JaffaCakes118_9891de088767ea7d24a1584c27a4abdb

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_9891de088767ea7d24a1584c27a4abdb
Size

246KB
MD5

9891de088767ea7d24a1584c27a4abdb
SHA1

b77b82832893d1d9b6a1bb9f84fc281426f6d4a7
SHA256

19728de156dea28cdd6b7c722bee1a5bcba6a0c04eaf369ac011cd1bba2a00b3
SHA512

25bfcdf4e354ae708f163a75e3d601c431491b0490a4cfd2ec33c06763e10edab507ee5eb6afb472d777dccbbc2497a810dffa0f81e4438a43a7f39af9a7ddd5
SSDEEP

6144:31AxzMSuyzjVp2G30JQcdcR9dftk7SwLa5:qxASuoVp2i0J1dCHYjO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_9891de088767ea7d24a1584c27a4abdb

Files

JaffaCakes118_9891de088767ea7d24a1584c27a4abdb
.exe windows:4 windows x86 arch:x86

8404e15353202f08118d73ecb4eb0e70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
WaitForMultipleObjects
GetModuleHandleW
GetVersionExW
MoveFileW
GetWindowsDirectoryW
lstrlenW
lstrcpynW
GetStartupInfoW
GetCurrentProcess
GetTimeFormatW
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
GetExitCodeProcess
SetErrorMode
IsBadReadPtr
RemoveDirectoryW
GetTempPathW
InitializeCriticalSection
CreateMutexW
GetCurrentProcessId
GetLocalTime
OpenEventW
LocalFree
Sleep
GetModuleFileNameW
LoadLibraryW
FreeLibrary
CreateDirectoryW
ExpandEnvironmentStringsA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoA
LoadLibraryA
GetFileAttributesW
GetVolumeInformationW
CreateEventW
GetLastError
SetEvent
GetDateFormatW
WaitForSingleObject
CreateMutexA
GetProcAddress
GetModuleHandleA

user32

GetForegroundWindow
wsprintfW
CharUpperW
EnableWindow
LoadBitmapA
GetTopWindow
SetDlgItemTextA
GetIconInfo
SetTimer
EndMenu
CharNextA
WinHelpW
GetClassInfoW
MessageBoxIndirectW
PostMessageA
MonitorFromPoint
GetDlgItemInt
UnregisterClassW
PostMessageW
CreateDialogParamW
SetFocus
LoadCursorA
IsMenu
InsertMenuItemA
RegisterClassExA
LoadMenuIndirectA
SetWindowTextA
GetDCEx
CharPrevW
RegisterClassW
SetWindowRgn
CreateMenu
RegisterClassExW
MessageBoxW

advapi32

RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
BuildExplicitAccessWithNameW
FreeSid
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
GetSecurityInfo
LookupPrivilegeValueW
CreateProcessAsUserW
EqualSid
GetTokenInformation
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
LookupAccountSidW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
StartServiceCtrlDispatcherW
RegisterEventSourceW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ShellExecuteW

winipsec

GetQMPolicy
DeleteMMPolicy

gdi32

AddFontResourceA
RemoveFontResourceExA
CreatePen
CreateColorSpaceW
GetTextExtentPointW
CreateBitmapIndirect
CreatePolygonRgn
CreateSolidBrush
UpdateICMRegKeyA

avifil32

DllGetClassObject
AVIFileExit
AVIClearClipboard
DllCanUnloadNow
AVIStreamOpenFromFileA
AVIStreamGetFrameOpen
EditStreamPaste
AVISaveVW
AVIFileWriteData

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.icode
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TX
Size: 100KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jbk
Size: 109KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8404e15353202f08118d73ecb4eb0e70

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

shell32

winipsec

gdi32

avifil32

Sections

CODE Size: 5KB - Virtual size: 5KB

.icode Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 12KB

.TX Size: 100KB - Virtual size: 183KB

.data Size: 5KB - Virtual size: 372KB

.jbk Size: 109KB - Virtual size: 203KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 4KB

CODE
Size: 5KB - Virtual size: 5KB

.icode
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 12KB

.TX
Size: 100KB - Virtual size: 183KB

.data
Size: 5KB - Virtual size: 372KB

.jbk
Size: 109KB - Virtual size: 203KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 4KB