JaffaCakes118_6d7c0aa96899b2d4c1b1be3b19076c51

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_6d7c0aa96899b2d4c1b1be3b19076c51
Size

315KB
MD5

6d7c0aa96899b2d4c1b1be3b19076c51
SHA1

5387f36773e115ace561e63664bdf58e9565e79c
SHA256

d98fa9c606afa550fe45406c3c6709174b4d2593ecc269d8b852145a74337850
SHA512

0ae2e39d60efb72c66c70114c0b8e03025442f533460165c94d1788a7713d1a251592880766680f435694f7353f926f2720646d8613de1927b1f22ba91c54ace
SSDEEP

6144:U5JikQXuaCGaiyxKN7QPaOS4NmxAZpJg1zGAnIa3s/cDZR5pR:U58kbiyWIJSWSGaGA+/cDZhR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6d7c0aa96899b2d4c1b1be3b19076c51

Files

JaffaCakes118_6d7c0aa96899b2d4c1b1be3b19076c51
.exe windows:5 windows x86 arch:x86

b1a187ff2ffff3cd3364c790f25aeaea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

SHGetSpecialFolderPathA

userenv

UnloadUserProfile

kernel32

CreateFileA
GetOEMCP
LockResource
OpenEventA
GetProcessHeap
HeapSize
CreateEventA
SetUnhandledExceptionFilter
SizeofResource
LoadResource
CreateThread
GetSystemTime
lstrlenW
CreateWaitableTimerA
HeapDestroy
FreeEnvironmentStringsA
CreateProcessW
DeleteCriticalSection
EnterCriticalSection
EnumSystemLocalesA
SetWaitableTimer
OpenProcess
GetFileType
GlobalAlloc
GetModuleHandleA
HeapAlloc
ResumeThread
GetUserDefaultLCID
TlsGetValue
IsBadCodePtr
LCMapStringA
lstrlenA
FindResourceA
FindResourceExA
TlsAlloc
SetEndOfFile
SetHandleCount
GlobalSize
VirtualFree
SetStdHandle
VirtualQuery
RtlUnwind
RaiseException
SetLastError
WaitForMultipleObjects
VirtualProtect
FlushFileBuffers
GetSystemTimeAsFileTime
HeapFree
FormatMessageA
WideCharToMultiByte
GetCommandLineA
GetSystemInfo
TlsSetValue
VirtualAlloc
SetFilePointer
GlobalLock
LCMapStringW
IsValidCodePage
FreeEnvironmentStringsW
ReadFile
HeapReAlloc
GetCurrentThreadId
GetACP
LocalFree
LocalAlloc
GetThreadLocale
TlsFree
WaitForSingleObject
LeaveCriticalSection
GetStdHandle
UnhandledExceptionFilter
CancelWaitableTimer
WriteFile
GlobalUnlock
IsValidLocale
CloseHandle
VirtualAllocEx

oleaut32

SafeArrayCreateVectorEx
SafeArrayGetVartype
VarBstrCmp
SysAllocStringByteLen
VariantChangeType
LoadTypeLi
VariantInit
SafeArrayCreate
GetErrorInfo
SafeArrayCopy
SafeArrayGetDim
SafeArrayRedim
SysStringLen
SysAllocString
SafeArrayLock
VariantClear
SysAllocStringLen
VariantCopyInd
LoadRegTypeLi
SafeArrayAccessData
SafeArrayGetUBound
GetRecordInfoFromGuids
SafeArrayUnlock
SafeArrayGetElement
VariantTimeToSystemTime
SysFreeString
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayDestroy
SystemTimeToVariantTime
SysStringByteLen
VariantCopy

psapi

GetModuleBaseNameA

advapi32

GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
AddAce
InitializeAcl
ControlService
RegOpenKeyExA
AdjustTokenPrivileges
CryptGetHashParam
GetSecurityDescriptorOwner
MakeSelfRelativeSD
RegNotifyChangeKeyValue
RevertToSelf
RegDeleteValueA
LookupAccountNameW
EqualSid
CloseServiceHandle
OpenThreadToken
RegCloseKey
GetAce
InitializeSecurityDescriptor
RegQueryValueExA
CryptHashData
SetFileSecurityW
IsValidSid
SetSecurityDescriptorDacl
GetAclInformation
QueryServiceStatusEx
GetSecurityDescriptorDacl
GetLengthSid
CryptAcquireContextA
CryptDestroyHash
CryptCreateHash
CopySid
OpenSCManagerA
GetSecurityDescriptorLength
OpenServiceW
RegSetValueExA
MakeAbsoluteSD
GetFileSecurityW
GetSecurityDescriptorControl
ImpersonateSelf
LookupPrivilegeValueA
CryptReleaseContext

shlwapi

PathQuoteSpacesW
PathStripPathA
PathRemoveFileSpecW
PathAppendW
PathStripPathW
PathAddBackslashW
PathFileExistsW
PathRemoveExtensionW

ole32

StringFromGUID2
GetHGlobalFromStream
CoQueryProxyBlanket
StringFromCLSID
CoUninitialize
CoTaskMemFree
CoInitializeEx
CoDisconnectObject
CoCreateInstance
CoInitialize
OleRun
CreateStreamOnHGlobal
CoSetProxyBlanket

atmlib

ATMFinish
ATMGetNtmFields
ATMFontStatusA
ATMGetBuildStr
ATMGetFontBBox
ATMGetFontInfoW
ATMGetNtmFieldsA
ATMGetPostScriptName
ATMMakePFMA

kbdpl

KbdLayerDescriptor

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 289KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1a187ff2ffff3cd3364c790f25aeaea

Headers

File Characteristics

Imports

user32

version

shell32

userenv

kernel32

oleaut32

psapi

advapi32

shlwapi

ole32

atmlib

kbdpl

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 289KB - Virtual size: 445KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 289KB - Virtual size: 445KB

.rsrc
Size: 1KB - Virtual size: 1KB