5070717e02fdc84329e1f8425e6455ab_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5070717e02fdc84329e1f8425e6455ab_JaffaCakes118
Size

1.1MB
MD5

5070717e02fdc84329e1f8425e6455ab
SHA1

7f525e1ce47e0421fb667d773911139e254480c9
SHA256

ad374887ecbcbe7335f83f61e97fa5381ee6087b9c92cef91891a3112798578e
SHA512

3b3ebb9e4a3c4a9c6ac17a86b64ce428bfe0d16faa9f243b58081a7e1617c2e5585e10833ea20efa6e48a4d54cb5f528dea8025852c27cadaba9c7095421cc85
SSDEEP

24576:lBpBDTx9+uzNuY07bmRASnp7bnS/NHNIODf+e:hdx8Ul07bm9pa/NH3p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5070717e02fdc84329e1f8425e6455ab_JaffaCakes118

Files

5070717e02fdc84329e1f8425e6455ab_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0fb8b8fb19bf7f435440b491d2fba51f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNamedPipeHandleStateA
FindNextChangeNotification
FindVolumeClose
GetCompressedFileSizeW
SetComputerNameExW
HeapSetInformation
SetConsoleDisplayMode
SetUnhandledExceptionFilter
GetConsoleCP
GetFileAttributesExW
CreateFileMappingW
GetStringTypeW
SetThreadContext
GetCurrencyFormatW
GetLogicalDrives
GetEnvironmentStrings
GetVolumeInformationW
CreateToolhelp32Snapshot
GetAtomNameA
GetFileTime
GetModuleFileNameA
OpenFileMappingA
GetCalendarInfoW
GetPrivateProfileIntW
GetCurrentProcess
GetConsoleMode
CopyFileA
FormatMessageA
GetThreadContext
SetEvent
GetFileSizeEx
GetDriveTypeA
VerifyVersionInfoW
MoveFileWithProgressW
FindFirstFileExA
DosDateTimeToFileTime
FreeUserPhysicalPages
ChangeTimerQueueTimer
OpenMutexA
OpenJobObjectW
DeviceIoControl
SetMailslotInfo
CompareStringA
GetCommandLineA
GetTempPathA
MapUserPhysicalPages
CreateJobObjectW
GetDiskFreeSpaceExA
ReleaseSemaphore
FileTimeToDosDateTime
GetVolumePathNameW
VirtualQuery
DisconnectNamedPipe
SetTapePosition
GetConsoleOutputCP
CreateNamedPipeW
SetFileAttributesA
CreateHardLinkA
DeleteTimerQueueEx
FoldStringW
FindResourceExA
ReadProcessMemory
FlushInstructionCache
CreateMailslotW
FlushConsoleInputBuffer
GetWindowsDirectoryW
FindAtomA
MapViewOfFileEx
GetProfileSectionA
GetStringTypeExA
WideCharToMultiByte
CancelWaitableTimer
GetConsoleAliasExesLengthA
MultiByteToWideChar
FoldStringA
GetTempPathW
GetNumberOfConsoleInputEvents
MoveFileExW
MoveFileW
GetProcessAffinityMask
GetNumberFormatW
GetVersion
SetInformationJobObject
OpenEventW
ReleaseMutex
SetCurrentDirectoryW
GetDateFormatW
SetThreadPriority
GetPrivateProfileIntA
GetProcessTimes
SetLocaleInfoW
VirtualAlloc
LoadResource
CreateFileMappingA
GetTempFileNameW
CreateFileW
GetPrivateProfileStructA
EnumCalendarInfoExA
GetSystemDirectoryA
GetEnvironmentVariableW
GetFullPathNameA
GetStringTypeExW
SetSystemTimeAdjustment
RemoveDirectoryA
Module32FirstW
DnsHostnameToComputerNameW
EraseTape
CopyFileW
GetCurrentDirectoryW
EnumCalendarInfoW
GetVolumeInformationA
GetUserDefaultLCID
CreateSemaphoreA
SetEndOfFile
DebugBreak
RegisterWaitForSingleObject
AssignProcessToJobObject
IsDBCSLeadByteEx
SwitchToThread
SetWaitableTimer
GetCurrentThread
CopyFileExA
QueryPerformanceFrequency
GetDevicePowerState
GetCPInfoExA
SetConsoleCP
CreateMutexA
SetHandleCount
OpenProcess
SearchPathW
SetEnvironmentVariableA
OpenThread
GetFileAttributesExA
OpenMutexW
FlushViewOfFile
GetProcAddress
SetHandleInformation
SleepEx
OpenSemaphoreA
SetConsoleCtrlHandler
GetPriorityClass
SetVolumeMountPointA
CopyFileExW
GetPrivateProfileStringA
SetThreadLocale
SetStdHandle
GetConsoleAliasW
GetCurrentDirectoryA
GetSystemDefaultLCID
OpenWaitableTimerA
CreateEventW
GetDateFormatA
MapUserPhysicalPagesScatter
GetThreadTimes
GetPrivateProfileSectionA
GetConsoleAliasA
DnsHostnameToComputerNameA
lstrcatA
CreateDirectoryA
GetSystemWindowsDirectoryW
GetMailslotInfo
GetOEMCP
SetNamedPipeHandleState
SetTapeParameters
CreateDirectoryExW
GetStdHandle
CreateJobObjectA
PostQueuedCompletionStatus
SetThreadPriorityBoost
GetVolumePathNameA
GetFileType
GetShortPathNameA
CancelIo
GetNumberFormatA
DeleteVolumeMountPointA
GetWindowsDirectoryA
lstrcmpA
GetUserDefaultLangID

