011074ca299b3a05f8ff1839651d9d45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

011074ca299b3a05f8ff1839651d9d45_JaffaCakes118
Size

2.4MB
MD5

011074ca299b3a05f8ff1839651d9d45
SHA1

0dd5d8112dc4e85455b44d8515b769a50af04fad
SHA256

5e7930a0a24b7ac4b6b790b7fb635825ed805fad6ea714a07baf2f3c818def29
SHA512

eb3415e4865c106e1399e206b6bde2b867a1312e03480a1740d96502ee1d58f5c28c92d43fbe97a434158487336fdc866023129235233d08114a76966647db4f
SSDEEP

24576:mzXVav9MkHAqmT8x7XdCGSo7n2xlM9ZyCmyVmML2hcuzKPgssStPUvgn59FF96X1:mEv9Mgn1d3So72nMbzAhhKPgssSt2gFA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
011074ca299b3a05f8ff1839651d9d45_JaffaCakes118

Files

011074ca299b3a05f8ff1839651d9d45_JaffaCakes118
.exe windows:6 windows x86 arch:x86

a55b93daaf343f32295762e0b664aeea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

FileCoAuth.pdb

Imports

advapi32

RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
GetUserNameW
RegNotifyChangeKeyValue
TraceMessage
RegGetValueW
RegDeleteTreeW
RegSetKeyValueW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
GetTokenInformation
RegEnumKeyExW
CheckTokenMembership

kernel32

WaitForSingleObject
GetCommandLineW
DecodePointer
CloseHandle
RaiseException
GetLastError
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileAttributesW
GetLogicalDrives
GetVolumeInformationW
RemoveDirectoryW
DuplicateHandle
LocalFree
GetVersionExW
OpenProcess
TerminateProcess
CreateMutexW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
EncodePointer
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
WerRegisterFile
DebugBreak
LCIDToLocaleName
GetLocaleInfoW
GetDateFormatW
UnregisterApplicationRestart
RegisterApplicationRestart
SystemTimeToTzSpecificLocalTime
MoveFileWithProgressW
LoadLibraryW
FormatMessageW
WaitForMultipleObjects
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
QueueUserWorkItem
GetProductInfo
GetComputerNameExW
GetTickCount64
CreateProcessW
OpenEventW
OpenMutexW
SetLastError
ResetEvent
CreateEventW
Sleep
CreateThread
GetCurrentThreadId
GetProcAddress
GetModuleHandleW
GetModuleFileNameW

user32

NotifyWinEvent
SystemParametersInfoW
GetIconInfo
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
FindWindowW
GetProcessDefaultLayout
MessageBoxW
AdjustWindowRectEx
GetWindowRect
AllowSetForegroundWindow
SetForegroundWindow
SetMenuDefaultItem
TrackPopupMenu
DeleteMenu
RemoveMenu
ModifyMenuW
AppendMenuW
GetMenuItemCount
GetSubMenu
EnableMenuItem
GetMenuStringW
KillTimer
SetTimer
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EndDialog
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
GetDoubleClickTime
PostQuitMessage
SendMessageW
CharNextW
GetMessageW
CharUpperW
TranslateMessage
DispatchMessageW
PostThreadMessageW
PostMessageW
PeekMessageW
GetWindowThreadProcessId

msvcp120

?id@?$ctype@_W@std@@2V0locale@2@A
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_function_call@std@@YAXXZ
??1ios_base@std@@UAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
_Mtx_init
_Mtx_destroy
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_BADOFF@std@@3_JB
??_7ios_base@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ

msvcr120

_exit
_cexit
_configthreadlocale
__setusermatherr
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
free
memmove
wcscat_s
wcscpy_s
_initterm_e
_initterm
_wcmdln
_fmode
_commode
wcsncpy_s
_CxxThrowException
?terminate@@YAXXZ
_lock
_unlock
_calloc_crt
_vsnwprintf
__CxxFrameHandler3
memcpy
memset
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
_except_handler4_common
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
??1type_info@@UAE@XZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
ldiv
exit

ole32

CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoResumeClassObjects
CoCreateInstance
StringFromGUID2
CoAddRefServerProcess
CoUninitialize
CoReleaseServerProcess
CoTaskMemFree
CoInitializeSecurity
CoAllowSetForegroundWindow
CreateItemMoniker
GetRunningObjectTable
CoGetObject

oleaut32

SafeArrayUnaccessData
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysStringLen
SysFreeString
SysAllocString
SafeArrayAccessData

loggingplatform

?LoggingWriteStructuredEvent@@YGXPBDI0ABU_GUID@@IIIQAUStructuredEventParameter@@@Z
?LoggingRotateIfNeeded@@YGXXZ
?StripPrivateInfoFromString@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z
?LoggingInitializeForExternalComponent@@YGJPB_W00@Z

shell32

SHAppBarMessage
ShellExecuteW
SHChangeNotify
SHBrowseForFolderW
SHSetKnownFolderPath
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetKnownFolderPath
SHCreateDirectoryExW
Shell_NotifyIconW
SHGetFolderPathAndSubDirW
AssocCreateForClasses
SHGetPathFromIDListW

shlwapi

SHCreateStreamOnFileEx
SHCreateStreamOnFileW
AssocCreate
SHRegGetBoolUSValueW
SHRegSetUSValueW
SHRegGetUSValueW
SHRegCloseUSKey
SHRegCreateUSKeyW
SHDeleteValueW
SHDeleteKeyW
UrlEscapeW
PathIsDirectoryEmptyW
PathFindFileNameW
PathIsPrefixW
PathFileExistsW
PathRemoveFileSpecW

telemetry

?RecordFailedAssert@QoS@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00I0_N@Z

dwmapi

DwmIsCompositionEnabled
DwmSetWindowAttribute

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetSetCookieExW

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a55b93daaf343f32295762e0b664aeea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcp120

msvcr120

ole32

oleaut32

loggingplatform

shell32

shlwapi

telemetry

dwmapi

version

wininet

Sections

.text Size: 74KB - Virtual size: 74KB

.data Size: 3KB - Virtual size: 6KB

.idata Size: 10KB - Virtual size: 10KB

.rsrc Size: 56KB - Virtual size: 56KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 74KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 6KB

.idata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 56KB - Virtual size: 56KB

.reloc
Size: 6KB - Virtual size: 5KB