f663460f4be936f820d4582307140c0f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f663460f4be936f820d4582307140c0f_JaffaCakes118
Size

179KB
MD5

f663460f4be936f820d4582307140c0f
SHA1

cf337a9a4034eb528e399010d317f76de248552a
SHA256

35feef5cb48ec5d9ddb634ebb37927cf9022cdada7a8a519906182ee0d824ac4
SHA512

1a79cde996bc8303c003a332d846e39146e0f81049c09d1e671515fc07ac33dd323f39b17021aa2a06e03d116c8cb741d01269bfefb105c61b59e1725d9c1cdc
SSDEEP

3072:6WQQXLHpPAYKPG2vs01sBaFvWo5nI1ZUt9RYM952d6RMuVspObVYgoChB+6UMMnC:6WQQuYK+pu8aFuo5autz95FvSMVYgoCO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f663460f4be936f820d4582307140c0f_JaffaCakes118

Files

f663460f4be936f820d4582307140c0f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ef49b022b364a20dffe041d759b41c68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueA
LookupPrivilegeValueA
RegOpenKeyExA
AdjustTokenPrivileges
RegSetValueExW
RegOpenKeyA
RegEnumValueA
RegQueryInfoKeyA
InitializeSecurityDescriptor
ReportEventA
RegSetValueExA
RegCreateKeyW
RegCloseKey
RegSetValueA
RegOpenKeyW
RegQueryValueExW
RegDeleteValueA
DeregisterEventSource
RegEnumKeyW
RegDeleteKeyW
RegisterEventSourceA
RegDeleteValueW
RegDeleteKeyA
OpenProcessToken
SetSecurityDescriptorDacl
RegCreateKeyA
RegEnumValueW
RegQueryValueExA
RegEnumKeyA

samlib

SamConnectWithCreds
SamConnect
SamLookupNamesInDomain

ddraw

DirectDrawEnumerateA

kernel32

DuplicateHandle
GetUserDefaultLangID
GetVersion
lstrcpyA
GetFileType
VirtualProtect
UnhandledExceptionFilter
ReadFile
FreeEnvironmentStringsA
MoveFileA
IsDBCSLeadByte
GetLocaleInfoA
lstrlenA
FileTimeToLocalFileTime
GetStartupInfoA
lstrcmpA
GetCurrentProcess
CreateEventA
Sleep
TerminateProcess
GetTempPathA
GetCurrentProcessId
WinExec
HeapReAlloc
CreateFileA
ResetEvent
GlobalReAlloc
VirtualFree
HeapSize
GlobalDeleteAtom
LCMapStringA
GetACP
GlobalHandle
_llseek
RemoveDirectoryA
InterlockedIncrement
VirtualAlloc
GetStdHandle
GetStringTypeExA
SystemTimeToFileTime
SetLocalTime
CloseHandle
_lclose
FindResourceA
WideCharToMultiByte
GetDateFormatA
SetEnvironmentVariableA
lstrcmpiA
GetTickCount
GetVolumeInformationA
SetCurrentDirectoryA
lstrcmpiW
DeleteCriticalSection
GetStringTypeA
InterlockedDecrement
CreateSemaphoreA
HeapFree
GetCommandLineA
GetSystemDirectoryA
MulDiv
InitializeCriticalSection
GetModuleHandleA
CompareStringW
GetFileTime
TlsGetValue
EnterCriticalSection
UnlockFile
CompareStringA
_lwrite
GetSystemInfo
GetSystemDefaultLangID
GetEnvironmentStringsW
GetProfileStringA
SetStdHandle
GetDriveTypeA
SetFileTime
GlobalUnlock
GetWindowsDirectoryA
IsBadReadPtr
TlsAlloc
GlobalLock
_lread
IsBadCodePtr
SetFilePointer
DeleteFileA
FlushInstructionCache
SetFileAttributesA
GlobalAlloc
GetCurrentDirectoryA
ExitThread
GetShortPathNameA
GlobalAddAtomA
GetUserDefaultLCID
GetFileAttributesA
SetHandleCount
lstrcatA
GetLastError
GetLocalTime
FreeResource
FileTimeToSystemTime
CreateProcessW
GetEnvironmentStrings
GetTimeZoneInformation
FlushFileBuffers
CreateThread
GetExitCodeProcess
FormatMessageW
GetVersionExA
LoadResource
FormatMessageA
SetErrorMode
CreateProcessA
LoadLibraryExA
FreeEnvironmentStringsW
HeapAlloc
GetCPInfo
SetEndOfFile
GlobalSize
WaitForSingleObject
GetStringTypeW
VirtualQuery
GetModuleFileNameW
FreeLibrary
LockResource
LoadLibraryA
GetCurrentThreadId
GetFullPathNameA
FindClose
SetLastError
GetSystemDefaultLCID
CreateDirectoryA
GetModuleFileNameA
GetSystemTime
LCMapStringW
TlsSetValue
WriteFile
lstrcpynA
GetProcAddress
RtlUnwind
LeaveCriticalSection
TlsFree
GetTempFileNameA
ResumeThread
FindNextFileA
MultiByteToWideChar
HeapCreate
SetEvent
HeapDestroy
ExitProcess
SizeofResource
GlobalFree
SearchPathA
GetOEMCP
ReleaseSemaphore
LockFile
FindFirstFileA
RaiseException

ws2_32

setsockopt
WSAConnect

ole32

OleSave
OleLoad

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 141KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef49b022b364a20dffe041d759b41c68

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

samlib

ddraw

kernel32

ws2_32

ole32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.data Size: 141KB - Virtual size: 368KB

.rsrc Size: 26KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.data
Size: 141KB - Virtual size: 368KB

.rsrc
Size: 26KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 64B