rpcrt4

RpcServerRegisterAuthInfoA
RpcSsFree
I_RpcBindingInqTransportType
RpcBindingSetAuthInfoA
UuidCompare
NdrAsyncClientCall
UuidFromStringW
RpcGetAuthorizationContextForClient
RpcMgmtWaitServerListen
NdrGetDcomProtocolVersion
RpcNetworkIsProtseqValidA
NdrAsyncServerCall
RpcServerUseProtseqW
RpcBindingFromStringBindingA
NdrCorrelationFree
MesEncodeFixedBufferHandleCreate
RpcErrorStartEnumeration
RpcAsyncCancelCall
NdrConformantArrayMarshall
NdrOleFree
NdrConformantArrayUnmarshall
RpcServerUnregisterIf
RpcMgmtSetCancelTimeout
NdrServerInitialize
RpcServerRegisterIf
RpcSsDestroyClientContext
RpcEpResolveBinding
NdrSimpleTypeMarshall
RpcObjectSetType
RpcErrorAddRecord
RpcNetworkIsProtseqValidW
RpcServerRegisterIfEx
MesHandleFree
RpcRevertToSelfEx
RpcBindingInqAuthClientExW
RpcBindingSetAuthInfoW
NdrMesTypeFree2
NdrInterfacePointerMarshall
NdrMesTypeAlignSize2
RpcMgmtEpEltInqDone
IUnknown_QueryInterface_Proxy
RpcIfInqId
RpcCertGeneratePrincipalNameW
NdrInterfacePointerFree
NdrServerCall2
RpcBindingToStringBindingW
IUnknown_Release_Proxy
RpcEpRegisterA
RpcBindingCopy
RpcServerRegisterAuthInfoW

user32

ChildWindowFromPoint
LoadCursorA
EndPaint
GetMenuStringW
OemToCharBuffA
LoadCursorW
SetDlgItemTextA
CloseWindowStation
MoveWindow
GetKeyboardType
EnumThreadWindows
IntersectRect
GetKeyboardLayout
LoadStringW
GetAltTabInfoA
AdjustWindowRectEx
IsChild
GetThreadDesktop
GetMenuItemCount
GetClassInfoA
LoadImageW
MessageBeep
GetWindowInfo
IsWindow
UpdateWindow
CreateDialogParamW
GetWindow
wsprintfW
EnumChildWindows
SetWindowRgn
PeekMessageA
GetNextDlgTabItem

