9bce07c44c140be1f307bac2dc19aa97_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9bce07c44c140be1f307bac2dc19aa97_JaffaCakes118
Size

371KB
MD5

9bce07c44c140be1f307bac2dc19aa97
SHA1

d8fa0ae11433505513153bae6f82f81a145e5c8f
SHA256

a76f582e1481d9c883ed70add1fb357108366c122152099218f46faebe5b368b
SHA512

223c01084275d8f705438e09b1d075f2d167eade76e71be17767c8b7be39373d2c9bf1f3db77376dc34672efb2c85c9042b06df0d0efd6d505787f82535dfe9e
SSDEEP

6144:rtflx1o6Oo8Q88xlLfGvQr1fvZoqetKZ5eydcexEgMmFE1VzbgPwTqVnR:Bfvko8Q88xNlG85eyS4EfBzbgPwTqVR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bce07c44c140be1f307bac2dc19aa97_JaffaCakes118

Files

9bce07c44c140be1f307bac2dc19aa97_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9f3148a85bdb638523f4e17c09e86ec9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\Work\Source\Common\Release\LewoPrompt.pdb

Imports

rpcrt4

UuidEqual

kernel32

CreateProcessW
GetTickCount
WaitForSingleObject
TerminateProcess
GetTempPathW
GetTempFileNameW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
LocalFree
CreateEventW
ResetEvent
SetEvent
WaitForSingleObjectEx
GetExitCodeThread
TerminateThread
ResumeThread
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
WaitForMultipleObjectsEx
InitializeCriticalSection
GlobalUnlock
GlobalLock
lstrcmpW
SetLastError
FreeLibrary
GetFileAttributesW
CreateDirectoryW
GetFullPathNameW
GlobalMemoryStatusEx
GetWindowsDirectoryW
GetVolumeInformationW
SetUnhandledExceptionFilter
lstrcpynW
IsBadReadPtr
IsBadCodePtr
lstrlenW
GetFileTime
GetCurrentProcessId
WriteFile
GetSystemTimeAsFileTime
FindFirstFileW
FindClose
MultiByteToWideChar
LoadLibraryExW
DecodePointer
Sleep
CreateThread
VirtualQuery
VirtualProtect
FlushInstructionCache
VirtualAlloc
VirtualFree
LockResource
SetThreadContext
GetThreadContext
OutputDebugStringA
GetCurrentProcess
SizeofResource
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GlobalAlloc
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
LCMapStringW
GetFileType
GetStringTypeW
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
GetFileSize
InitializeSListHead
EncodePointer
ReadFile
CreateFileW
GetModuleHandleW
LoadLibraryW
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcAddress
GetProcessHeap
GetVersionExW
GetModuleFileNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
RaiseException
FindResourceExW
FindResourceW
GetConsoleMode
LoadResource
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
MulDiv
InterlockedCompareExchange

user32

wsprintfW
DestroyAcceleratorTable
RedrawWindow
DestroyWindow
DefWindowProcW
SetWindowLongW
GetWindowLongW
IsWindow
GetClientRect
ReleaseDC
GetDC
CallWindowProcW
GetSysColor
UnregisterClassW
PostQuitMessage
SystemParametersInfoW
ChildWindowFromPoint
GetSystemMetrics
ExitWindowsEx
RegisterWindowMessageW
GetWindowTextLengthW
PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SendMessageW
GetDlgItem
GetWindow
SetFocus
GetFocus
IsChild
InvalidateRect
EndPaint
GetWindowTextW
SetWindowTextW
DispatchMessageW
FillRect
BeginPaint
TranslateMessage
GetMessageW
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxParamW
MessageBoxIndirectA
MessageBoxIndirectW
DialogBoxIndirectParamA
GetDesktopWindow
InvalidateRgn
SetCapture
ReleaseCapture
ClientToScreen
ScreenToClient
LoadCursorW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
CreateAcceleratorTableW
GetClassNameW
GetParent
CharNextW
SetWindowPos
PostMessageW
ShowWindow
MoveWindow

gdi32

GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
LookupPrivilegeValueW

ole32

CoCreateInstance
OleRun
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoAddRefServerProcess
CoReleaseServerProcess
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2

oleaut32

LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect
SysAllocStringLen
VariantChangeType
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SysStringLen
LoadTypeLi
VariantCopy
VariantInit
SysFreeString

iphlpapi

GetAdaptersInfo

wininet

HttpQueryInfoW
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f3148a85bdb638523f4e17c09e86ec9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

user32

gdi32

advapi32

ole32

oleaut32

iphlpapi

wininet

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 10KB - Virtual size: 13KB

.gfids Size: 512B - Virtual size: 268B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 10KB - Virtual size: 13KB

.gfids
Size: 512B - Virtual size: 268B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 16KB - Virtual size: 15KB