JaffaCakes118_0645448d0dbf6acb1e2fd53551fdc171

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_0645448d0dbf6acb1e2fd53551fdc171
Size

261KB
MD5

0645448d0dbf6acb1e2fd53551fdc171
SHA1

a83154bfa1bcc881f50796a53feff49f37b7422f
SHA256

3da623b69838a6fb6ec2f16f6fb90d9e4faf4946e089fdaf2c188cedfcdb4e6a
SHA512

a7c7fcd93cde30da9e07fc377cb835a9973031c18d8be7fc2e2499c1d72bbd1be1b64efb52db18d9af09cc099c053eb97ee93364476391d4dce3e4999e3c5bb0
SSDEEP

6144:Z6ep3UIT8Oh5Ry9Sq3hUOZqLrKYqO2WRPE50HSXoCs:keke5A9ZCiqzPYp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0645448d0dbf6acb1e2fd53551fdc171

Files

JaffaCakes118_0645448d0dbf6acb1e2fd53551fdc171
.exe windows:5 windows x86 arch:x86

e0ec4eced8c716a70635fb8d8a372550

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetRectRgn
CreateRectRgn
CombineRgn
GetTextExtentExPointA
CreateRectRgnIndirect
CreateFontIndirectA
GetObjectA

ole32

CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString
CoInitialize
CLSIDFromProgID
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
StringFromCLSID
OleUninitialize
CoInitializeSecurity
CoFreeUnusedLibraries
CoInitializeEx
CoRegisterClassObject
StringFromGUID2
OleRun
CoRevokeClassObject

shlwapi

PathFindExtensionA

advapi32

OpenProcessToken
IsValidSid
GetSidLengthRequired
GetSecurityDescriptorControl
RegDeleteKeyA
MakeAbsoluteSD
GetSecurityDescriptorOwner
RegCreateKeyExA
GetLengthSid
GetSecurityDescriptorLength
RegQueryInfoKeyA
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegCloseKey
RegNotifyChangeKeyValue
GetSecurityDescriptorGroup
InitializeSid
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExA
CopySid
GetSidSubAuthority
EqualSid
RegQueryValueExA
MakeSelfRelativeSD
RegEnumKeyExA
RegDeleteValueA
GetTokenInformation

kernel32

FreeLibrary
WideCharToMultiByte
LoadResource
HeapSize
SetProcessWorkingSetSize
HeapAlloc
RemoveDirectoryA
SystemTimeToFileTime
GetTimeFormatA
GlobalUnlock
GlobalLock
FindResourceExA
CreateMutexA
SizeofResource
FindClose
OpenEventA
lstrlenW
OpenProcess
IsDBCSLeadByte
lstrcmpA
CreateEventA
ResetEvent
LocalAlloc
GetDateFormatA
GetThreadLocale
CreateThread
FormatMessageA
FileTimeToSystemTime
lstrcpyA
SetLastError
lstrcatA
lstrcmpiA
EnterCriticalSection
DeleteCriticalSection
ReleaseMutex
HeapFree
DeleteFileA
FindFirstFileA
LeaveCriticalSection
GetProcessHeap
lstrlenA
SetPriorityClass
GlobalAlloc
GetUserDefaultLangID
GetSystemTimeAsFileTime
WaitForMultipleObjects
WaitForSingleObject
GetACP
LocalFree
RaiseException
LoadLibraryExA
HeapReAlloc
FindNextFileA
lstrcpynA
FindResourceA
GetCurrentThreadId
LockResource
GetModuleHandleA
CloseHandle
HeapDestroy
GetStartupInfoA
VirtualAllocEx

