JaffaCakes118_66370982f6cba531392b8610bece9db9

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_66370982f6cba531392b8610bece9db9
Size

465KB
MD5

66370982f6cba531392b8610bece9db9
SHA1

18969bd34c71fcb23ece47f721bd30e076488155
SHA256

0f3ad6d3ce0bc247667024bd2cd7ddc831d3890e4d4dc3ee7a2f833bbce3ca39
SHA512

ddd7181ebc4e2e565c1937e7e80c42ce5da9f7c5c88b6000df2900b6667dae4c7d714330ae0324a8fe438c17cc907d579fade6720585e7cfa0338861ef08d67a
SSDEEP

12288:KLLdQ9BTg3YUGS/l48VkrqsIGuANKz7LBY:KLaWCpUAN4a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_66370982f6cba531392b8610bece9db9

Files

JaffaCakes118_66370982f6cba531392b8610bece9db9
.exe windows:5 windows x86 arch:x86

5b8d45700eb4620040da8b15b578ce2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_SYSTEM

PDB Paths

U:\itself\inherent\but\events\acce.pdb

Imports

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LoadLibraryW
DeleteCriticalSection
GetStdHandle
RaiseException
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
GetStringTypeW
SetFilePointer
SetStdHandle
FlushFileBuffers
CloseHandle
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
ReadFile
CreateFileW
SetEndOfFile
GetLastError
FindFirstFileA
SetHandleCount
FindClose
GetCommandLineA
HeapCreate
InterlockedIncrement
HeapAlloc
GetProfileStringA
GlobalFree
lstrlenA
IsBadReadPtr
HeapValidate
RtlUnwind
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
GetConsoleMode
GetConsoleCP
WriteFile
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
LCMapStringW
SetLastError
TlsFree
GetCurrentThreadId
GetProcessHeap
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetModuleFileNameW
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FindNextFileA
GetFileType
GetStartupInfoW
HeapSetInformation
ExitProcess
GetModuleHandleW
GetProcAddress
CreateFileA
lstrlenW
WideCharToMultiByte
EnumDateFormatsA
DecodePointer
InterlockedDecrement

user32

GetClipCursor
CreateWindowExA
EndDialog
PostQuitMessage
SendDlgItemMessageA
MoveWindow
GetClientRect
DrawIcon
SetScrollPos
InvalidateRect
SetScrollRange
LoadBitmapA
SendMessageA
GetIconInfo
GetDesktopWindow
GetForegroundWindow
IsWindowVisible
FindWindowA
FindWindowExA
SetWindowRgn
GetWindow
GetClassNameA
GetWindowTextA
SetDlgItemTextA
GetDlgItem
SetWindowLongA
SetWindowPos
GetWindowRect
GetParent
ShowWindow
GetSystemMetrics
MessageBoxA
IsDlgButtonChecked
CheckDlgButton
MessageBoxW
GetDC
ReleaseDC

gdi32

CreateEllipticRgnIndirect
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetDeviceCaps
CreateDCA
CreateMetaFileA
SetMapMode
SetWindowExtEx
SetWindowOrgEx
CreateFontIndirectA
ExtTextOutA
MoveToEx
LineTo
CloseMetaFile
DeleteMetaFile
StartDocA
StartPage
Escape
EndPage
EndDoc
GetTextMetricsA

comdlg32

PrintDlgA

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegEnumKeyExA

shell32

SHGetFolderPathW
SHGetFolderPathA
ExtractIconExA
ord727
SHGetFileInfoW

ole32

CoInitialize
CoFileTimeNow

odbc32

ord75
ord24
ord39
ord31
ord9
ord13
ord4
ord111
ord107

ws2_32

WSAGetLastError
WSALookupServiceEnd
WSACleanup
inet_addr
WSAStartup
WSALookupServiceBeginA
WSALookupServiceNextA
closesocket
getsockopt
bind
socket

iphlpapi

SendARP

shlwapi

StrToIntExA
AssocCreate
StrStrIA
PathAppendA

comctl32

CreateToolbarEx
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Create
ImageList_Add

powrprof

ReadProcessorPwrScheme

Sections

.text
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b8d45700eb4620040da8b15b578ce2d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

odbc32

ws2_32

iphlpapi

shlwapi

comctl32

powrprof

Sections

.text Size: 386KB - Virtual size: 386KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 8KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 386KB - Virtual size: 386KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 8KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 17KB - Virtual size: 16KB