178ab797488ecfa823c8ff5d316778fb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

178ab797488ecfa823c8ff5d316778fb_JaffaCakes118
Size

129KB
MD5

178ab797488ecfa823c8ff5d316778fb
SHA1

3c50c1d7f10545e7c3ced4f017cc6da6b8d3767a
SHA256

d0837895573774cd562e6baff41594a105ea3d0bd617b2f575b6d51c3849f094
SHA512

0b4996e6df9df174a35c6a2812af2535a06f7f423e234d4d34ce5dfc9bb5c7f0f40ce949b63303d298610a3a43bb4883a66b855293a57e007aaf0b2989033554
SSDEEP

1536:x9Qxzl4ZmhQnIJEbzAPrdRApi0RfDaQdXegpKjtiBZgVSN:YL4ZNoDMi0daiegkj4BZgVS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
178ab797488ecfa823c8ff5d316778fb_JaffaCakes118

Files

178ab797488ecfa823c8ff5d316778fb_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b750e33fe5be22008071cb68fb91d4b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlFreeHeap
RtlDeleteCriticalSection
LdrGetProcedureAddress
RtlInitString
LdrLoadDll
RtlReAllocateHeap
LdrUnloadDll
wcscmp
_chkstk
NtResetEvent
NtSetEvent
LdrAccessResource
LdrFindResource_U
RtlUnwind
RtlAllocateHeap
NtQueryInformationFile
NtWriteFile
NtDeleteFile
NtCreateKey
NtQueryValueKey
NtSetValueKey
RtlFreeUnicodeString
NtFlushBuffersFile
NtSetInformationFile
NtUnmapViewOfSection
NtCreateSection
NtMapViewOfSection
RtlDosPathNameToNtPathName_U
NtCreateFile
NtFsControlFile
NtOpenFile
wcsstr
wcstoul
RtlInitializeCriticalSection
NtOpenKey
RtlExpandEnvironmentStrings_U
_vsnwprintf
wcschr
towlower
swprintf
memmove
wcslen
wcscpy
_wcsnicmp
NtClose
RtlInitUnicodeString
RtlGetAce
RtlQueryInformationAcl
RtlGetDaclSecurityDescriptor
NtQuerySecurityObject
RtlCompareUnicodeString
NtWaitForMultipleObjects
NtCreateEvent
NtNotifyChangeDirectoryFile
_wcsicmp
NtWaitForSingleObject
wcscat
RtlEnterCriticalSection
RtlLeaveCriticalSection
wcsrchr
wcsncpy
RtlNtStatusToDosError

user32

RegisterDeviceNotificationW
DestroyWindow
wsprintfW
LoadStringW
SetThreadDesktop
CreateDialogParamW
SendMessageW
MsgWaitForMultipleObjects
IsDialogMessageW
OpenInputDesktop
DispatchMessageW
PeekMessageW
GetDlgItem
EnableWindow
ShowWindow
UpdateWindow
SetForegroundWindow
EndDialog
FindWindowW
GetUserObjectInformationW
CloseDesktop
RegisterClassW
CreateWindowExW
DefWindowProcW
GetSystemMetrics
GetWindowRect
MoveWindow
DialogBoxParamW
MessageBoxW
SetWindowLongW
SetDlgItemTextW
UnregisterDeviceNotification
PostMessageW
RegisterWindowMessageW
GetDlgItemTextW
TranslateMessage

kernel32

GetComputerNameW
LocalAlloc
GetComputerNameExW
LeaveCriticalSection
EnterCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
InitializeCriticalSection
LoadLibraryA
InterlockedCompareExchange
DelayLoadFailureHook
GetTickCount
ResetEvent
CreateDirectoryW
GetLocalTime
WideCharToMultiByte
GetSystemWow64DirectoryW
GetCurrentProcess
GetFileSize
GetDiskFreeSpaceExW
OpenEventW
GetModuleFileNameW
InterlockedExchange
WaitForSingleObject
GetCurrentThreadId
DisableThreadLibraryCalls
lstrcpynW
GetDriveTypeW
FormatMessageW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventW
SetEvent
GetModuleHandleW
GetVersionExW
FindFirstFileW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
GetSystemTimeAsFileTime
CreateThread
CloseHandle
ExpandEnvironmentStringsW
GetLastError
GetFileAttributesW
SetLastError

rpcrt4

RpcBindingFromStringBindingW
RpcImpersonateClient
NdrClientCall2
NdrServerCall2
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFree
I_RpcMapWin32Status
RpcServerRegisterIf
RpcServerUseProtseqEpW
RpcServerListen
RpcRevertToSelf

advapi32

RegCreateKeyExW
RegisterEventSourceW
DeregisterEventSource
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
RevertToSelf
CheckTokenMembership
ImpersonateLoggedOnUser
AllocateAndInitializeSid
ReportEventW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle

crypt32

CertFreeCertificateContext

ole32

StringFromIID
CoTaskMemFree
StringFromGUID2
IIDFromString

Exports

Exports

SfcGetNextProtectedFile
SfcIsFileProtected
SfcWLEventLogoff
SfcWLEventLogon

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b750e33fe5be22008071cb68fb91d4b2

Headers

File Characteristics

Imports

ntdll

user32

kernel32

rpcrt4

advapi32

wintrust

crypt32

ole32

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 88KB

.data Size: 512B - Virtual size: 20KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 89KB - Virtual size: 88KB

.data
Size: 512B - Virtual size: 20KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 5KB - Virtual size: 5KB