74e32189e76cb1e1617d634fa4efef_JaffaCakes118

Files

eb74e32189e76cb1e1617d634fa4efef_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0fbc66c7b0491fc2e453f253d6251ab6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

W:\permissive\teach\intractable\li.pdb

Imports

kernel32

LCMapStringW
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
HeapCreate
GetModuleFileNameW
WriteFile
LoadLibraryW
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleW
SetFilePointer
SetStdHandle
CreateEventA
WaitForSingleObject
lstrlenA
GetProcessHeap
HeapAlloc
HeapFree
GetLastError
GetStdHandle
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
SetConsoleCursorPosition
CreateToolhelp32Snapshot
LoadLibraryA
Thread32First
Thread32Next
GlobalLock
CreateDirectoryA
FindFirstFileA
lstrcpyA
lstrcatA
CopyFileA
GetFileAttributesA
SetFileAttributesA
FindNextFileA
FindClose
GetProcAddress
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
ExitProcess
GetModuleHandleW
RtlUnwind
GlobalUnlock
GetTickCount
GetCurrentThreadId
CreateThread
GetCurrentThread
GetCurrentProcess
RaiseException
CloseHandle
SetLastError
MultiByteToWideChar
CreateFileW

user32

SetDlgItemInt
SendDlgItemMessageA
SetTimer
KillTimer
SetWindowTextA
FillRect
GetWindowLongA
BeginPaint
LoadIconW
LoadBitmapA
CreateWindowExA
GetWindowTextA
SendMessageA
DefWindowProcA
GetDlgItemTextA
GetDC
GetClientRect
ReleaseDC
AttachThreadInput
RegisterClipboardFormatA
FindWindowA
ChildWindowFromPoint
SetCursorPos
GetParent
EnumChildWindows
MessageBoxA
GetMessageA
DispatchMessageA
PostThreadMessageA
wsprintfA
GetClassNameW
FindWindowExA
SetWindowRgn
EndDialog
GetWindowRect
SetWindowPos
GetDlgItem
GetWindowDC
IsWindowEnabled
InsertMenuItemA
ClientToScreen
EndPaint
InvalidateRgn
DestroyWindow
PostQuitMessage
IsIconic
InvalidateRect

gdi32

CombineRgn
CreatePatternBrush
GetStockObject
DeleteObject
CreateSolidBrush
CreatePen
Rectangle
SetPixelFormat
StartDocA
StartPage
TextOutA
EndPage
EndDoc
DeleteDC
CreateEllipticRgnIndirect
CreateRectRgn
SelectObject

comdlg32

PrintDlgA

advapi32

LsaRemoveAccountRights
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LsaAddAccountRights
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegSetValueExA
OpenThreadToken

shell32

SHGetFolderPathW
SHGetDesktopFolder
SHParseDisplayName

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
OleInitialize
CoInitialize
ReleaseStgMedium
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream

comctl32

ord16
ord8
PropertySheetA
InitCommonControlsEx
ImageList_DragLeave

gdiplus

GdiplusStartup

imm32

ImmReleaseContext
ImmGetConversionStatus
ImmGetCompositionStringA
ImmGetContext

setupapi

SetupDiGetClassDevsW
SetupDiSetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsA

rasdlg

RasEntryDlgW

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sidata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.feta
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fbc66c7b0491fc2e453f253d6251ab6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

comctl32

gdiplus

imm32

setupapi

rasdlg

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 12KB

.nata Size: 104KB - Virtual size: 104KB

.sidata Size: 6KB - Virtual size: 5KB

.feta Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 12KB

.nata
Size: 104KB - Virtual size: 104KB

.sidata
Size: 6KB - Virtual size: 5KB

.feta
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 34KB - Virtual size: 34KB