f31c86280f1731c0d69ea33692c1197f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f31c86280f1731c0d69ea33692c1197f_JaffaCakes118
Size

300KB
MD5

f31c86280f1731c0d69ea33692c1197f
SHA1

3d06e7cdad60729ff8bc1f1e300bc0d07d3e8730
SHA256

86339823d63cd7202cb9d32ad914cd8983a72af8d74a4acc41b1ad2d8a8619ac
SHA512

daef10e0fccd2a7584a1767f4973a00c026531259b7d72813961dd28edd7e9e7df2cf0667b20897af41b6f594da47d9dad4c0b6ee9d93e1ff6a47a37e21740fe
SSDEEP

6144:iZ5yZCwIxtn9jcSiUqlENL4+M+3Mkw3T47qMK799WrMurIFJYp:iXjed+M0MkwvRRcAurDp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f31c86280f1731c0d69ea33692c1197f_JaffaCakes118

Files

f31c86280f1731c0d69ea33692c1197f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

19ddc8579400979fed7d0bf8488192aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreateEvent
RtlDestroyHeap
NtDuplicateObject
RtlAppendUnicodeToString
NtQueryAttributesFile
RtlSetSaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlInsertElementGenericTable
wcscat
RtlSystemTimeToLocalTime
RtlExtendedLargeIntegerDivide
RtlAllocateAndInitializeSid
wcsstr
RtlCompareMemory
RtlGetDaclSecurityDescriptor
RtlDosPathNameToNtPathName_U
qsort
RtlAllocateHeap
NtQueryKey
RtlInitializeCriticalSectionAndSpinCount
NtUnmapViewOfSection
RtlCreateSecurityDescriptor
NtQuerySecurityObject
NtSetValueKey
RtlQueryRegistryValues
wcscmp
RtlFreeAnsiString
RtlFormatCurrentUserKeyPath
RtlFreeSid
NtQueryObject
RtlIntegerToUnicodeString

rpcrt4

RpcBindingFromStringBindingW
UuidToStringW
RpcBindingSetAuthInfoW
RpcBindingFree
CStdStubBuffer_CountRefs
NdrOleAllocate
CStdStubBuffer_Connect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerQueryInterface
NdrDllGetClassObject
RpcRaiseException
NdrOleFree
RpcBindingToStringBindingW
RpcServerUnregisterIf
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_AddRef
RpcServerInqBindings
NdrClientCall2
CStdStubBuffer_Invoke
UuidCreate
NdrStubForwardingFunction
RpcServerUseProtseqEpW
RpcStringFreeA
RpcStringFreeW
RpcServerRegisterIfEx
NdrDllUnregisterProxy
RpcBindingSetAuthInfoExW

user32

PeekMessageW
GetActiveWindow
LoadIconA
GetDlgItem
IsRectEmpty
SendMessageW
RegisterClassA
SetDlgItemTextW
SetRect
GetWindowDC
GetAncestor
GetSystemMenu
GetParent
KillTimer
DestroyIcon
IsIconic
wsprintfW
wsprintfA
MoveWindow
GetWindowRect
UpdateWindow
DrawTextA
DrawFocusRect
GetFocus
IsWindowEnabled
GetMessagePos
RegisterClipboardFormatW
LoadImageW
GetDC

kernel32

InitializeCriticalSection
lstrcmpiW
MapViewOfFile
GetCurrentThreadId
OpenMutexA
lstrcpynA
lstrcatA
GetCurrentDirectoryW
TerminateProcess
GetLocaleInfoW
GetVersion
SetStdHandle
DeleteFileW
GetCurrentProcessId
GetStringTypeA
VirtualAlloc
MultiByteToWideChar
FreeLibrary
WriteConsoleW
DeleteFileA
GetCommandLineW
GetDriveTypeW
GetFileSize
GetModuleFileNameW
EnterCriticalSection
IsBadWritePtr
ExpandEnvironmentStringsW
HeapSize
CreateFileA
GetConsoleMode
ReleaseSemaphore
FormatMessageA
GetEnvironmentStringsW
GetExitCodeThread
SetFileAttributesW
GetTickCount
ExitProcess
GetProcessHeap
GetUserDefaultLCID
FreeEnvironmentStringsA
HeapDestroy
GetCurrentProcess
Sleep
GetExitCodeProcess

shlwapi

StrCmpNIA
PathRemoveFileSpecA
SHDeleteValueA
SHRegGetBoolUSValueW
PathFindFileNameW
StrToIntW
PathIsURLW
PathIsRootW
StrCpyNW
SHStrDupW
PathRemoveExtensionW
PathAppendA
PathRemoveBackslashW
UrlIsW
PathFindExtensionW
PathFileExistsW
StrDupW
StrCmpNW
SHDeleteKeyA
PathFindFileNameA
PathIsRelativeW
wnsprintfW
StrCmpW

version

GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW

advapi32

RegEnumValueW
IsValidSecurityDescriptor
LookupPrivilegeValueA
LockServiceDatabase
GetSecurityDescriptorLength
CryptGenRandom
DuplicateTokenEx
SetSecurityDescriptorGroup
RegQueryValueExW
AdjustTokenPrivileges
CryptDestroyKey
RegSetValueExA
GetSidLengthRequired
CopySid
RevertToSelf
DeregisterEventSource
RegCreateKeyW
SetFileSecurityW
UnlockServiceDatabase
CryptAcquireContextW
GetSecurityDescriptorOwner
GetLengthSid
CryptDestroyHash
GetUserNameA
QueryServiceStatus
RegSetValueExW
CryptCreateHash
GetTraceEnableLevel
QueryServiceConfigW
ImpersonateLoggedOnUser
CryptGetHashParam
CryptHashData
ControlService
RegQueryValueW
CheckTokenMembership
AllocateAndInitializeSid
ConvertSidToStringSidW

shell32

SHBrowseForFolderA
SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
SHFileOperationW
SHBindToParent
DragQueryFileA
SHGetPathFromIDListA
DragQueryFileW
ShellExecuteA
SHChangeNotify
SHGetFolderPathW
CommandLineToArgvW
SHGetFileInfoW

Sections

.code
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 1KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19ddc8579400979fed7d0bf8488192aa

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

rpcrt4

user32

kernel32

shlwapi

version

advapi32

shell32

Sections

.code Size: 277KB - Virtual size: 276KB

.edata Size: 1KB - Virtual size: 1KB

RT_DATA Size: 1KB - Virtual size: 203KB

.rsrc Size: 19KB - Virtual size: 19KB

.code
Size: 277KB - Virtual size: 276KB

.edata
Size: 1KB - Virtual size: 1KB

RT_DATA
Size: 1KB - Virtual size: 203KB

.rsrc
Size: 19KB - Virtual size: 19KB