JaffaCakes118_4a6397c2e418679515ae22620fcdb7a4

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4a6397c2e418679515ae22620fcdb7a4
Size

728KB
MD5

4a6397c2e418679515ae22620fcdb7a4
SHA1

91a2893485e72d68155de1850549ffab536e3b1b
SHA256

6e1e52e148c9e8da719e97dfe7bbe8458ad36c1cfefa51a5da6911bed0e0a3b6
SHA512

e3db253ddef172f834d3a2561d71bd1c7a2c386ec0f334ac4dcb527e1111d04f9d49f70416cf436d4412dd2ff761f30f8e06938c85cd8ec7fbd36baaf605bcdf
SSDEEP

12288:1XDBZudjGMuEYdGzVPWKETriFnpfxQC2MO:UdjGMuEQqPX2riB49F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4a6397c2e418679515ae22620fcdb7a4

Files

JaffaCakes118_4a6397c2e418679515ae22620fcdb7a4
.exe windows:4 windows x86 arch:x86

53fc49b4ebc48e67d9d6a32f2db0c523

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

kernel32

GetShortPathNameW
GetLongPathNameW
FindFirstFileW
GetTempPathW
CreateDirectoryW
Sleep
MoveFileW
WriteFile
SetFilePointer
QueryPerformanceCounter
GetLocalTime
CreateProcessW
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetExitCodeProcess
DeleteFileW
FreeLibrary
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
IsValidCodePage
GetOEMCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
FindClose
CreateMutexW
ReleaseMutex
WaitForSingleObject
OutputDebugStringW
LocalFree
FormatMessageW
LocalAlloc
WideCharToMultiByte
ExpandEnvironmentStringsW
GetProcAddress
CreateFileW
GetFileSize
GlobalAlloc
ReadFile
OpenProcess
CloseHandle
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
SetLastError
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedExchange
LCMapStringA
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
GetConsoleMode
GetConsoleCP
GetFileType
GetFileAttributesW
SetFileAttributesW
GetStartupInfoW
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA

user32

GetUpdateRect
ScreenToClient
FillRect
IntersectRect
UnregisterClassA
SetWindowLongW
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharNextW
DestroyWindow
CreateDialogParamW
MessageBoxW
DefWindowProcW
GetWindowLongW
SetWindowPos
GetWindowRect
SetTimer
KillTimer
IsDialogMessageW
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindow
GetParent
PostQuitMessage
GetDC
ReleaseDC
RegisterClassW
GetClassInfoW
wsprintfW
BeginPaint
ValidateRect
EndPaint
CallWindowProcW
InvalidateRect

gdi32

GetObjectW
CreateDIBSection
SetDIBColorTable
SetBrushOrgEx
GetStockObject
CreateBitmap
GetDIBits
SetStretchBltMode
StretchBlt
CreatePatternBrush
CreateFontW
DeleteObject
GetDeviceCaps
BitBlt
SetTextColor
SetBkMode
TextOutW
SelectObject
DeleteDC
CreateCompatibleDC

advapi32

RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegisterEventSourceW
DeregisterEventSource
ReportEventW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

StringFromCLSID
OleRun
CreateStreamOnHGlobal
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
GetErrorInfo
SystemTimeToVariantTime
VarBstrFromDate
SysStringLen
SysStringByteLen
VarUI4FromStr
SysAllocStringByteLen

gdiplus

GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImageWidth
GdipDrawImageI
GdipCloneImage
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageHeight

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

53fc49b4ebc48e67d9d6a32f2db0c523

Headers

File Characteristics

Imports

psapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

gdiplus

version

Sections

.text Size: 256KB - Virtual size: 254KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 276KB - Virtual size: 273KB

.text Size: 100KB - Virtual size: 100KB

.text
Size: 256KB - Virtual size: 254KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 276KB - Virtual size: 273KB

.text
Size: 100KB - Virtual size: 100KB