b6673050affda17b26e126590256eb8c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6673050affda17b26e126590256eb8c_JaffaCakes118
Size

1.1MB
MD5

b6673050affda17b26e126590256eb8c
SHA1

87d9aa14d03bf44cb8d77a50e1d3f9e7b0709aee
SHA256

18eb282fe96b8eadc82cd8108b4fc32e3e684fccc318c8bbd097b540a265a2a5
SHA512

5e0ece48b6fc407bcf3ebf2ec07c046be60fb3c7911200a19396b09e1e40cc94f269b92225a9853e5b330b4347fa1f7a642105d5a258ce9db28a2a49d2626f97
SSDEEP

24576:bc1a9BlKhLg+36jjPx/uak0Nv5q4/qnf:Ca9B4hLg+qPluakO5inf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6673050affda17b26e126590256eb8c_JaffaCakes118

Files

b6673050affda17b26e126590256eb8c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9376e5638910a0403cd4c2b65c57a9fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bea Harehah .pdb

Imports

ole32

OleSetClipboard
CoGetInstanceFromFile
StringFromGUID2
StgCreatePropStg
OleCreateEmbeddingHelper
OleCreateMenuDescriptor
CoIsHandlerConnected
CLSIDFromString
HICON_UserFree

imm32

ImmDestroyContext
ImmUnregisterWordW
ImmSetCompositionFontA
ImmGetDescriptionA
ImmGetConversionStatus
ImmSetCompositionStringA
ImmRegisterWordA
ImmGetConversionListW
ImmEnumRegisterWordA

comdlg32

GetFileTitleW
GetSaveFileNameA
GetFileTitleA

ntdsapi

DsReplicaDelW
DsBindA
DsBindWithSpnW
DsReplicaSyncAllW
DsUnquoteRdnValueA

urlmon

CoInternetGetProtocolFlags
HlinkNavigateMoniker
CoInternetGetSession
HlinkGoBack

pdh

PdhBrowseCountersW
PdhGetDataSourceTimeRangeA
PdhGetLogFileSize

mprapi

MprInfoBlockRemove
MprInfoBlockAdd

clusapi

SetClusterResourceName
ClusterOpenEnum
ClusterRegOpenKey
ClusterRegQueryInfoKey
CloseClusterResource
ClusterResourceTypeCloseEnum

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDriverInfoList
SetupCommitFileQueueA
SetupCopyOEMInfW
SetupInstallServicesFromInfSectionExW
SetupRemoveInstallSectionFromDiskSpaceListA
SetupDiCancelDriverInfoSearch
SetupFindNextMatchLineW
SetupDiCallClassInstaller

shell32

ExtractAssociatedIconW
SHFileOperationW
DuplicateIcon

oleaut32

VarCyFromI1
VarUI2FromR4

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetTimeZoneInformation
ReadFile
SetEndOfFile
FlushFileBuffers
QueryPerformanceCounter
VirtualProtect
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetVersionExA
GetCommandLineA
LoadLibraryA
InterlockedExchange
FreeLibrary
Sleep
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetSystemInfo
GetDefaultCommConfigA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
InitializeCriticalSection
CloseHandle
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapCreate
HeapDestroy
HeapReAlloc
HeapFree
GetConsoleMode
GetConsoleCP
FatalAppExitA
GetModuleFileNameA
ExitProcess
VirtualAlloc
VirtualFree
GetModuleHandleA
GetProcAddress
lstrcmpiW
LoadLibraryW
lstrlenW
GetModuleHandleW
GetPrivateProfileIntW
GetCurrentProcess
ExitThread
MoveFileExA
GetFullPathNameW
GetFileInformationByHandle
GetLogicalDriveStringsW
SetNamedPipeHandleState
WriteConsoleW
ReadFileScatter
DeleteTimerQueueEx
WritePrivateProfileSectionW
RegisterWaitForSingleObject
SetMailslotInfo
LocalReAlloc
CreateNamedPipeW
SetVolumeMountPointA
GetDiskFreeSpaceW
MoveFileWithProgressW
SetTapeParameters
CreateActCtxA
GetCPInfoExW
InitializeSListHead
SetFilePointer
VirtualQuery
SetProcessWorkingSetSize
SetFirmwareEnvironmentVariableA
TerminateProcess
SetProcessAffinityMask
EnumResourceTypesW
WTSGetActiveConsoleSessionId
SetStdHandle
GetSystemDefaultUILanguage
GetDiskFreeSpaceExW
GetProcessHeap
DisconnectNamedPipe
GetOverlappedResult
WriteFile
WaitForSingleObjectEx
FreeResource
GetModuleFileNameW
lstrcmpiA
CreateWaitableTimerW
DeleteTimerQueue
CreateFileA
SleepEx
ActivateActCtx
WritePrivateProfileStringA
GetBinaryTypeA
SetConsoleTitleW
GlobalFindAtomW
GetCPInfo
SetConsoleCtrlHandler
lstrcpynA
GetExitCodeThread
SetConsoleOutputCP
GetLongPathNameA
ResetWriteWatch
GetThreadLocale
GetTimeFormatW
GenerateConsoleCtrlEvent
GetUserGeoID
CreatePipe
DeleteVolumeMountPointA
TransactNamedPipe
CreateWaitableTimerA
EnumSystemGeoID
OpenFile
WaitNamedPipeW
GetProcessHandleCount
FindFirstFileW
RaiseException
ReleaseSemaphore
GetSystemDefaultLCID
GetPrivateProfileStringA
GetMailslotInfo
SetDefaultCommConfigA
GetSystemWow64DirectoryW
FlushConsoleInputBuffer
LocalFileTimeToFileTime
EnumResourceNamesA
FindVolumeMountPointClose
ReplaceFileA
DosDateTimeToFileTime
EnumLanguageGroupLocalesW
GetTapeStatus
OpenFileMappingW
CreateSemaphoreW
GetPrivateProfileSectionNamesW
TzSpecificLocalTimeToSystemTime
GlobalCompact
InterlockedPushEntrySList
WaitForSingleObject
SetMessageWaitingIndicator
FreeEnvironmentStringsA
EnumDateFormatsA
GlobalFix
CreateMutexA
LocalUnlock
MapViewOfFileEx
SetLocaleInfoA
GetProcessAffinityMask
GetFileSizeEx
PulseEvent
GetLocaleInfoW
GetHandleInformation
AttachConsole
GetLastError
DeleteFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
WideCharToMultiByte
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
ExitProcess

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flat
Size: 940KB - Virtual size: 938KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9376e5638910a0403cd4c2b65c57a9fd

Headers

File Characteristics

PDB Paths

Imports

ole32

imm32

comdlg32

ntdsapi

urlmon

pdh

mprapi

clusapi

setupapi

shell32

oleaut32

kernel32

Sections

.text Size: 184KB - Virtual size: 180KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 13KB

.flat Size: 940KB - Virtual size: 938KB

.rsrc Size: 8KB - Virtual size: 1.1MB

.text
Size: 184KB - Virtual size: 180KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 13KB

.flat
Size: 940KB - Virtual size: 938KB

.rsrc
Size: 8KB - Virtual size: 1.1MB