JaffaCakes118_756aec5509b95577259e9c016881bd9a

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_756aec5509b95577259e9c016881bd9a
Size

285KB
MD5

756aec5509b95577259e9c016881bd9a
SHA1

cc3f29769c81c92ef1edac86abb8a8f969fbbf4c
SHA256

2373611acacf6510bf1f3044cf2a9da09dbfe3ac5d2838b76281e13aa2ce23e5
SHA512

e7acbfb47e20b31dbdd987f04f7323b89230e90f1ea9fd5a03ee9e441659e86ece93e2a837ed43e6040600049766607300fa96d4e8ddd5d454e8d7fd239886a8
SSDEEP

6144:3BDRVJg282E2hz8XZgoGEyqMkf7l0FK/Uf:31RVJ9EwgX1mqMkTlQdf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_756aec5509b95577259e9c016881bd9a

Files

JaffaCakes118_756aec5509b95577259e9c016881bd9a
.exe windows:4 windows x86 arch:x86

d171201f61a083daad07d9a926b392d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsRelativeW
PathIsRootW
PathSkipRootW
PathRenameExtensionW
PathFindFileNameW
PathAppendW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW
PathCanonicalizeW
PathRemoveBackslashW
PathFindExtensionW
PathIsDirectoryW
PathRelativePathToW
PathStripToRootW
PathIsURLW
PathStripPathW
PathCombineW

shell32

SHGetFolderPathW
SHFileOperationW
SHGetFileInfoW

rpcrt4

NdrOleAllocate
CStdStubBuffer_CountRefs
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
CStdStubBuffer_Disconnect
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerRelease
NdrOleFree
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_QueryInterface

advapi32

RegCreateKeyExW
RegOpenKeyExA
RevertToSelf
RegQueryValueExW
AccessCheck
RegCloseKey
RegSetValueExW
RegOpenKeyExW
GetUserNameW
GetFileSecurityW
OpenThreadToken
ImpersonateSelf

ole32

CoWaitForMultipleHandles
CLSIDFromString
CreateStreamOnHGlobal
CoCreateGuid
CoRegisterClassObject
CoUninitialize
CoInitializeEx
ReadClassStm
CoCreateFreeThreadedMarshaler
StringFromCLSID
CoRegisterPSClsid
CoRevokeClassObject
StringFromGUID2
CLSIDFromProgID
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

kernel32

GetCurrentDirectoryW
SetEnvironmentVariableW
TlsAlloc
CreateFileMappingW
FindNextFileW
WaitForSingleObject
LeaveCriticalSection
GetComputerNameW
GetFileAttributesExW
LoadResource
lstrlenA
WriteFile
GetFileTime
GetProcessHeap
InterlockedPushEntrySList
DebugBreak
FindClose
ResumeThread
FindFirstFileW
GetSystemTime
CompareFileTime
FindResourceExW
UnmapViewOfFile
HeapDestroy
CompareStringW
SleepEx
GetFileSize
CreateFileW
UnlockFile
GetVolumeInformationW
MapViewOfFile
VirtualFree
SetCurrentDirectoryW
ReadFile
VirtualProtect
CreateProcessW
SetLastError
FlushFileBuffers
lstrcmpW
LocalAlloc
HeapReAlloc
WideCharToMultiByte
lstrcmpiW
AllocConsole
TlsFree
LockFile
SetThreadPriority
SearchPathW
FindResourceW
CreateEventW
LocalFree
DeleteFileW
FlushInstructionCache
GetFileType
SizeofResource
VirtualQuery
RaiseException
HeapFree
GlobalUnlock
LoadLibraryExW
WaitForMultipleObjects
lstrlenW
SetFilePointer
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime
SetThreadContext
GlobalLock
CloseHandle
VirtualAlloc
EnterCriticalSection
GetDriveTypeW
GetFullPathNameW
FreeLibrary
OutputDebugStringW
TlsSetValue
DeleteCriticalSection
FormatMessageW
SwitchToThread
CreateThread
FindAtomW
TryEnterCriticalSection
TlsGetValue
IsValidCodePage
IsDebuggerPresent
CreateDirectoryW
InterlockedPopEntrySList
GetModuleHandleW
DuplicateHandle
OpenProcess
HeapAlloc
IsProcessorFeaturePresent
SuspendThread
GetSystemInfo
GetACP
GetCurrentThreadId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
UnhandledExceptionFilter
LockResource
CreateFileA
SetEndOfFile
GetThreadContext
QueryPerformanceFrequency
ResetEvent
HeapSize
SetFileAttributesW
VirtualAllocEx

gdi32

GetObjectW

oleaut32

BSTR_UserMarshal
SafeArrayAccessData
SafeArrayGetVartype
VarCmp
DispCallFunc
SysFreeString
OleCreatePictureIndirect
BSTR_UserFree
SafeArrayLock
GetErrorInfo
LoadRegTypeLi
LoadTypeLi
SafeArrayUnlock
RegisterTypeLi
SysAllocString
VarBstrCmp
SysAllocStringByteLen
SafeArrayCreate
VariantCopy
SafeArrayGetDim
SysAllocStringLen
VariantInit
BSTR_UserUnmarshal
SysStringLen
UnRegisterTypeLi
SafeArrayUnaccessData
BSTR_UserSize
VariantChangeType
SysStringByteLen
SysReAllocStringLen
VariantClear
SafeArrayPutElement
VarBstrCat
SafeArrayCopy
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound

user32

TranslateMessage
GetClientRect
IsCharAlphaNumericW
MessageBeep
RegisterClipboardFormatW
MonitorFromWindow
GetLastInputInfo
SetWindowLongW
GetMessageTime
LoadImageW
CharNextW
LoadBitmapW
UnhookWindowsHookEx
SetWindowsHookExW
EndDialog
PeekMessageW
SetWindowTextW
GetWindowRect
CallNextHookEx
DialogBoxIndirectParamW
MapWindowPoints
IsCharAlphaW
ShowWindow
LoadCursorW
SetCursor
GetWindowLongW
IsCharUpperW
GetParent
GetCursorPos
GetWindow
UnregisterClassA
DestroyIcon
CharLowerW
GetDlgItem
DispatchMessageW
SetParent
SendDlgItemMessageW
MessageBoxW
PostMessageW
GetMonitorInfoW
IsCharLowerW
GetKeyState
CharLowerBuffW
SetWindowPos

comctl32

ImageList_Create
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_Merge
ImageList_Duplicate
ImageList_Destroy
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_LoadImageW
CreateStatusWindow
GetMUILanguage
ImageList_Add
ImageList_SetOverlayImage
ImageList_GetImageRect
ImageList_GetBkColor
FlatSB_ShowScrollBar
FlatSB_SetScrollRange
ImageList_LoadImageA
CreatePropertySheetPage

msyuv

DriverProc

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 38KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 172KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d171201f61a083daad07d9a926b392d3

Headers

File Characteristics

Imports

shlwapi

shell32

rpcrt4

advapi32

ole32

kernel32

gdi32

oleaut32

user32

comctl32

msyuv

Sections

.text Size: 25KB - Virtual size: 24KB

.bss Size: 38KB - Virtual size: 155KB

.reloc Size: 172KB - Virtual size: 336KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 40KB - Virtual size: 708KB

.rsrc Size: 1024B - Virtual size: 5KB

.text
Size: 25KB - Virtual size: 24KB

.bss
Size: 38KB - Virtual size: 155KB

.reloc
Size: 172KB - Virtual size: 336KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 40KB - Virtual size: 708KB

.rsrc
Size: 1024B - Virtual size: 5KB