03dac6e90b06ca1312752588de4ce346_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

03dac6e90b06ca1312752588de4ce346_JaffaCakes118
Size

343KB
MD5

03dac6e90b06ca1312752588de4ce346
SHA1

29762536c090d77b4d6de32a3eb7e6f78a54f822
SHA256

99ba84a68a26624de631793314fd42a5b1e04fa398a6fcafbc12f71f65ff6bbb
SHA512

e74f7e43faf6fdc98f21027368cc1c169a5c4191eb34df17fe5e16f0d484639332edb444305a3770921e1148b01774b9dddec0ea6733f94bc5b796d0dfb3b4c9
SSDEEP

6144:+E4rnpKEZMjFe//K93RfTUGekoUYmVVFsKbWaK+Dlk6LcS108+zMC7s:Sprwe//OtJpJfd8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03dac6e90b06ca1312752588de4ce346_JaffaCakes118

Files

03dac6e90b06ca1312752588de4ce346_JaffaCakes118
.exe .vbs windows:5 windows x86 arch:x86 polyglot

2efba96d0bbd2ff7c3e760762f270f5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
CreateProcessW
DeleteFileW
MapViewOfFile
DuplicateHandle
GetSystemDefaultLangID
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetWindowsDirectoryW
GetTempFileNameW
lstrlenW
VirtualFree
GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
GetLocalTime
OpenEventA
GetTempFileNameA
OpenProcess
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
TerminateProcess
CreateEventW
lstrcmpiA
QueryDosDeviceA
DefineDosDeviceA
lstrcmpA
CreateFileW
LoadLibraryW
lstrcmpiW
FormatMessageW
GetFileSize
LocalFree
LocalAlloc
CreateFileMappingA
MapViewOfFileEx
FindResourceA
LoadResource
SetEndOfFile
UnmapViewOfFile
ReadFile
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
DeviceIoControl
GetSystemDirectoryA
GetDiskFreeSpaceA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
DelayLoadFailureHook
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
FreeLibrary
GetVersionExA
GetSystemInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentVariableA
CreateMutexA
SetUnhandledExceptionFilter
FormatMessageA
lstrcpynA
lstrcpyA
WaitForSingleObject
SetEvent
GetModuleHandleA
CreateThread
GetCurrentProcess
Sleep
DeleteFileA
WideCharToMultiByte
GetWindowsDirectoryA
VirtualAlloc
SetCurrentDirectoryA
LoadLibraryA
CopyFileA
SetFileAttributesA
MultiByteToWideChar
GetProcAddress
SetFilePointer
CreateFileA
WriteFile
CloseHandle
RemoveDirectoryA
MoveFileExA
lstrlenA
GetFullPathNameA
ExitProcess
GetLastError
SetLastError
GetModuleFileNameA
SetEnvironmentVariableA
GetFileAttributesA
MoveFileA
CreateEventA

comctl32

PropertySheetW
CreatePropertySheetPageW

user32

GetDlgItem
SendMessageA
EnumWindowStationsA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
EnumDesktopsA
CloseWindowStation
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
ShowWindow
CloseDesktop
FindWindowExA
GetWindowThreadProcessId
GetWindow
GetWindowTextA
wvsprintfW
EnableWindow
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
MessageBoxW
SendDlgItemMessageA
EnumWindows
LoadStringW
LoadStringA
EndDialog
SetForegroundWindow
SendMessageW
PostMessageA
SetWindowTextW
SetWindowLongA
GetWindowLongA
GetParent
DestroyWindow
SetDlgItemTextW
IsDlgButtonChecked
SetTimer
CheckDlgButton
KillTimer
DialogBoxParamW
SetWindowTextA
DialogBoxParamA
SetDlgItemTextA
MessageBoxA
LoadIconA

ntdll

RtlUnwind
strrchr
_itoa
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
NtQueryInformationProcess
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlUnicodeStringToAnsiString
_strcmpi
strncat
_strlwr
strstr
_strnicmp
sprintf
strchr
strncpy
_snprintf
_stricmp
strtoul
_snwprintf
wcscpy
wcslen
_chkstk

ole32

CoInitialize
CoUninitialize

msvcrt

__p__fmode
__p__commode
__set_app_type
_adjust_fdiv
__setusermatherr
_controlfp
getenv
_initterm
__getmainargs
_acmdln
malloc
free
_strdup
_vsnprintf
_vsnwprintf
strcspn
memmove
isdigit
swprintf
calloc
wcscmp
strspn
atol
strpbrk
_close
_lseek
_read
_open
mbstowcs
_ultoa
_wtoi64
_wcsicmp
strtok
wcstoul
exit
_itow
_c_exit
_exit
_XcptFilter
_cexit

advapi32

RegCreateKeyExA
QueryServiceStatus
CloseServiceHandle
GetServiceDisplayNameA
ControlService
SetFileSecurityA
RegRestoreKeyA
RegDeleteValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
StartServiceA
OpenSCManagerA
EnumDependentServicesA
RegQueryValueExW
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
OpenProcessToken
DeregisterEventSource
ReportEventA
RegisterEventSourceA
AdjustTokenPrivileges
FreeSid
SetNamedSecurityInfoA
GetNamedSecurityInfoA
UnlockServiceDatabase
ChangeServiceConfigA
QueryServiceConfigA
LockServiceDatabase
GetFileSecurityA
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
AbortSystemShutdownA
InitiateSystemShutdownA
RegOpenKeyA
RegEnumKeyExA
RegQueryInfoKeyA
EnumServicesStatusExA
OpenServiceW
OpenServiceA

gdi32

GetObjectA
CreateFontIndirectA

shell32

SHGetSpecialFolderPathA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

GetModuleFileNameExA

userenv

ord119
ord138
ord121

rpcrt4

UuidFromStringA

imagehlp

EnumerateLoadedModules64

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2efba96d0bbd2ff7c3e760762f270f5a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

user32

ntdll

ole32

msvcrt

advapi32

gdi32

shell32

version

psapi

userenv

rpcrt4

imagehlp

Sections

.text Size: 150KB - Virtual size: 150KB

.data Size: 2KB - Virtual size: 395KB

.rsrc Size: 45KB - Virtual size: 45KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 150KB - Virtual size: 150KB

.data
Size: 2KB - Virtual size: 395KB

.rsrc
Size: 45KB - Virtual size: 45KB

PACK
Size: 144KB - Virtual size: 380KB