0185e013b95e7f96c7424d5c17239602_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0185e013b95e7f96c7424d5c17239602_JaffaCakes118
Size

329KB
MD5

0185e013b95e7f96c7424d5c17239602
SHA1

e855188281fc78167368d882956d8d96c67ddd1b
SHA256

a19b9e4ba6823018c558e3de22e975197fcbc354ce347bd578c7e0fe8c6a5d3f
SHA512

dd2d9cc90114460d2348ec419de267f1f492e212aeac76b7f1512ba6d74752c2c8910d16160997e1a1a289ec959570e165b13bbb4319ec074dde43ff6f351b66
SSDEEP

6144:j7DHqfvY7c1weIKWF3qXM3Hn5aqMkGzEVqm55nooPmvvaBfAHTRAC:j7+Y9WJXM3Hn5aqM4VqWhPgyfAH1AC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0185e013b95e7f96c7424d5c17239602_JaffaCakes118

Files

0185e013b95e7f96c7424d5c17239602_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b7cce3fc0f6f7e187a24021cd28c38d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegisterTraceGuidsW
RegQueryValueExW
GetTraceLoggerHandle
GetTraceEnableFlags
RegCloseKey
TraceEvent
TraceMessage
GetTraceEnableLevel
RegOpenKeyExW
UnregisterTraceGuids
RegOpenKeyA

psapi

GetProcessMemoryInfo

user32

EnumDisplaySettingsW
GetDesktopWindow
GetDC
InvalidateRect
EqualRect
EnumDisplayDevicesW
SystemParametersInfoW
GetClientRect
GetMonitorInfoW
GetGuiResources
UpdateLayeredWindow
GetWindowDC
CopyRect
SetLayeredWindowAttributes
OffsetRect
TranslateMessage
DispatchMessageW
IsRectEmpty
RegisterWindowMessageW
EnumDisplayMonitors
MsgWaitForMultipleObjects
ReleaseDC
SetRect
PostMessageW
PeekMessageW
IntersectRect
ClientToScreen
IsWindow
GetWindowLongW

ole32

PropVariantCopy
PropVariantClear
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

gdi32

CreatePalette
SetLayout
GetDCOrgEx
RealizePalette
SelectPalette
GetDeviceCaps
CreateDCW
GetDIBits
CombineRgn
OffsetRgn
CreateRectRgnIndirect
CreateCompatibleDC
BitBlt
RectInRegion
SelectObject
CreateCompatibleBitmap
GdiEntry13
CreateDIBSection
DrawEscape
DeleteObject
GetRgnBox
GetRegionData
GetSystemPaletteEntries
CreateICW
DeleteDC

kernel32

CloseHandle
VirtualQuery
VirtualAlloc
GetTickCount
CancelIo
WriteFile
ExitProcess
SleepEx
GetProcAddress
GetProcessHeap
GetLastError
RtlUnwind
CreateThread
GetProcessId
LoadResource
LoadLibraryA
HeapAlloc
InterlockedFlushSList
FindFirstFileW
DisableThreadLibraryCalls
GetFullPathNameA
GetModuleHandleW
GetSystemTimeAsFileTime
CreateEventW
LocalAlloc
DelayLoadFailureHook
QueryDepthSList
OutputDebugStringA
MapViewOfFile
GetSystemDirectoryW
GetCurrentThread
CreateFileMappingA
SystemTimeToFileTime
GetOverlappedResult
ProcessIdToSessionId
TerminateThread
InitializeCriticalSectionAndSpinCount
CreateWaitableTimerW
WideCharToMultiByte
WaitForMultipleObjects
GlobalUnlock
CreateFileW
LockResource
VirtualFree
QueryPerformanceFrequency
EnterCriticalSection
MulDiv
GetVersion
CompareStringW
LoadLibraryW
DeleteCriticalSection
SetLastError
WaitForSingleObjectEx
LeaveCriticalSection
GetCurrentThreadId
GetModuleHandleA
InterlockedIncrement
CreateFileMappingW
InterlockedPushEntrySList
InterlockedExchangeAdd
FindClose
UnhandledExceptionFilter
Sleep
FindResourceW
GetVersionExA
SetEvent
GetVersionExW
GetCurrentProcess
InterlockedExchange
HeapReAlloc
ReadFile
OutputDebugStringW
IsDebuggerPresent
GetFileSize
ResetEvent
VirtualLock
SetWaitableTimer
PulseEvent
QueryPerformanceCounter
TerminateProcess
GetSystemInfo
UnmapViewOfFile
HeapFree
InitializeSListHead
CreateFileA
FreeLibrary
GetCurrentProcessId
InterlockedCompareExchange
lstrcmpiA
RtlCaptureStackBackTrace
SetThreadPriority
InterlockedDecrement
GetProcessWorkingSetSize
InitializeCriticalSection
SizeofResource
SetUnhandledExceptionFilter
RaiseException
LocalFree
IsProcessorFeaturePresent
SetProcessWorkingSetSize
DebugBreak
WaitForSingleObject
TryEnterCriticalSection
DuplicateHandle

msvcrt

_wcsicmp
_strdup
atoi
realloc
_CIfmod
_errno
_controlfp
isspace
_vsnprintf
_CIexp
floor
_finite
_CItanh
modf
memcpy
_wtoi
isdigit
_CItan
isalnum
_CIsqrt
_purecall
_isnan
setlocale
_resetstkoflw
calloc
isxdigit
qsort
wcsstr
ceil
__dllonexit
_fpclass
_CIsin
memset
_onexit
clock
_CIacos
malloc
_copysign
_initterm
free
_CIcos
_lock
_CIpow
_adjust_fdiv
_CIcosh
_CIatan2
_unlock
_CIatan
wcstol
atof
wcschr
_CIlog
toupper
_CIasin
isalpha
_wtof
memmove
_XcptFilter
_CIsinh
_amsg_exit
strchr
_stricmp
_clearfp
tolower
_vsnwprintf

rpcrt4

RpcAsyncCancelCall
RpcAsyncInitializeHandle
RpcBindingVectorFree
RpcServerInqCallAttributesW
NdrAsyncServerCall
RpcSsDestroyClientContext
RpcServerRegisterIfEx
NdrAsyncClientCall
RpcStringBindingComposeW
RpcEpRegisterW
RpcServerUseProtseqW
RpcBindingFromStringBindingW
RpcAsyncGetCallStatus
UuidToStringW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcServerInqBindings
RpcAsyncCompleteCall
RpcServerUnregisterIfEx
UuidCreate
RpcBindingFree
RpcStringFreeW

ntdll

RtlInterlockedFlushSList
NtAllocateVirtualMemory
RtlIsGenericTableEmpty
RtlUlongByteSwap
NtCreateSection
NtQuerySystemInformation
RtlDeleteElementGenericTable
DbgPrompt
DbgPrintEx
RtlInitializeBitMap
RtlFindClearBitsAndSet
RtlInitializeGenericTable
RtlInsertElementGenericTable
NtUnmapViewOfSection
NtAddAtom
RtlLookupElementGenericTable
NtMapViewOfSection
RtlClearBits
RtlNumberGenericTableElements

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7cce3fc0f6f7e187a24021cd28c38d8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

psapi

user32

ole32

gdi32

kernel32

msvcrt

rpcrt4

ntdll

Sections

.text Size: 27KB - Virtual size: 26KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 248KB - Virtual size: 248KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 1.4MB

.text
Size: 27KB - Virtual size: 26KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 248KB - Virtual size: 248KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 1.4MB