f5b21326dceb6902caed0d3f4b4df827_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f5b21326dceb6902caed0d3f4b4df827_JaffaCakes118
Size

609KB
MD5

f5b21326dceb6902caed0d3f4b4df827
SHA1

8ab5f73d1aa4070118bf6883a4a0860a511b1978
SHA256

46abb94b0b74c7bd89ad704d8b22f861c69259e6298537a0ab856aca8eac57a3
SHA512

9eae087d30624d2fcd0d71cc1ca5dcac3658a2d2bf0525220ae9bb83d53c29416101ebd9bbf523fb29ea457abc1130042ecc48bc04d77e8fc7c26078b76dfd36
SSDEEP

12288:n5louULutOQUC7G/WFsrrYwhi5SJP4nNQTfgSUoSgBq:nMvutOQ/KYw05ugNQTfgJyq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5b21326dceb6902caed0d3f4b4df827_JaffaCakes118

Files

f5b21326dceb6902caed0d3f4b4df827_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a5b1ef3259f7d88fe5c2f7e4d2af92ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\bs\co\ti12rc\exe\vs\release\schedul2.pdb

Imports

rpcrt4

I_RpcGetBuffer
NdrServerInitializeNew
NdrConvert
NdrConformantArrayUnmarshall
NdrConformantArrayBufferSize
RpcServerUnregisterIf
NdrConformantArrayMarshall
RpcRaiseException
RpcServerUseProtseqEpA
RpcServerRegisterIf
RpcServerListen
RpcImpersonateClient
RpcRevertToSelf

advapi32

GetSidSubAuthorityCount
SetSecurityDescriptorOwner
StartServiceA
RegOpenKeyExW
SetThreadToken
GetFileSecurityW
GetSecurityDescriptorOwner
SetFileSecurityW
GetUserNameW
RegEnumValueW
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
LookupAccountSidW
RegSetKeySecurity
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
EqualSid
IsValidSid
OpenThreadToken
GetUserNameA
GetTokenInformation
AllocateLocallyUniqueId
RegSetValueExW
RevertToSelf
ImpersonateLoggedOnUser
LogonUserW
CreateProcessAsUserW
SetTokenInformation
GetSidSubAuthority
SetKernelObjectSecurity
GetSidIdentifierAuthority
RegCreateKeyExW
CloseEventLog
OpenEventLogW
ReadEventLogA
GetNumberOfEventLogRecords
GetOldestEventLogRecord
NotifyChangeEventLog
RegDeleteValueW
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
CopySid
GetLengthSid
LookupPrivilegeNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceConfigW
QueryServiceStatus
OpenServiceW
RegDeleteKeyA
RegDeleteKeyW
RegEnumKeyExW

