JaffaCakes118_f22ab6d457f38b51f0f4683d89856925

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_f22ab6d457f38b51f0f4683d89856925
Size

261KB
MD5

f22ab6d457f38b51f0f4683d89856925
SHA1

38da7aea3de4fe943c74017dbba477e2aa553815
SHA256

a4285334827d365f0a21d3b7796949526b48ee8a138fe984b28e3d0c266e50a6
SHA512

69bb2b3acfb90d20843f01cdd8a91b844e6a7bea6cbb2477a0fdf68ace12645437e1cef33d000033f8b806251b0a0f299eff52def98c7964f3ba7f2cabf812d2
SSDEEP

6144:/6ep3UIT8Oh5Ry9Sq3hUOZqLrKYqO2WRPE50HSXoCs:yeke5A9ZCiqzPYp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_f22ab6d457f38b51f0f4683d89856925

Files

JaffaCakes118_f22ab6d457f38b51f0f4683d89856925
.exe windows:5 windows x86 arch:x86

e0ec4eced8c716a70635fb8d8a372550

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetRectRgn
CreateRectRgn
CombineRgn
GetTextExtentExPointA
CreateRectRgnIndirect
CreateFontIndirectA
GetObjectA

ole32

CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString
CoInitialize
CLSIDFromProgID
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
StringFromCLSID
OleUninitialize
CoInitializeSecurity
CoFreeUnusedLibraries
CoInitializeEx
CoRegisterClassObject
StringFromGUID2
OleRun
CoRevokeClassObject

shlwapi

PathFindExtensionA

advapi32

OpenProcessToken
IsValidSid
GetSidLengthRequired
GetSecurityDescriptorControl
RegDeleteKeyA
MakeAbsoluteSD
GetSecurityDescriptorOwner
RegCreateKeyExA
GetLengthSid
GetSecurityDescriptorLength
RegQueryInfoKeyA
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegCloseKey
RegNotifyChangeKeyValue
GetSecurityDescriptorGroup
InitializeSid
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExA
CopySid
GetSidSubAuthority
EqualSid
RegQueryValueExA
MakeSelfRelativeSD
RegEnumKeyExA
RegDeleteValueA
GetTokenInformation

kernel32

FreeLibrary
WideCharToMultiByte
LoadResource
HeapSize
SetProcessWorkingSetSize
HeapAlloc
RemoveDirectoryA
SystemTimeToFileTime
GetTimeFormatA
GlobalUnlock
GlobalLock
FindResourceExA
CreateMutexA
SizeofResource
FindClose
OpenEventA
lstrlenW
OpenProcess
IsDBCSLeadByte
lstrcmpA
CreateEventA
ResetEvent
LocalAlloc
GetDateFormatA
GetThreadLocale
CreateThread
FormatMessageA
FileTimeToSystemTime
lstrcpyA
SetLastError
lstrcatA
lstrcmpiA
EnterCriticalSection
DeleteCriticalSection
ReleaseMutex
HeapFree
DeleteFileA
FindFirstFileA
LeaveCriticalSection
GetProcessHeap
lstrlenA
SetPriorityClass
GlobalAlloc
GetUserDefaultLangID
GetSystemTimeAsFileTime
WaitForMultipleObjects
WaitForSingleObject
GetACP
LocalFree
RaiseException
LoadLibraryExA
HeapReAlloc
FindNextFileA
lstrcpynA
FindResourceA
GetCurrentThreadId
LockResource
GetModuleHandleA
CloseHandle
HeapDestroy
GetStartupInfoA
VirtualAllocEx

