JaffaCakes118_268f3c9a2029aa91f5dbbc3ca2f1af94

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_268f3c9a2029aa91f5dbbc3ca2f1af94
Size

316KB
MD5

268f3c9a2029aa91f5dbbc3ca2f1af94
SHA1

4b7e4d5308111272aa9e965f6550931ec1b01019
SHA256

fd080ee78e677282a82d909b29f15b9e76cfe3f17693bcabd0440570bfad3502
SHA512

8f48fcc8a5f818559c51b91e69e4be074b7676d48fbd38785094725bceb5aa03a02fa08d50dc51cb9cf72adc74e88e0751bb6800dad8275bc671f0d8564e390d
SSDEEP

6144:nP0AmFE3rXlFuwvmuayPEMPPx7AduK5JJcvHGiUHnXlY+8YVUA4fp7:P0BFQlFuwyMPJ7WBJJcv9ia+BVyJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_268f3c9a2029aa91f5dbbc3ca2f1af94

Files

JaffaCakes118_268f3c9a2029aa91f5dbbc3ca2f1af94
.exe windows:4 windows x86 arch:x86

a64e49e186fc8d3ab7353e6a6e936694

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueA
RegQueryInfoKeyW
CryptCreateHash
IsValidSecurityDescriptor
RegSetValueExA
RegQueryValueExA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
GetTokenInformation
RegOpenKeyExW
InitializeAcl
AddAccessAllowedAce
CryptAcquireContextA
RegEnumKeyExA
RegQueryInfoKeyA
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSidIdentifierAuthority
PrivilegeCheck
SetSecurityDescriptorOwner
AllocateAndInitializeSid
GetSidSubAuthorityCount
RegDeleteKeyA
SetSecurityDescriptorGroup
LookupPrivilegeValueW
CryptDestroyHash
RegDeleteValueA
SetSecurityDescriptorDacl
RegConnectRegistryW
GetUserNameW
CryptHashData
AccessCheck
CryptGetHashParam
OpenProcessToken
GetLengthSid
EqualSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateToken
CryptReleaseContext
RegQueryValueExW
AdjustTokenPrivileges
RegOpenKeyExA
FreeSid
GetSidSubAuthority
GetKernelObjectSecurity

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateGuid
CoCreateInstance
CoUninitialize
StringFromCLSID
CoWaitForMultipleHandles
CoReleaseMarshalData
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemFree
StringFromGUID2

oleaut32

SysFreeString
VariantChangeType
VariantInit
SysStringByteLen
VarBstrCmp
SysAllocStringByteLen
SysReAllocStringLen
VariantClear
VariantCopy
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysStringLen

user32

EnumWindows
SetDebugErrorLevel
PostThreadMessageW
LoadStringA
CharLowerBuffA
IsWindowVisible
GetWindowThreadProcessId
LoadStringW
CharNextA
GetWindowTextW
SetWindowLongW

shell32

CommandLineToArgvW

kernel32

GetThreadContext
SetErrorMode
LCMapStringW
EnterCriticalSection
GetThreadPriority
Process32Next
GetOverlappedResult
VirtualAlloc
LocalFree
FormatMessageA
VirtualFree
FindFirstFileW
ProcessIdToSessionId
VirtualProtectEx
IsDebuggerPresent
TransactNamedPipe
HeapDestroy
RaiseException
DuplicateHandle
SizeofResource
GetSystemDirectoryW
DeleteFileW
WaitForDebugEvent
GetComputerNameW
HeapAlloc
Process32First
CreateToolhelp32Snapshot
ReleaseMutex
ExpandEnvironmentStringsW
FindResourceW
GetModuleHandleA
TlsSetValue
LocalAlloc
LeaveCriticalSection
GetProcessAffinityMask
DeleteCriticalSection
LoadResource
GetModuleHandleW
ResetEvent
SuspendThread
SetUnhandledExceptionFilter
SwitchToThread
FindResourceA
TlsAlloc
WriteProcessMemory
GetThreadSelectorEntry
HeapSize
GetProcessHeap
ReadFile
FreeLibraryAndExitThread
CreateEventW
CreateEventA
GetCurrentThreadId
GetVolumeInformationW
GetFileInformationByHandle
UnmapViewOfFile
lstrcmpiA
CancelIo
DebugActiveProcess
CreateFileMappingW
GetSystemTimeAsFileTime
TlsGetValue
WaitNamedPipeW
TlsFree
FindResourceExW
GetFullPathNameW
MapViewOfFile
CreateProcessW
FreeEnvironmentStringsW
GetLongPathNameW
lstrlenW
CreateMutexW
FlushInstructionCache
SetThreadAffinityMask
ReadProcessMemory
VirtualQueryEx
FreeLibrary
OutputDebugStringW
CreateFileW
GetSystemInfo
CreateRemoteThread
GetCurrentDirectoryW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
LockResource
SetNamedPipeHandleState
SetThreadContext
GetFileSize
UnhandledExceptionFilter
FormatMessageW
QueryPerformanceFrequency
VirtualQuery
GetLogicalDrives
CreateThread
QueryDosDeviceW
SearchPathW
OpenProcess
GetWindowsDirectoryW
LoadLibraryExW
WideCharToMultiByte
SetFilePointer
CloseHandle
HeapReAlloc
SetLastError
lstrlenA
ResumeThread
GetFileTime
IsDBCSLeadByte
FindClose
OpenThread
CreateFileMappingA
SetHandleInformation
HeapFree
ContinueDebugEvent
IsValidCodePage
VirtualAllocEx

comctl32

CreateStatusWindow
ImageList_Write
InitCommonControlsEx
FlatSB_SetScrollInfo
ImageList_LoadImageA
ImageList_EndDrag
ImageList_Read
CreatePropertySheetPage
ImageList_SetBkColor

kbddv

KbdLayerDescriptor

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 27KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 185KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a64e49e186fc8d3ab7353e6a6e936694

Headers

File Characteristics

Imports

advapi32

ole32

oleaut32

user32

shell32

kernel32

comctl32

kbddv

Sections

.text Size: 17KB - Virtual size: 17KB

.bss Size: 27KB - Virtual size: 184KB

.reloc Size: 185KB - Virtual size: 458KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 58KB - Virtual size: 389KB

.rsrc Size: 21KB - Virtual size: 88KB

.text
Size: 17KB - Virtual size: 17KB

.bss
Size: 27KB - Virtual size: 184KB

.reloc
Size: 185KB - Virtual size: 458KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 58KB - Virtual size: 389KB

.rsrc
Size: 21KB - Virtual size: 88KB