JaffaCakes118_2bda2e30fcedc92e1ed8d681728220a6

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_2bda2e30fcedc92e1ed8d681728220a6
Size

246KB
MD5

2bda2e30fcedc92e1ed8d681728220a6
SHA1

1ba4e9a79656b7cf82da9eb8018317525abfa878
SHA256

2575af3bfccb0d3508d31128b848a6a9a55897483b778499223e92378aea0f0d
SHA512

d5d6157024e33c5cf5a5b248e828b32d6a14c200f18fba12da835f8b19b6b1d318fca0d204db6b9b98421cd1a3a1a3826e72bd0a1c008a0e964ca8a9d8c4e270
SSDEEP

6144:H1AxzMSuyzjVp2G30JQcdcR9dftk7SwLa5:axASuoVp2i0J1dCHYjO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_2bda2e30fcedc92e1ed8d681728220a6

Files

JaffaCakes118_2bda2e30fcedc92e1ed8d681728220a6
.exe windows:4 windows x86 arch:x86

8404e15353202f08118d73ecb4eb0e70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
WaitForMultipleObjects
GetModuleHandleW
GetVersionExW
MoveFileW
GetWindowsDirectoryW
lstrlenW
lstrcpynW
GetStartupInfoW
GetCurrentProcess
GetTimeFormatW
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
GetExitCodeProcess
SetErrorMode
IsBadReadPtr
RemoveDirectoryW
GetTempPathW
InitializeCriticalSection
CreateMutexW
GetCurrentProcessId
GetLocalTime
OpenEventW
LocalFree
Sleep
GetModuleFileNameW
LoadLibraryW
FreeLibrary
CreateDirectoryW
ExpandEnvironmentStringsA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoA
LoadLibraryA
GetFileAttributesW
GetVolumeInformationW
CreateEventW
GetLastError
SetEvent
GetDateFormatW
WaitForSingleObject
CreateMutexA
GetProcAddress
GetModuleHandleA

user32

GetForegroundWindow
wsprintfW
CharUpperW
EnableWindow
LoadBitmapA
GetTopWindow
SetDlgItemTextA
GetIconInfo
SetTimer
EndMenu
CharNextA
WinHelpW
GetClassInfoW
MessageBoxIndirectW
PostMessageA
MonitorFromPoint
GetDlgItemInt
UnregisterClassW
PostMessageW
CreateDialogParamW
SetFocus
LoadCursorA
IsMenu
InsertMenuItemA
RegisterClassExA
LoadMenuIndirectA
SetWindowTextA
GetDCEx
CharPrevW
RegisterClassW
SetWindowRgn
CreateMenu
RegisterClassExW
MessageBoxW

advapi32

RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
BuildExplicitAccessWithNameW
FreeSid
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
GetSecurityInfo
LookupPrivilegeValueW
CreateProcessAsUserW
EqualSid
GetTokenInformation
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
LookupAccountSidW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
StartServiceCtrlDispatcherW
RegisterEventSourceW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ShellExecuteW

winipsec

GetQMPolicy
DeleteMMPolicy

gdi32

AddFontResourceA
RemoveFontResourceExA
CreatePen
CreateColorSpaceW
GetTextExtentPointW
CreateBitmapIndirect
CreatePolygonRgn
CreateSolidBrush
UpdateICMRegKeyA

avifil32

DllGetClassObject
AVIFileExit
AVIClearClipboard
DllCanUnloadNow
AVIStreamOpenFromFileA
AVIStreamGetFrameOpen
EditStreamPaste
AVISaveVW
AVIFileWriteData

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.icode
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TX
Size: 100KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jbk
Size: 109KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8404e15353202f08118d73ecb4eb0e70

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

shell32

winipsec

gdi32

avifil32

Sections

CODE Size: 5KB - Virtual size: 5KB

.icode Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 12KB

.TX Size: 100KB - Virtual size: 183KB

.data Size: 5KB - Virtual size: 372KB

.jbk Size: 109KB - Virtual size: 203KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 4KB

CODE
Size: 5KB - Virtual size: 5KB

.icode
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 12KB

.TX
Size: 100KB - Virtual size: 183KB

.data
Size: 5KB - Virtual size: 372KB

.jbk
Size: 109KB - Virtual size: 203KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 4KB