JaffaCakes118_1313efc5d064a053429745805d029191

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1313efc5d064a053429745805d029191
Size

316KB
MD5

1313efc5d064a053429745805d029191
SHA1

4b591df7cd126d06a113d154aeaa3bc37f995250
SHA256

0d392d2cd6fc51befe27328e80df15a8c1f7bbdfe99ce3ef0941663c3f29ce38
SHA512

c51b98c1586f38d2f4e13179e03225783ed40eaf42243d6d3defba17fb44fac9c0c091a10677b9f7c92ee1b010916cbe87df71e85d3f6c9c508335e3d2bc9c19
SSDEEP

6144:AP0AmFE3rXlFuwvmuayPEMPPx7AduK5JJcvHGiUHnXlY+8YVUA4fp7:e0BFQlFuwyMPJ7WBJJcv9ia+BVyJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_1313efc5d064a053429745805d029191

Files

JaffaCakes118_1313efc5d064a053429745805d029191
.exe windows:4 windows x86 arch:x86

a64e49e186fc8d3ab7353e6a6e936694

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueA
RegQueryInfoKeyW
CryptCreateHash
IsValidSecurityDescriptor
RegSetValueExA
RegQueryValueExA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
GetTokenInformation
RegOpenKeyExW
InitializeAcl
AddAccessAllowedAce
CryptAcquireContextA
RegEnumKeyExA
RegQueryInfoKeyA
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSidIdentifierAuthority
PrivilegeCheck
SetSecurityDescriptorOwner
AllocateAndInitializeSid
GetSidSubAuthorityCount
RegDeleteKeyA
SetSecurityDescriptorGroup
LookupPrivilegeValueW
CryptDestroyHash
RegDeleteValueA
SetSecurityDescriptorDacl
RegConnectRegistryW
GetUserNameW
CryptHashData
AccessCheck
CryptGetHashParam
OpenProcessToken
GetLengthSid
EqualSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateToken
CryptReleaseContext
RegQueryValueExW
AdjustTokenPrivileges
RegOpenKeyExA
FreeSid
GetSidSubAuthority
GetKernelObjectSecurity

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateGuid
CoCreateInstance
CoUninitialize
StringFromCLSID
CoWaitForMultipleHandles
CoReleaseMarshalData
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemFree
StringFromGUID2

oleaut32

SysFreeString
VariantChangeType
VariantInit
SysStringByteLen
VarBstrCmp
SysAllocStringByteLen
SysReAllocStringLen
VariantClear
VariantCopy
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysStringLen

user32

EnumWindows
SetDebugErrorLevel
PostThreadMessageW
LoadStringA
CharLowerBuffA
IsWindowVisible
GetWindowThreadProcessId
LoadStringW
CharNextA
GetWindowTextW
SetWindowLongW

shell32

CommandLineToArgvW

kernel32

GetThreadContext
SetErrorMode
LCMapStringW
EnterCriticalSection
GetThreadPriority
Process32Next
GetOverlappedResult
VirtualAlloc
LocalFree
FormatMessageA
VirtualFree
FindFirstFileW
ProcessIdToSessionId
VirtualProtectEx
IsDebuggerPresent
TransactNamedPipe
HeapDestroy
RaiseException
DuplicateHandle
SizeofResource
GetSystemDirectoryW
DeleteFileW
WaitForDebugEvent
GetComputerNameW
HeapAlloc
Process32First
CreateToolhelp32Snapshot
ReleaseMutex
ExpandEnvironmentStringsW
FindResourceW
GetModuleHandleA
TlsSetValue
LocalAlloc
LeaveCriticalSection
GetProcessAffinityMask
DeleteCriticalSection
LoadResource
GetModuleHandleW
ResetEvent
SuspendThread
SetUnhandledExceptionFilter
SwitchToThread
FindResourceA
TlsAlloc
WriteProcessMemory
GetThreadSelectorEntry
HeapSize
GetProcessHeap
ReadFile
FreeLibraryAndExitThread
CreateEventW
CreateEventA
GetCurrentThreadId
GetVolumeInformationW
GetFileInformationByHandle
UnmapViewOfFile
lstrcmpiA
CancelIo
DebugActiveProcess
CreateFileMappingW
GetSystemTimeAsFileTime
TlsGetValue
WaitNamedPipeW
TlsFree
FindResourceExW
GetFullPathNameW
MapViewOfFile
CreateProcessW
FreeEnvironmentStringsW
GetLongPathNameW
lstrlenW
CreateMutexW
FlushInstructionCache
SetThreadAffinityMask
ReadProcessMemory
VirtualQueryEx
FreeLibrary
OutputDebugStringW
CreateFileW
GetSystemInfo
CreateRemoteThread
GetCurrentDirectoryW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
LockResource
SetNamedPipeHandleState
SetThreadContext
GetFileSize
UnhandledExceptionFilter
FormatMessageW
QueryPerformanceFrequency
VirtualQuery
GetLogicalDrives
CreateThread
QueryDosDeviceW
SearchPathW
OpenProcess
GetWindowsDirectoryW
LoadLibraryExW
WideCharToMultiByte
SetFilePointer
CloseHandle
HeapReAlloc
SetLastError
lstrlenA
ResumeThread
GetFileTime
IsDBCSLeadByte
FindClose
OpenThread
CreateFileMappingA
SetHandleInformation
HeapFree
ContinueDebugEvent
IsValidCodePage
VirtualAllocEx

comctl32

CreateStatusWindow
ImageList_Write
InitCommonControlsEx
FlatSB_SetScrollInfo
ImageList_LoadImageA
ImageList_EndDrag
ImageList_Read
CreatePropertySheetPage
ImageList_SetBkColor

kbddv

KbdLayerDescriptor

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 27KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 185KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a64e49e186fc8d3ab7353e6a6e936694

Headers

File Characteristics

Imports

advapi32

ole32

oleaut32

user32

shell32

kernel32

comctl32

kbddv

Sections

.text Size: 17KB - Virtual size: 17KB

.bss Size: 27KB - Virtual size: 184KB

.reloc Size: 185KB - Virtual size: 458KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 58KB - Virtual size: 389KB

.rsrc Size: 21KB - Virtual size: 88KB

.text
Size: 17KB - Virtual size: 17KB

.bss
Size: 27KB - Virtual size: 184KB

.reloc
Size: 185KB - Virtual size: 458KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 58KB - Virtual size: 389KB

.rsrc
Size: 21KB - Virtual size: 88KB