JaffaCakes118_634e63dda69c926af3b3b24e1defe501

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_634e63dda69c926af3b3b24e1defe501
Size

409KB
MD5

634e63dda69c926af3b3b24e1defe501
SHA1

0d4bc8442c04bb445ec8f5d1342fd9ca2e03656e
SHA256

b3c259b32cb52d11eff189f8ac5953a2a1b347d283c5a1fedb72deef1e49cde4
SHA512

5573d3c203d5100cf5c4b35f51151fc93daa40a613a7cf53465046c056ba8e0c0b160efa7683c7381871003b9863be043921b0bd74b12056ba014e851462f19a
SSDEEP

12288:uFr6E5VXruaazSj0dadFm070MZVkX2J5asdNAVun:u35ViaaWQda/NwmVk05asvcun

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_634e63dda69c926af3b3b24e1defe501

Files

JaffaCakes118_634e63dda69c926af3b3b24e1defe501
.exe windows:5 windows x86 arch:x86

c1b0ebea1bab42e620186be23ae77a97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

PDB Paths

Y:\Control\actual\didn\since\subje.pdb

Imports

kernel32

GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringW
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LoadLibraryW
GetFileType
SetHandleCount
GetStdHandle
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsBadReadPtr
HeapValidate
InitializeCriticalSectionAndSpinCount
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineA
MultiByteToWideChar
ExitProcess
GetModuleHandleW
GetProcAddress
DecodePointer
RtlUnwind
RaiseException
LeaveCriticalSection
SetStdHandle
CreateDirectoryA
CreateNamedPipeA
CloseHandle
ConnectNamedPipe
LocalAlloc
LocalFree
GetProcessHeap
CreateFileA
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
GetModuleFileNameA
GetModuleFileNameW
lstrcpyW
GetPrivateProfileSectionW
GetPrivateProfileIntW
lstrcmpiA
SetProcessAffinityMask
lstrlenW
lstrcatW
FindFirstFileW
FindNextFileW
FindClose
GetLastError
WriteFile
SetFilePointer
HeapCreate
GetCurrentProcess
GetWindowsDirectoryA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileInformationByHandle
HeapAlloc
FormatMessageA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateEventA
FileTimeToLocalFileTime
FileTimeToSystemTime
EnumResourceLanguagesA
LoadResource
GetModuleHandleA
TlsGetValue
CreateFileW

user32

SetWindowTextA
LookupIconIdFromDirectory
SendMessageA
GetMenuItemID
GetMenuItemCount
AppendMenuA
CreatePopupMenu
LoadMenuA
ScreenToClient
SetCursorPos
ChildWindowFromPoint
FindWindowA
GetWindowLongA
GetDC
GetClientRect
GetScrollPos
GetScrollRange
SetScrollPos
ScrollWindow
UpdateWindow
GetDialogBaseUnits
GetDlgItem
SetFocus
BeginPaint
EndPaint
MoveWindow
ReleaseDC
DefWindowProcA
LoadStringA
LoadStringW
GetParent
SendNotifyMessageA
DestroyAcceleratorTable
GetDlgItemTextW
LoadBitmapA
GetSystemMetrics
InvalidateRect
SetCursor
wsprintfW
GetWindowRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
ShowWindow
DialogBoxParamA
LoadIconA
LoadCursorA
SystemParametersInfoA
DestroyWindow
FillRect
TrackPopupMenu
SendDlgItemMessageA
GetWindowTextLengthA
GetWindowTextA
OpenClipboard
EndDialog
EmptyClipboard
CopyImage
SetClipboardData
CloseClipboard
EnableWindow
CreateDialogParamA
SetDlgItemTextA

gdi32

SetTextColor
Rectangle
GetTextExtentPoint32A
CreateDCA
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetDIBColorTable
DeleteObject
GetBitmapBits
CreateCompatibleBitmap
GetDIBits
CreateFontIndirectA
CreateSolidBrush
GetStockObject
PatBlt
StartDocA
StartPage
TextOutA
EndPage
EndDoc
SetAbortProc
GetTextMetricsA
EnumFontsA
DeleteDC

comdlg32

ReplaceTextA

advapi32

AllocateAndInitializeSid
SetEntriesInAclA
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegCloseKey
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
ExtractIconExA

ole32

CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

OleLoadPicture
OleSavePictureFile

userenv

CreateEnvironmentBlock

avicap32

capGetDriverDescriptionA

shlwapi

PathFindFileNameA
StrChrA
PathFindExtensionA
PathFindExtensionW
AssocCreate
PathStripToRootA
ord12

comctl32

InitCommonControlsEx
CreateToolbarEx
ImageList_Create
ImageList_ReplaceIcon

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

uxtheme

IsThemeActive
GetThemeDocumentationProperty
EnableTheming

dxva2

SetVCPFeature

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1b0ebea1bab42e620186be23ae77a97

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

userenv

avicap32

shlwapi

comctl32

wtsapi32

uxtheme

dxva2

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 240KB - Virtual size: 240KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 31KB - Virtual size: 31KB

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 240KB - Virtual size: 240KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 31KB - Virtual size: 31KB