f6fc69b3f8dbaa16992727263a2695f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6fc69b3f8dbaa16992727263a2695f1_JaffaCakes118
Size

168KB
MD5

f6fc69b3f8dbaa16992727263a2695f1
SHA1

3df7b954f7d251e1a3d0995bedf07ffa9c0b3e18
SHA256

22202c5ea895da5af7d5c76c90b439bc83cf05b55a6a7b47c4c6e20d53240a87
SHA512

0d9153db2af5d4e89e43527d6faa14fbcc82b2f1f7c97bf2b1996b42278964dd8ae3ac389613101ea164476b93d6e9a214fe77bae64c44b64d078f1787eb9acd
SSDEEP

3072:fOX+C9qTM3yObfxCDxfUWZd59mO8OPc67bQAPrnd8S6V2NasWgWxnr:da3yO7KZdCFO06XtDd81V2gsWV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6fc69b3f8dbaa16992727263a2695f1_JaffaCakes118

Files

f6fc69b3f8dbaa16992727263a2695f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

13e5aa4790f822c2ff45c8d59b9a6f62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoQueryProxyBlanket
CoGetClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoGetCallContext
CoUninitialize
StringFromCLSID
CoCreateGuid
CoTaskMemFree
CoDisconnectObject
CoRevertToSelf
CoInitializeEx
StringFromGUID2
CoInitializeSecurity
CLSIDFromString
CoSetProxyBlanket
CoImpersonateClient
CoCreateInstance
StringFromIID
CoTaskMemAlloc
CoRevokeClassObject

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

HeapCreate
GetStartupInfoA
TlsAlloc
GetTickCount
CreateFileA
lstrcpyA
GetModuleHandleW
HeapReAlloc
MultiByteToWideChar
VirtualAlloc
GetSystemDirectoryA
FreeEnvironmentStringsW
GetCurrentProcessId
FindResourceA
GetVersionExA
lstrcpynA
ReadProcessMemory
RtlUnwind
GetComputerNameA
CreateProcessW
HeapSize
FreeLibrary
HeapFree
IsDBCSLeadByte
SetEvent
HeapAlloc
VirtualFree
GetPrivateProfileSectionA
InterlockedDecrement
RaiseException
CreateDirectoryA
CreateThread
GetModuleHandleA
GetCPInfo
TlsGetValue
GetStringTypeW
GetLocaleInfoA
GetModuleFileNameW
SetLastError
GetEnvironmentStrings
ReleaseMutex
DuplicateHandle
EnterCriticalSection
InitializeCriticalSection
CompareStringA
GetVersion
SetUnhandledExceptionFilter
CreateProcessA
TlsSetValue
lstrcatA
IsBadReadPtr
VirtualProtect
GetSystemInfo
GetStringTypeA
UnhandledExceptionFilter
GetPrivateProfileIntA
GetProfileStringA
GetACP
SetEnvironmentVariableA
VirtualQuery
GetThreadLocale
GetEnvironmentStringsW
FindFirstFileA
CloseHandle
SetHandleCount
CreateMutexA
OpenProcess
IsBadWritePtr
SetErrorMode
lstrlenW
LoadLibraryExA
InterlockedIncrement
InterlockedExchange
LoadLibraryW
TlsFree
WideCharToMultiByte
GetCurrentProcess
GetModuleFileNameA
EnumSystemLanguageGroupsW
CreateFileMappingA
GetOEMCP
QueryPerformanceCounter
lstrlenA
DeleteCriticalSection
LocalSize
GetFileType
GetPrivateProfileSectionNamesA
GetLastError
SetFilePointer
WriteProfileStringA
LocalAlloc
IsBadCodePtr
FormatMessageA
CreateEventA
Sleep
FlushFileBuffers
ResetWriteWatch
SetStdHandle
GetExitCodeProcess
SizeofResource
LeaveCriticalSection
LCMapStringW
LockResource
GetPrivateProfileStringA
GetProcessTimes
TerminateThread
WriteFile
SetEndOfFile
GetCommandLineA
GetProcessHeap
LoadResource
LocalFree
TerminateProcess
LCMapStringA
UnmapViewOfFile
FindClose
ExitProcess
GetStdHandle
MapViewOfFile
HeapDestroy
LoadLibraryA
CompareStringW
WritePrivateProfileStringA
FreeEnvironmentStringsA
GetCurrentThreadId
InterlockedCompareExchange
lstrcmpiA
GetSystemTimeAsFileTime
GetProcAddress
GetCurrentThread
GetFileAttributesA
FindResourceExA
WaitForSingleObject
ReadFile
HeapFree

user32

GetMessageA
GetWindowThreadProcessId
MessageBoxA
SetTimer
CharNextA
LoadStringA
DispatchMessageA
wsprintfW
PeekMessageA
EnumWindows
CharUpperA
PostThreadMessageA
GetWindowTextA
KillTimer
IsWindowVisible
wsprintfA

advapi32

QueryServiceStatus
LookupAccountSidW
DeleteService
LookupAccountNameA
RegQueryInfoKeyA
OpenServiceA
RegisterServiceCtrlHandlerA
RegSetKeySecurity
SetSecurityDescriptorDacl
GetTokenInformation
RegisterEventSourceA
GetSecurityDescriptorOwner
CreateServiceA
MakeSelfRelativeSD
EqualSid
GetAclInformation
AddAccessAllowedAce
RegCloseKey
OpenSCManagerA
AdjustTokenPrivileges
StartServiceCtrlDispatcherA
RegCreateKeyA
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
DuplicateTokenEx
GetLengthSid
ReportEventA
OpenProcessToken
AddAce
RegConnectRegistryA
RegEnumValueA
IsValidSid
DuplicateToken
AccessCheck
RegSetValueExA
InitializeSecurityDescriptor
RegEnumKeyExA
GetSidLengthRequired
LookupAccountSidA
AllocateAndInitializeSid
RegOpenKeyExA
RegEnumKeyA
CloseServiceHandle
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
RegDeleteKeyA
GetSecurityDescriptorDacl
DeregisterEventSource
RegCreateKeyExA
InitializeSid
GetAce
ChangeServiceConfigA
AddAccessDeniedAce
GetUserNameA
FreeSid
RegDeleteValueA
ControlService
SetThreadToken
RegQueryValueExA
LookupPrivilegeValueA
GetSecurityDescriptorLength
GetSidSubAuthority
GetSecurityDescriptorGroup
PrivilegeCheck
RegQueryValueExW
SetSecurityDescriptorSacl
InitializeAcl
CopySid
SetServiceStatus
OpenThreadToken
RegOpenKeyExW

rpcrt4

RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
NdrClientCall
RpcStringBindingComposeA
RpcStringFreeA

shlwapi

PathFindExtensionA

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13e5aa4790f822c2ff45c8d59b9a6f62

Headers

File Characteristics

Imports

ole32

version

kernel32

user32

advapi32

rpcrt4

shlwapi

oleacc

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 7KB - Virtual size: 407KB

.data Size: 99KB - Virtual size: 99KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 7KB - Virtual size: 407KB

.data
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 512B - Virtual size: 4KB