comctl32

ImageList_SetOverlayImage
ImageList_DragMove
ImageList_Draw
ImageList_GetDragImage
ImageList_Create
ImageList_Destroy
CreateStatusWindowW
InitCommonControlsEx
ImageList_DrawEx
ImageList_DragShowNolock
FlatSB_SetScrollProp
ImageList_AddMasked
FlatSB_GetScrollInfo
ImageList_LoadImageA
ImageList_Copy
DestroyPropertySheetPage
ImageList_LoadImageW
ImageList_SetImageCount
ImageList_Replace
FlatSB_SetScrollPos
ImageList_Remove
ImageList_Read
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_SetIconSize
ImageList_GetImageCount
CreateToolbarEx
ord17
ImageList_GetIcon

advapi32

QueryServiceStatus
RegSetValueW
OpenSCManagerW
GetCurrentHwProfileW
RegQueryMultipleValuesW
GetTokenInformation
GetSidSubAuthority
RegDeleteKeyW
InitializeAcl
RegCreateKeyExW
MakeSelfRelativeSD
RegQueryValueExA
RegNotifyChangeKeyValue
SetTokenInformation
GetCurrentHwProfileA
GetKernelObjectSecurity
RegQueryMultipleValuesA
AreAnyAccessesGranted
AreAllAccessesGranted
RegSetKeySecurity
AddAccessAllowedAce
RegSetValueA
AddAuditAccessAce
RegCreateKeyExA
GetSecurityDescriptorControl
RegQueryValueExW
LookupAccountSidW
CryptCreateHash
SetSecurityDescriptorOwner
LsaFreeMemory
RegOpenKeyW
RegFlushKey
EqualSid
QueryServiceConfigW
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyW
GetAce
CryptAcquireContextW
InitializeSecurityDescriptor
LsaClose
GetSidIdentifierAuthority
GetLengthSid
OpenServiceW
GetSidSubAuthorityCount
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetUserNameW
LookupAccountNameW
GetSidLengthRequired
RegSetValueExW
AddAccessDeniedAce
SetKernelObjectSecurity

shell32

SHChangeNotify
SHGetSpecialFolderPathW
SHBindToParent
ShellExecuteExW
SHBrowseForFolderW
SHGetMalloc
SHGetFolderPathW
SHGetDesktopFolder
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHFileOperationW

ole32

CreateItemMoniker
CoFreeAllLibraries
CoGetObject
StgOpenStorageOnILockBytes
ProgIDFromCLSID
CoRegisterMessageFilter
CoImpersonateClient
CreateGenericComposite
WriteClassStg
CoResumeClassObjects
OleSave
OleIsRunning
CoGetSystemSecurityPermissions
CreateBindCtx
CoTaskMemRealloc
CoMarshalInterThreadInterfaceInStream
CoAllowSetForegroundWindow
BindMoniker
CoGetCallerTID
HMENU_UserSize
OleCreateLink
CoGetInterfaceAndReleaseStream
CoCreateGuid
HPALETTE_UserUnmarshal
HWND_UserSize
CreateStreamOnHGlobal
CoTaskMemAlloc
CreateOleAdviseHolder
HWND_UserMarshal
HGLOBAL_UserUnmarshal
GetHGlobalFromILockBytes
WriteClassStm

oleaut32

VariantClear
SysReAllocStringLen
SysFreeString
VariantCopy
VariantChangeType
GetActiveObject
VariantChangeTypeEx
SysAllocStringLen
SysStringLen
SafeArrayGetLBound
SafeArrayCreate
SafeArrayGetUBound
VariantInit
GetErrorInfo
VariantCopyInd
SysAllocStringByteLen
SafeArrayPtrOfIndex

Sections

.text
Size: 785KB - Virtual size: 785KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.71onq
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0gzoe
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fb8b8fb19bf7f435440b491d2fba51f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 785KB - Virtual size: 785KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 126KB - Virtual size: 389KB

.71onq Size: 33KB - Virtual size: 32KB

.0gzoe Size: 74KB - Virtual size: 74KB

.rsrc Size: 93KB - Virtual size: 92KB

.text
Size: 785KB - Virtual size: 785KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 126KB - Virtual size: 389KB

.71onq
Size: 33KB - Virtual size: 32KB

.0gzoe
Size: 74KB - Virtual size: 74KB

.rsrc
Size: 93KB - Virtual size: 92KB