user32

GetCursorPos
SetWindowsHookExA
SetMenuDefaultItem
GetDC
UnhookWindowsHookEx
SetForegroundWindow
DrawIconEx
LoadAcceleratorsA
RegisterWindowMessageA
DrawTextA
SetClipboardData
FindWindowA
DestroyIcon
LoadIconA
SetFocus
LoadMenuA
TrackPopupMenu
GetClientRect
GetWindowThreadProcessId
AttachThreadInput
GetForegroundWindow
PostMessageA
OpenClipboard
EmptyClipboard
MapDialogRect
IsWindow
SetWindowPos
GetSystemMetrics
IsZoomed
CharNextA
EnableWindow
UpdateWindow
CopyRect
GetSubMenu
GetWindowRect
TranslateAcceleratorA
GetParent
RemoveMenu
RedrawWindow
IsRectEmpty
PostQuitMessage
SendMessageA
SetWindowRgn
GetDesktopWindow
EnableMenuItem
InflateRect
CloseClipboard
ReleaseDC
CallNextHookEx
LoadImageA

oleaut32

SysFreeString
DispCallFunc
SysAllocString
VariantCopy
UnRegisterTypeLi
SysAllocStringByteLen
VariantClear
VariantInit
SysStringByteLen
GetErrorInfo
SysStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi

shell32

ShellExecuteA
Shell_NotifyIconA

winspool.drv

OpenPrinterW
AddJobW
GetJobW
AddPrinterDriverExW
EnumPrintProcessorsW
EXTDEVICEMODE
StartPagePrinter
GetPrinterDriverA
WritePrinter
DeletePrinterDataW
EnumFormsW
FindClosePrinterChangeNotification
SetDefaultPrinterW
SplDriverUnloadComplete
AddJobA
DevQueryPrintEx
AdvancedDocumentPropertiesW

serwvdrv

DriverProc
wodMessage

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.EYfagwj
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HVAynVO
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZUnfuks
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vRPL
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PuvCW
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oqMNh
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wujkxD
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oTtOMq
Size: 108KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 110KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IPCTRE
Size: 512B - Virtual size: 275B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sjAyJBS
Size: 1024B - Virtual size: 965B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NCZfskf
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0ec4eced8c716a70635fb8d8a372550

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

ole32

shlwapi

advapi32

kernel32

user32

oleaut32

shell32

winspool.drv

serwvdrv

Sections

.text Size: 20KB - Virtual size: 19KB

.EYfagwj Size: 1KB - Virtual size: 1KB

.HVAynVO Size: 512B - Virtual size: 270B

.ZUnfuks Size: 2KB - Virtual size: 1KB

.vRPL Size: 2KB - Virtual size: 1KB

.PuvCW Size: 1024B - Virtual size: 860B

.rdata Size: 5KB - Virtual size: 5KB

.oqMNh Size: 2KB - Virtual size: 2KB

.wujkxD Size: 2KB - Virtual size: 2KB

.oTtOMq Size: 108KB - Virtual size: 1.1MB

.data Size: 110KB - Virtual size: 1.6MB

.IPCTRE Size: 512B - Virtual size: 275B

.rsrc Size: 2KB - Virtual size: 1KB

.sjAyJBS Size: 1024B - Virtual size: 965B

.NCZfskf Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 19KB

.EYfagwj
Size: 1KB - Virtual size: 1KB

.HVAynVO
Size: 512B - Virtual size: 270B

.ZUnfuks
Size: 2KB - Virtual size: 1KB

.vRPL
Size: 2KB - Virtual size: 1KB

.PuvCW
Size: 1024B - Virtual size: 860B

.rdata
Size: 5KB - Virtual size: 5KB

.oqMNh
Size: 2KB - Virtual size: 2KB

.wujkxD
Size: 2KB - Virtual size: 2KB

.oTtOMq
Size: 108KB - Virtual size: 1.1MB

.data
Size: 110KB - Virtual size: 1.6MB

.IPCTRE
Size: 512B - Virtual size: 275B

.rsrc
Size: 2KB - Virtual size: 1KB

.sjAyJBS
Size: 1024B - Virtual size: 965B

.NCZfskf
Size: 1KB - Virtual size: 1KB