kernel32

VirtualAlloc
HeapReAlloc
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateEventA
CloseHandle
SetEvent
GetVersion
Sleep
WaitForSingleObject
TerminateThread
TerminateProcess
GetCurrentProcess
WaitForMultipleObjects
GetLastError
lstrcmpiW
ReadProcessMemory
OpenProcess
lstrcmpiA
GetCurrentThread
GetDiskFreeSpaceExA
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetComputerNameW
GetExitCodeProcess
CreateProcessA
GetTimeZoneInformation
GetModuleHandleA
LocalFree
FormatMessageW
MultiByteToWideChar
FormatMessageA
WideCharToMultiByte
SetUnhandledExceptionFilter
CreateProcessW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
GetSystemInfo
GetModuleFileNameW
LocalAlloc
GetTickCount
CreateFileW
HeapFree
HeapAlloc
GetProcessHeap
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTempPathW
GetTempFileNameW
GetLogicalDriveStringsW
GetDriveTypeW
GetSystemDirectoryW
GetShortPathNameW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
CopyFileW
MoveFileW
MoveFileExW
GetFullPathNameW
OutputDebugStringW
ExpandEnvironmentStringsW
LoadLibraryW
LoadLibraryExW
GetStartupInfoW
SetComputerNameW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
WriteConsoleW
GetEnvironmentVariableW
SetEnvironmentVariableW
WriteConsoleA
GetConsoleOutputCP
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileA
GetTempPathA
GetTempFileNameA
GetLogicalDriveStringsA
GetDriveTypeA
GetSystemDirectoryA
GetWindowsDirectoryA
GetShortPathNameA
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
CopyFileA
MoveFileA
GetFullPathNameA
OutputDebugStringA
ExpandEnvironmentStringsA
LoadLibraryExA
GetStartupInfoA
GetModuleFileNameA
GetComputerNameA
SetComputerNameA
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetNumberFormatA
GetEnvironmentVariableA
SetEnvironmentVariableA
FindClose
GetLogicalDrives
SetErrorMode
GetCurrentThreadId
FindCloseChangeNotification
FindNextChangeNotification
ReadFile
WriteFile
FlushFileBuffers
SetFilePointer
SetEndOfFile
LockFileEx
UnlockFileEx
SetProcessWorkingSetSize
GetProcessWorkingSetSize
DeviceIoControl
SetFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CompareStringW
FindFirstChangeNotificationW
GetVolumeInformationW
GetDiskFreeSpaceW
GetCompressedFileSizeW
GetFileInformationByHandle
CompareStringA
FindFirstChangeNotificationA
GetDiskFreeSpaceA
GetVolumeInformationA
WritePrivateProfileStringA
EnumResourceLanguagesW
LockResource
LoadResource
FindResourceExW
ExitThread
GetSystemDefaultLangID
EnumResourceNamesW
GetSystemTimeAsFileTime
BackupRead
BackupSeek
BackupWrite
GetFileTime
DuplicateHandle
GetVolumeNameForVolumeMountPointW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
HeapSize
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
InterlockedDecrement
InterlockedIncrement
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
CreateThread
RaiseException
RtlUnwind
GetVersionExA
GetCommandLineA
CreateSemaphoreA
ReleaseSemaphore
GetWindowsDirectoryW
SetFileApisToANSI

user32

CharUpperBuffW
VkKeyScanExA
VkKeyScanA
WinHelpA
GetClipboardFormatNameA
SystemParametersInfoA
SetWindowTextA
ModifyMenuA
AppendMenuA
CharUpperBuffA
RegisterClipboardFormatA
RegisterClassExA
PeekMessageA
DefWindowProcA
GetWindowLongA
SendMessageA
SetTimer
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowLongA
CreateWindowExA
RegisterClassA
VkKeyScanW
PostQuitMessage
KillTimer
wsprintfW
PostMessageA
VkKeyScanExW
WinHelpW
SendNotifyMessageA
CreateDialogIndirectParamA
DefWindowProcW
GetWindowLongW
SetWindowLongW
SendMessageW
SystemParametersInfoW
SetWindowTextW
ModifyMenuW
AppendMenuW
GetClipboardFormatNameW
RegisterClipboardFormatW
DispatchMessageW
PeekMessageW
CreateDialogIndirectParamW
PostMessageW
SendNotifyMessageW
RegisterClassExW

gdi32

EnumFontFamiliesExA
CreateFontIndirectA
GetTextMetricsA
EnumFontFamiliesExW
CreateFontIndirectW
GetTextMetricsW

ws2_32

setsockopt
socket
gethostbyname
inet_addr
WSACleanup
WSAStartup
htons
closesocket
WSASend
WSARecv
shutdown
connect

shell32

SHGetDesktopFolder
ShellExecuteExA
ShellExecuteA
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetFileInfoA
ShellExecuteExW
ShellExecuteW
SHGetMalloc

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameW

mpr

WNetCancelConnection2W
WNetEnumResourceW
WNetOpenEnumW
WNetGetUniversalNameW
WNetAddConnection3W
WNetGetUniversalNameA
WNetAddConnection3A
WNetCloseEnum

ole32

CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
OleUninitialize

oleaut32

VariantChangeType
VariantInit
VariantClear

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 400KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a5b1ef3259f7d88fe5c2f7e4d2af92ec

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

advapi32

kernel32

user32

gdi32

ws2_32

shell32

comdlg32

mpr

ole32

oleaut32

version

Sections

.text Size: 400KB - Virtual size: 398KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 100KB - Virtual size: 100KB

.text
Size: 400KB - Virtual size: 398KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 100KB - Virtual size: 100KB