JaffaCakes118_7a875122646918f3ee7500d6d597b11e

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7a875122646918f3ee7500d6d597b11e
Size

518KB
MD5

7a875122646918f3ee7500d6d597b11e
SHA1

8bceb16bf395e072a03e595f597c37701ad6eeb2
SHA256

4ad1de254f5cc53dd67d6ada0032e86525185243bd1af07793f5de172abca4aa
SHA512

38545bed3cf2528f51d4ec71b8b5fe015c48c778eb07889fd851b2652864389f44b29e730d08850bf4356296d491e4b61ff002048a1717ccf157fc9db83a4762
SSDEEP

12288:XG/+hWM0upucoaQoIhte7fPjDfVQLSfXkxnZkGLmEcw59zB:XG/4zpuLJoIhtezOSvk5h0w59B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7a875122646918f3ee7500d6d597b11e

Files

JaffaCakes118_7a875122646918f3ee7500d6d597b11e
.exe windows:5 windows x86 arch:x86

19f51de05544dd9a88d0fd35d9464eec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_SYSTEM
IMAGE_FILE_UP_SYSTEM_ONLY

Imports

kernel32

GetStringTypeW
LCMapStringW
CreateFileA
CloseHandle
FlushFileBuffers
SetStdHandle
HeapSize
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
LoadLibraryW
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetFilePointer
GetModuleFileNameW
LocalFree
WriteFile
LeaveCriticalSection
EnterCriticalSection
Thread32First
MultiByteToWideChar
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
WriteConsoleW
HeapReAlloc
SetEndOfFile
GetProcessHeap
OutputDebugStringA
GetConsoleTitleA
GetCurrentProcessId
GetTickCount
SetConsoleTitleA
Sleep
GetConsoleWindow
GetCurrentProcess
IsBadReadPtr
GlobalAlloc
MulDiv
GetUserDefaultLangID
FindResourceExA
LoadResource
FindResourceExW
CreateToolhelp32Snapshot
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameA
FindFirstFileA
GetFileAttributesA
FindNextFileA
FindClose
RemoveDirectoryA
HeapCreate
HeapAlloc
TerminateProcess
EncodePointer
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
ExitProcess
GetModuleHandleW
GetProcAddress
HeapFree
RtlUnwind
RaiseException
GetLastError
Thread32Next
ReadFile
LocalAlloc
GetModuleHandleA
GetStdHandle
CreateFileW

user32

ScreenToClient
DeferWindowPos
FindWindowA
EndDeferWindowPos
ChildWindowFromPoint
SetCursorPos
BeginDeferWindowPos
CreateWindowExW
GetSysColorBrush
SetTimer
KillTimer
DispatchMessageA
GetParent
GetWindowLongA
EnumChildWindows
CheckMenuRadioItem
GetDC
TranslateMessage
GetMessageA
GetMenu
UpdateWindow
wsprintfA
GetDlgItem
SendMessageA
SetWindowPos
GetWindowRect
ShowWindow
GetClientRect
FillRect
SetRect
ReleaseDC
PostQuitMessage
CreateWindowExA
LoadImageA
BeginPaint
EndPaint
DefWindowProcA
DestroyWindow
DrawTextA
MessageBoxA
AttachThreadInput
DestroyAcceleratorTable
GetDlgItemTextW
GetWindowDC
IsWindowEnabled
GetFocus
ClientToScreen
OffsetRect
UnionRect
LoadIconA
LoadCursorA
RegisterClassExA

gdi32

CreateSolidBrush
SelectClipRgn
DeleteObject
GetDeviceCaps
CreateFontA
SelectObject
GetTextExtentPoint32A
SetTextColor
SetPixelFormat
CreateRectRgn
CombineRgn
CreateDCA
StartDocA
StartPage
EndPage
EndDoc
DeleteDC
MoveToEx
LineTo
Polyline
EnumFontsA
ExcludeClipRect

winspool.drv

ord201
OpenPrinterA
ClosePrinter

advapi32

OpenProcessToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
GetNamedSecurityInfoA
LookupAccountNameA

shell32

SHGetSpecialFolderPathA
SHGetMalloc
SHGetSpecialFolderLocation
DragAcceptFiles

ole32

CoTaskMemFree

ws2_32

WSCDeinstallProvider
WSCEnumProtocols

shlwapi

PathRemoveFileSpecA
StrToIntExA
PathAppendA

comctl32

InitCommonControlsEx
ord6

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringW

gdiplus

GdipAlloc
GdipCreatePen1
GdipDeletePen
GdipDeleteGraphics
GdipDrawRectangleI
GdipFree
GdipDrawEllipseI
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC2

setupapi

SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList

uxtheme

DrawThemeBackground

authz

AuthzInitializeResourceManager
AuthzFreeResourceManager

ntdsapi

DsUnBindA

sensapi

IsNetworkAlive

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.path
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.base
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19f51de05544dd9a88d0fd35d9464eec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

ws2_32

shlwapi

comctl32

rpcrt4

gdiplus

setupapi

uxtheme

authz

ntdsapi

sensapi

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 5KB - Virtual size: 12KB

.path Size: 264KB - Virtual size: 264KB

.base Size: 11KB - Virtual size: 10KB

.rsrc Size: 120KB - Virtual size: 120KB

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 5KB - Virtual size: 12KB

.path
Size: 264KB - Virtual size: 264KB

.base
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 120KB - Virtual size: 120KB