JaffaCakes118_648b6973f7193253b770fdff6b932ca0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_648b6973f7193253b770fdff6b932ca0
Size

351KB
MD5

648b6973f7193253b770fdff6b932ca0
SHA1

13ebb4f05248b3a527374d6b79c0400d606bef8a
SHA256

912a19587f05749b761703c374e067aecea213730dc84a2987445559e0872c88
SHA512

7f72edf3bd504352bd90a72c7b5a710e829abf83a7ec8eb5ce9300ca636a11895fa12d87b1516085e613320aa7f4427eb32c84d182b05e8e8448d5262906c21c
SSDEEP

6144:hWVCNkOFcPavx/7vjBk0HQ5CQSi3mgFAHK2blKE4SjLe7/qg:Zcix7Fk0WCQSfgKq2blKQeD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_648b6973f7193253b770fdff6b932ca0

Files

JaffaCakes118_648b6973f7193253b770fdff6b932ca0
.exe windows:5 windows x86 arch:x86

46dbbd0829bce3bb40930ccbaee3a8d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFileInfoW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW

advapi32

RegSetValueExW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

gdi32

GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SetBkMode
SelectObject
SetBkColor

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

QueryMemoryResourceNotification
GetStringTypeW
GetStringTypeA
GlobalDeleteAtom
SetProcessShutdownParameters
GetProcessHeap
RequestWakeupLatency
PurgeComm
ReplaceFileA
SetProcessWorkingSetSize
SetSystemPowerState
DeactivateActCtx
LockResource
ResetEvent
UnlockFile
GetThreadTimes
MapUserPhysicalPagesScatter
GetFileAttributesExW
InitAtomTable
MulDiv
LocalCompact
QueryInformationJobObject
GetEnvironmentStrings
ReadFileScatter
GetDevicePowerState
TlsSetValue
CreateFiberEx
CreateTimerQueue
SetFileApisToOEM
GetNumaAvailableMemoryNode
SetTapePosition
ResetWriteWatch
GetCurrentProcess
SetCommState
SetFileApisToANSI
FlushFileBuffers
GlobalGetAtomNameW
TlsGetValue
SetFilePointerEx
WTSGetActiveConsoleSessionId
CreateMemoryResourceNotification
FindVolumeClose
GetThreadIOPendingFlag
FreeEnvironmentStringsA
CloseHandle
GetCommMask
SetInformationJobObject
SetLastError
GlobalUnWire
FreeUserPhysicalPages
GlobalWire
LocalUnlock
PulseEvent
GlobalCompact
EraseTape
SetProcessPriorityBoost
SetTapeParameters
GetFileType
GetCommandLineW
DisableThreadLibraryCalls
GetTapeStatus
GetProcessVersion
QueueUserAPC
SetCommMask
ClearCommBreak
GetNamedPipeInfo
MapUserPhysicalPages
ReleaseSemaphore
GetStdHandle
SetHandleInformation
RtlCaptureStackBackTrace
DefineDosDeviceW
GetNumaNodeProcessorMask
CheckRemoteDebuggerPresent
GetExitCodeThread
BindIoCompletionCallback
GetNamedPipeHandleStateA
CreateFiber
ConvertThreadToFiber
CancelDeviceWakeupRequest
GetMailslotInfo
GetCommandLineA
GetProcessTimes
GetModuleFileNameA
LocalShrink
GetProcessAffinityMask
GetCurrentThread
GetModuleFileNameW
ReleaseMutex
IsWow64Process
GetComputerNameExW
GetProcessId
EncodePointer
ContinueDebugEvent
GetVersion
ClearCommError
SetMessageWaitingIndicator
PrepareTape
SetMailslotInfo
LockFile
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
DeleteCriticalSection
TlsAlloc
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

46dbbd0829bce3bb40930ccbaee3a8d7

Headers

DLL Characteristics

File Characteristics

Imports

shell32

advapi32

gdi32

comctl32

version

kernel32

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 7KB - Virtual size: 9KB

.rsrc Size: 128KB - Virtual size: 127KB

.text Size: 107KB - Virtual size: 108KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 7KB - Virtual size: 9KB

.rsrc
Size: 128KB - Virtual size: 127KB

.text
Size: 107KB - Virtual size: 108KB