b845488977f798e6486d7561edc3a94f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b845488977f798e6486d7561edc3a94f_JaffaCakes118
Size

596KB
MD5

b845488977f798e6486d7561edc3a94f
SHA1

039913cb8204c621c694fd35465187c61cd11c22
SHA256

6e11487dabf0b6e5ed664cc50fd9c4d9542d4a1bbaead107551b5127ff4f9184
SHA512

0fd068159415679e8a781923b9c17b5db89ac1957af8d1a1a07ee22cea6ae32e71a43568c70c40a9471eac3d015c9eed667b6a2aa161b64eb67747516146104f
SSDEEP

12288:KEBnod0w2ehxxY+erwjKX0w2ehxxY+erw7NL:KEBoJ2wjKr2w7N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b845488977f798e6486d7561edc3a94f_JaffaCakes118

Files

b845488977f798e6486d7561edc3a94f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8a2f7a22151b1e94db3c8de25a65c2ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasDialA
RasEnumDevicesA

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetCandidateListA
ImmIsIME
ImmSetConversionStatus
ImmCreateContext
ImmNotifyIME
ImmGetProperty
ImmGetCompositionStringA

kernel32

BuildCommDCBAndTimeoutsW
EnumCalendarInfoA
GetStartupInfoA
GetModuleHandleA
CreateNamedPipeA

user32

GetClientRect
IsIconic
LoadIconA
EnableWindow
SendMessageA
GetClassNameW
GetMessageA
GetKeyboardState
LoadCursorW
DialogBoxIndirectParamW
GetWindowRect
CharNextW
MoveWindow
IsClipboardFormatAvailable
CloseClipboard
GetForegroundWindow
DefWindowProcA
CreateWindowStationW
GetProcessWindowStation
SetScrollPos
EnumDisplaySettingsA
ChangeDisplaySettingsA
EnableScrollBar
GetClipboardData
PackDDElParam
CreateMenu
GetScrollInfo
GetMenuItemCount
EnumWindows
InvalidateRect
WinHelpA
ShowScrollBar
RegisterClipboardFormatW
GetFocus
BringWindowToTop
CreateDialogIndirectParamW
GetTabbedTextExtentW
GetMenu
DefFrameProcW
DdeConnect
InsertMenuA
ValidateRect
CreateDesktopW
EnableMenuItem
InvalidateRgn
GetWindowModuleFileNameA
SystemParametersInfoA
GetWindowWord
GetDlgCtrlID
DestroyAcceleratorTable
DrawCaption
CopyAcceleratorTableW
KillTimer
InSendMessage
TranslateAcceleratorA
SetDlgItemTextW
SendInput
DialogBoxIndirectParamA
ClipCursor
BlockInput
RemovePropA
GetDlgItemInt
GetScrollPos
FrameRect
ReplyMessage
CharUpperBuffW
LoadStringW
PostMessageA
OpenClipboard
TrackPopupMenu
GetSystemMetrics
MessageBoxIndirectA
GetCursorPos
SetRect
IsZoomed
TrackPopupMenuEx
VkKeyScanExW
SetCaretBlinkTime
GetKeyNameTextW
DrawTextW
SetActiveWindow
LoadImageA
SetMenuItemInfoA
MessageBoxA
PostQuitMessage
DdeQueryStringA
IsChild
DrawStateA
AttachThreadInput
DrawIcon
ShowCursor
DdeAccessData
CreateDialogParamA
CharLowerW
GetClipCursor
MapVirtualKeyExW
GetWindowTextA
DdeClientTransaction
SetCaretPos
IsCharUpperA
CallMsgFilterA
GetDlgItemTextW
FindWindowExW
SendDlgItemMessageA
DdeCreateStringHandleW
DefDlgProcA
wvsprintfA
DefDlgProcW
LoadCursorFromFileW
RegisterClassExW
TranslateMessage
TranslateMDISysAccel
BeginPaint
GetNextDlgTabItem
GetTabbedTextExtentA
CloseDesktop
FindWindowExA
RegisterWindowMessageA
GetDlgItem
SetForegroundWindow
DrawTextA
CharPrevA
LoadMenuW
GetCursor
SetWinEventHook
TranslateAcceleratorW
IsWindowVisible
DispatchMessageW
IsDialogMessageA
ScreenToClient
SetWindowTextW
GetMessageW
ClientToScreen
SetWindowLongW
VkKeyScanW
CharToOemBuffA
GetWindowThreadProcessId
IsWindow
MessageBeep
CopyImage
UnhookWinEvent
IsCharLowerA
DrawAnimatedRects
GetClassLongA
PostThreadMessageW
LoadKeyboardLayoutA
SendDlgItemMessageW
WindowFromDC
ScrollWindow
ShowOwnedPopups
MapDialogRect
FlashWindow
OffsetRect
CreateWindowExA
CreateDialogIndirectParamA
CallWindowProcA
CharLowerBuffA
DrawTextExA
GetCapture
SetDlgItemInt
CharNextA
GetMessagePos
IsCharAlphaW
ToAscii
CreatePopupMenu
EnumDisplaySettingsW
DestroyMenu
ModifyMenuW
IsCharAlphaA
GetPropA
WinHelpW
DdeDisconnect
DragDetect
PtInRect
GetSysColorBrush
DialogBoxParamA
GetKeyboardLayoutNameW
GetDC
OemToCharA
GetClassNameA
SetParent
GetClipboardViewer
GetDlgItemTextA
ValidateRgn
LoadMenuA
UnpackDDElParam
LoadKeyboardLayoutW
LoadBitmapW
NotifyWinEvent
UnhookWindowsHook
PostMessageW
FindWindowW
UnionRect
EnumChildWindows
GetUpdateRgn
GetGUIThreadInfo
CharUpperW
SetWindowTextA
ChangeDisplaySettingsW
MapVirtualKeyA
GetWindowTextLengthA
LockWindowUpdate

