JaffaCakes118_7e6c20d36410a2e72e37da83457c4df1

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7e6c20d36410a2e72e37da83457c4df1
Size

285KB
MD5

7e6c20d36410a2e72e37da83457c4df1
SHA1

3f386ab1986f88210add37f4819e39014d65b906
SHA256

24f2a987c8e61d9aa66d50f9e627b908478bb547ef90d277afdd9458e22d7bc2
SHA512

113539263601c1dd5d2146182d6e6b0a653ba026c2f0779d510e2cef61a15c1f1f9dd1475680d4012d3cb2a1c160314508e146a4ccccf913ac11f997ef6eb692
SSDEEP

6144:5BDRVJg282E2hz8XZgoGEyqMkf7l0FK/Uf:51RVJ9EwgX1mqMkTlQdf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7e6c20d36410a2e72e37da83457c4df1

Files

JaffaCakes118_7e6c20d36410a2e72e37da83457c4df1
.exe windows:4 windows x86 arch:x86

d171201f61a083daad07d9a926b392d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsRelativeW
PathIsRootW
PathSkipRootW
PathRenameExtensionW
PathFindFileNameW
PathAppendW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW
PathCanonicalizeW
PathRemoveBackslashW
PathFindExtensionW
PathIsDirectoryW
PathRelativePathToW
PathStripToRootW
PathIsURLW
PathStripPathW
PathCombineW

shell32

SHGetFolderPathW
SHFileOperationW
SHGetFileInfoW

rpcrt4

NdrOleAllocate
CStdStubBuffer_CountRefs
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
CStdStubBuffer_Disconnect
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerRelease
NdrOleFree
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_QueryInterface

advapi32

RegCreateKeyExW
RegOpenKeyExA
RevertToSelf
RegQueryValueExW
AccessCheck
RegCloseKey
RegSetValueExW
RegOpenKeyExW
GetUserNameW
GetFileSecurityW
OpenThreadToken
ImpersonateSelf

ole32

CoWaitForMultipleHandles
CLSIDFromString
CreateStreamOnHGlobal
CoCreateGuid
CoRegisterClassObject
CoUninitialize
CoInitializeEx
ReadClassStm
CoCreateFreeThreadedMarshaler
StringFromCLSID
CoRegisterPSClsid
CoRevokeClassObject
StringFromGUID2
CLSIDFromProgID
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

kernel32

GetCurrentDirectoryW
SetEnvironmentVariableW
TlsAlloc
CreateFileMappingW
FindNextFileW
WaitForSingleObject
LeaveCriticalSection
GetComputerNameW
GetFileAttributesExW
LoadResource
lstrlenA
WriteFile
GetFileTime
GetProcessHeap
InterlockedPushEntrySList
DebugBreak
FindClose
ResumeThread
FindFirstFileW
GetSystemTime
CompareFileTime
FindResourceExW
UnmapViewOfFile
HeapDestroy
CompareStringW
SleepEx
GetFileSize
CreateFileW
UnlockFile
GetVolumeInformationW
MapViewOfFile
VirtualFree
SetCurrentDirectoryW
ReadFile
VirtualProtect
CreateProcessW
SetLastError
FlushFileBuffers
lstrcmpW
LocalAlloc
HeapReAlloc
WideCharToMultiByte
lstrcmpiW
AllocConsole
TlsFree
LockFile
SetThreadPriority
SearchPathW
FindResourceW
CreateEventW
LocalFree
DeleteFileW
FlushInstructionCache
GetFileType
SizeofResource
VirtualQuery
RaiseException
HeapFree
GlobalUnlock
LoadLibraryExW
WaitForMultipleObjects
lstrlenW
SetFilePointer
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime
SetThreadContext
GlobalLock
CloseHandle
VirtualAlloc
EnterCriticalSection
GetDriveTypeW
GetFullPathNameW
FreeLibrary
OutputDebugStringW
TlsSetValue
DeleteCriticalSection
FormatMessageW
SwitchToThread
CreateThread
FindAtomW
TryEnterCriticalSection
TlsGetValue
IsValidCodePage
IsDebuggerPresent
CreateDirectoryW
InterlockedPopEntrySList
GetModuleHandleW
DuplicateHandle
OpenProcess
HeapAlloc
IsProcessorFeaturePresent
SuspendThread
GetSystemInfo
GetACP
GetCurrentThreadId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
UnhandledExceptionFilter
LockResource
CreateFileA
SetEndOfFile
GetThreadContext
QueryPerformanceFrequency
ResetEvent
HeapSize
SetFileAttributesW
VirtualAllocEx

gdi32

GetObjectW

oleaut32

BSTR_UserMarshal
SafeArrayAccessData
SafeArrayGetVartype
VarCmp
DispCallFunc
SysFreeString
OleCreatePictureIndirect
BSTR_UserFree
SafeArrayLock
GetErrorInfo
LoadRegTypeLi
LoadTypeLi
SafeArrayUnlock
RegisterTypeLi
SysAllocString
VarBstrCmp
SysAllocStringByteLen
SafeArrayCreate
VariantCopy
SafeArrayGetDim
SysAllocStringLen
VariantInit
BSTR_UserUnmarshal
SysStringLen
UnRegisterTypeLi
SafeArrayUnaccessData
BSTR_UserSize
VariantChangeType
SysStringByteLen
SysReAllocStringLen
VariantClear
SafeArrayPutElement
VarBstrCat
SafeArrayCopy
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound

user32

TranslateMessage
GetClientRect
IsCharAlphaNumericW
MessageBeep
RegisterClipboardFormatW
MonitorFromWindow
GetLastInputInfo
SetWindowLongW
GetMessageTime
LoadImageW
CharNextW
LoadBitmapW
UnhookWindowsHookEx
SetWindowsHookExW
EndDialog
PeekMessageW
SetWindowTextW
GetWindowRect
CallNextHookEx
DialogBoxIndirectParamW
MapWindowPoints
IsCharAlphaW
ShowWindow
LoadCursorW
SetCursor
GetWindowLongW
IsCharUpperW
GetParent
GetCursorPos
GetWindow
UnregisterClassA
DestroyIcon
CharLowerW
GetDlgItem
DispatchMessageW
SetParent
SendDlgItemMessageW
MessageBoxW
PostMessageW
GetMonitorInfoW
IsCharLowerW
GetKeyState
CharLowerBuffW
SetWindowPos

comctl32

ImageList_Create
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_Merge
ImageList_Duplicate
ImageList_Destroy
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_LoadImageW
CreateStatusWindow
GetMUILanguage
ImageList_Add
ImageList_SetOverlayImage
ImageList_GetImageRect
ImageList_GetBkColor
FlatSB_ShowScrollBar
FlatSB_SetScrollRange
ImageList_LoadImageA
CreatePropertySheetPage

msyuv

DriverProc

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 38KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 172KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d171201f61a083daad07d9a926b392d3

Headers

File Characteristics

Imports

shlwapi

shell32

rpcrt4

advapi32

ole32

kernel32

gdi32

oleaut32

user32

comctl32

msyuv

Sections

.text Size: 25KB - Virtual size: 24KB

.bss Size: 38KB - Virtual size: 155KB

.reloc Size: 172KB - Virtual size: 336KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 40KB - Virtual size: 708KB

.rsrc Size: 1024B - Virtual size: 5KB

.text
Size: 25KB - Virtual size: 24KB

.bss
Size: 38KB - Virtual size: 155KB

.reloc
Size: 172KB - Virtual size: 336KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 40KB - Virtual size: 708KB

.rsrc
Size: 1024B - Virtual size: 5KB