JaffaCakes118_4129b116965fd29ff63e35127d948c61

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4129b116965fd29ff63e35127d948c61
Size

291KB
MD5

4129b116965fd29ff63e35127d948c61
SHA1

6f97498eedcda7a669c2c59c75fc7fa920f9b296
SHA256

f6a403bda6b4399c1b9ea04df18e340f14d74360338283a3e1e96f6917ff538d
SHA512

a06ddf46b99301e78a1703d03e468805856efc27681e6ae762c2c31bfda4d17d4c5103c8f993bdec101aa4a7129146a7a8d7ec32e434aa28fb7852cbc14295c1
SSDEEP

6144:CPeSqysurnYWECoOeTgqO5i4hTChhhh5abgrwaSjWECoOeTgqO5i4hTChhhh5IQd:CG2XbazQt4+hSxM0Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4129b116965fd29ff63e35127d948c61

Files

JaffaCakes118_4129b116965fd29ff63e35127d948c61
.exe windows:6 windows x86 arch:x86

b9ae32f9e5404c5c0a9753ef7f6eea5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WMPNSCFG.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
GetAclInformation
GetAce
SetSecurityInfo
InitializeAcl
AddAce
CopySid
IsValidSid
GetLengthSid
EqualSid
ConvertStringSidToSidW
LookupAccountNameW
ConvertSidToStringSidW
GetSecurityInfo

kernel32

GlobalAlloc
WaitForMultipleObjects
CreateEventW
lstrcmpW
MulDiv
SetLastError
GetVersionExW
GlobalLock
lstrcpynW
CompareStringW
Sleep
GetProcAddress
InterlockedCompareExchange
LoadLibraryA
GlobalUnlock
FormatMessageW
CreateThread
LocalFree
OpenEventW
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
lstrcpynA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
RtlUnwind
OutputDebugStringA
GetStartupInfoW
VirtualAlloc
VirtualFree
GetVersion
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
DelayLoadFailureHook
FindResourceW
FindResourceExW
CloseHandle
lstrlenW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
WaitForSingleObject
RaiseException
SetEvent

gdi32

GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetStockObject

user32

DestroyAcceleratorTable
SetFocus
GetFocus
IsWindow
CreatePopupMenu
TrackPopupMenuEx
AppendMenuW
GetMenuItemCount
RemoveMenu
GetMenuItemInfoW
LoadStringA
MessageBeep
PtInRect
CreateAcceleratorTableW
GetSystemMetrics
SetForegroundWindow
GetCursorPos
GetWindowLongW
ShowWindow
SetWindowPos
GetDlgItem
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
DispatchMessageW
EndPaint
GetDesktopWindow
PeekMessageW
CharNextW
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadImageW
wsprintfW
LoadCursorW
IsChild
GetClassInfoExW
LoadAcceleratorsW
LoadMenuW
LoadStringW
PostMessageW
SetTimer
KillTimer
RegisterWindowMessageW
EnableMenuItem
SetMenuDefaultItem
DestroyMenu
GetMonitorInfoW
MonitorFromPoint
SendMessageW
TrackPopupMenu
GetSubMenu
DefWindowProcW
SetWindowTextW
GetWindowTextW
CallWindowProcW
FillRect
ReleaseCapture
GetMessageW
BeginPaint
TranslateMessage
GetClassNameW
GetWindowTextLengthW
PostQuitMessage
GetSysColor
MoveWindow
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
UnregisterClassA
SetWindowLongW

msvcrt

_controlfp
_onexit
_lock
__dllonexit
_unlock
realloc
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
calloc
_errno
__CxxFrameHandler
_purecall
memset
??_U@YAPAXI@Z
wcsncpy
malloc
??2@YAPAXI@Z
free
memcpy
??_V@YAXPAX@Z
??3@YAXPAX@Z
memmove
_CxxThrowException

ole32

StringFromIID
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

gdiplus

GdiplusShutdown
GdipCloneImage
GdipDrawImageRectI
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateHICONFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipSetPropertyItem
GdipGetAllPropertyItems
GdipGetPropertySize
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusStartup

shlwapi

SHCreateStreamOnFileW

secur32

GetUserNameExW

netapi32

NetApiBufferFree
NetGetJoinInformation

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9ae32f9e5404c5c0a9753ef7f6eea5a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

gdiplus

shlwapi

secur32

netapi32

Sections

.text Size: 94KB - Virtual size: 94KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 95KB - Virtual size: 96KB

.reloc Size: 99KB - Virtual size: 100KB

.text
Size: 94KB - Virtual size: 94KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 95KB - Virtual size: 96KB

.reloc
Size: 99KB - Virtual size: 100KB