msvcrt

_setmbcp
__p__fmode
__p__commode
_controlfp
islower
_adjust_fdiv
$I10_OUTPUT
fwrite
__dllonexit
_onexit
feof
_findfirst
modf
_acmdln
__getmainargs
_initterm
__setusermatherr
__set_app_type

advapi32

DecryptFileW
IsTokenRestricted
RegCreateKeyW
RegUnLoadKeyW
LsaOpenPolicy
EncryptFileW
GetKernelObjectSecurity
SetFileSecurityA
GetAclInformation
QueryServiceLockStatusA
InitializeSid
RegDeleteKeyA
GetSidLengthRequired
AddAce
GetSecurityDescriptorDacl
SetServiceStatus
LookupPrivilegeValueW
DeleteService
FreeSid
RegSetValueExW
ControlService
OpenEventLogW
RegSetValueW
RegSetValueA
ReportEventA
ChangeServiceConfig2W
RegReplaceKeyA
LsaQueryInformationPolicy
RegQueryValueW
RegOpenKeyExA
GetUserNameA
InitiateSystemShutdownA
RegCreateKeyExW
RegisterServiceCtrlHandlerA
RegSetKeySecurity
InitializeSecurityDescriptor
DeleteAce
GetUserNameW
RegCreateKeyA
RegCloseKey
GetSidSubAuthorityCount
CreateProcessAsUserA
CreateProcessAsUserW
ImpersonateSelf
OpenServiceA
RegEnumKeyW
EnumDependentServicesA
EnumServicesStatusA
LookupAccountNameW
RegRestoreKeyW
CopySid
RegNotifyChangeKeyValue
SetSecurityDescriptorSacl
ReadEventLogW
LsaFreeMemory
SetKernelObjectSecurity
SetNamedSecurityInfoW
QueryServiceConfigA
SetFileSecurityW
RegConnectRegistryA
LookupAccountSidA
GetSidIdentifierAuthority
RegisterServiceCtrlHandlerW
OpenSCManagerW
QueryServiceLockStatusW
ReportEventW
AddAccessAllowedAce
LogonUserA
GetServiceKeyNameW
SetEntriesInAclA
RegQueryInfoKeyW
RegQueryInfoKeyA
ChangeServiceConfig2A
GetFileSecurityW
SetThreadToken
InitializeAcl
EnumDependentServicesW
CreateServiceW
RegDeleteValueW
RegLoadKeyA
StartServiceCtrlDispatcherA
LookupAccountNameA
SetTokenInformation
SetSecurityDescriptorDacl
LockServiceDatabase
RegOpenKeyExW
RegEnumKeyExA
GetAce
GetSidSubAuthority
LookupPrivilegeValueA
AllocateAndInitializeSid
RevertToSelf
StartServiceA
OpenSCManagerA
CloseServiceHandle
SetEntriesInAclW
RegCreateKeyExA
MakeSelfRelativeSD
QueryServiceConfigW
ChangeServiceConfigW
GetLengthSid
OpenThreadToken
LsaRetrievePrivateData
LsaAddAccountRights
SetServiceObjectSecurity
StartServiceCtrlDispatcherW
SetSecurityDescriptorOwner
RegFlushKey
ObjectCloseAuditAlarmW
GetServiceDisplayNameW
QueryServiceStatus
RegOverridePredefKey
AdjustTokenPrivileges
RegQueryValueA
MakeAbsoluteSD

mfc42

ord4698
ord5307
ord1082
ord5714
ord2982
ord1061
ord3259
ord4465
ord1046
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord1037
ord4424
ord3738
ord561
ord815
ord2514
ord641
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1060
ord4407
ord1054
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord1085
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord1066
ord1096
ord1090
ord4627
ord4425
ord1015
ord324
ord4234
ord4710
ord1168
ord1056
ord755
ord470
ord2379
ord2725
ord5302
ord1054
ord3346
ord1030
ord2396
ord1089
ord3922
ord5731
ord1088
ord2554
ord4486
ord6375
ord1576
ord4274
ord1775
ord1003

Sections

.text
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 801KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a2f7a22151b1e94db3c8de25a65c2ec

Headers

File Characteristics

Imports

rasapi32

imm32

kernel32

user32

msvcrt

advapi32

mfc42

Sections

.text Size: 348KB - Virtual size: 347KB

.rdata Size: 220KB - Virtual size: 218KB

.data Size: 8KB - Virtual size: 801KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 348KB - Virtual size: 347KB

.rdata
Size: 220KB - Virtual size: 218KB

.data
Size: 8KB - Virtual size: 801KB

.rsrc
Size: 16KB - Virtual size: 14KB