user32

GetCursorPos
SetWindowsHookExA
SetMenuDefaultItem
GetDC
UnhookWindowsHookEx
SetForegroundWindow
DrawIconEx
LoadAcceleratorsA
RegisterWindowMessageA
DrawTextA
SetClipboardData
FindWindowA
DestroyIcon
LoadIconA
SetFocus
LoadMenuA
TrackPopupMenu
GetClientRect
GetWindowThreadProcessId
AttachThreadInput
GetForegroundWindow
PostMessageA
OpenClipboard
EmptyClipboard
MapDialogRect
IsWindow
SetWindowPos
GetSystemMetrics
IsZoomed
CharNextA
EnableWindow
UpdateWindow
CopyRect
GetSubMenu
GetWindowRect
TranslateAcceleratorA
GetParent
RemoveMenu
RedrawWindow
IsRectEmpty
PostQuitMessage
SendMessageA
SetWindowRgn
GetDesktopWindow
EnableMenuItem
InflateRect
CloseClipboard
ReleaseDC
CallNextHookEx
LoadImageA

oleaut32

SysFreeString
DispCallFunc
SysAllocString
VariantCopy
UnRegisterTypeLi
SysAllocStringByteLen
VariantClear
VariantInit
SysStringByteLen
GetErrorInfo
SysStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi

shell32

ShellExecuteA
Shell_NotifyIconA

winspool.drv

OpenPrinterW
AddJobW
GetJobW
AddPrinterDriverExW
EnumPrintProcessorsW
EXTDEVICEMODE
StartPagePrinter
GetPrinterDriverA
WritePrinter
DeletePrinterDataW
EnumFormsW
FindClosePrinterChangeNotification
SetDefaultPrinterW
SplDriverUnloadComplete
AddJobA
DevQueryPrintEx
AdvancedDocumentPropertiesW

serwvdrv

DriverProc
wodMessage

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.EYfagwj
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HVAynVO
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZUnfuks
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vRPL
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PuvCW
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oqMNh
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wujkxD
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oTtOMq
Size: 108KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 110KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IPCTRE
Size: 512B - Virtual size: 275B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sjAyJBS
Size: 1024B - Virtual size: 965B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NCZfskf
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0ec4eced8c716a70635fb8d8a372550

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

ole32

shlwapi

advapi32

kernel32

user32

oleaut32

shell32

winspool.drv

serwvdrv

Sections

.text Size: 20KB - Virtual size: 19KB

.EYfagwj Size: 1KB - Virtual size: 1KB

.HVAynVO Size: 512B - Virtual size: 270B

.ZUnfuks Size: 2KB - Virtual size: 1KB

.vRPL Size: 2KB - Virtual size: 1KB

.PuvCW Size: 1024B - Virtual size: 860B

.rdata Size: 5KB - Virtual size: 5KB

.oqMNh Size: 2KB - Virtual size: 2KB

.wujkxD Size: 2KB - Virtual size: 2KB

.oTtOMq Size: 108KB - Virtual size: 1.1MB

.data Size: 110KB - Virtual size: 1.6MB

.IPCTRE Size: 512B - Virtual size: 275B

.rsrc Size: 2KB - Virtual size: 1KB

.sjAyJBS Size: 1024B - Virtual size: 965B

.NCZfskf Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 19KB

.EYfagwj
Size: 1KB - Virtual size: 1KB

.HVAynVO
Size: 512B - Virtual size: 270B

.ZUnfuks
Size: 2KB - Virtual size: 1KB

.vRPL
Size: 2KB - Virtual size: 1KB

.PuvCW
Size: 1024B - Virtual size: 860B

.rdata
Size: 5KB - Virtual size: 5KB

.oqMNh
Size: 2KB - Virtual size: 2KB

.wujkxD
Size: 2KB - Virtual size: 2KB

.oTtOMq
Size: 108KB - Virtual size: 1.1MB

.data
Size: 110KB - Virtual size: 1.6MB

.IPCTRE
Size: 512B - Virtual size: 275B

.rsrc
Size: 2KB - Virtual size: 1KB

.sjAyJBS
Size: 1024B - Virtual size: 965B

.NCZfskf
Size: 1KB - Virtual size: 1KB