03e9b16ba629eda1436fcb883572b07c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

03e9b16ba629eda1436fcb883572b07c_JaffaCakes118
Size

166KB
MD5

03e9b16ba629eda1436fcb883572b07c
SHA1

be2f0c986c9b24d62ae785bf82040c8526d345ed
SHA256

2055b2986bd651c34672fa435c27e505d4faf443add8fb4b90ebc4d44352b13d
SHA512

7bd121a13980f9ff3cd44e868b704b9e73bb0d42ef64264fbc5e40449a63c372366224b06e833145de286d588f6e76aabefe87d90149758374eec13c32a91785
SSDEEP

3072:vjPFQ+SzxKrDdPyvkj6UHsn9JzLEkuqQE9FiXPYcQWp21CW52:Lu+SMvFikGUHsnXzLFuW9wPYBW0EP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03e9b16ba629eda1436fcb883572b07c_JaffaCakes118

Files

03e9b16ba629eda1436fcb883572b07c_JaffaCakes118
.exe windows:2 windows x86 arch:x86

7a27122155f1faa5cfe7fc6769227566

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
CreateRestrictedToken
CreateProcessAsUserW
EqualSid
CreateWellKnownSid
LsaOpenPolicy
LsaLookupPrivilegeValue
LsaNtStatusToWinError
LsaClose
CopySid
GetKernelObjectSecurity
GetSecurityDescriptorDacl
SetTokenInformation
GetAclInformation
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
AddAce
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
GetSidSubAuthority
GetSidSubAuthorityCount
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
TraceEvent

kernel32

CreateEventW
ResetEvent
CloseHandle
SetEvent
InterlockedIncrement
InterlockedDecrement
GetFileAttributesExW
FileTimeToSystemTime
RaiseException
MultiByteToWideChar
GetLastError
GetVersionExW
ExitProcess
GetCurrentProcess
GetStartupInfoW
GetCommandLineW
GetCurrentProcessId
FreeLibrary
InterlockedExchange
SwitchToThread
InterlockedCompareExchange
lstrlenW
GetModuleHandleW
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
DeleteCriticalSection
HeapSetInformation
IsDebuggerPresent
OpenEventW
LocalFree
FormatMessageW
ReleaseActCtx
CreateActCtxW
ActivateActCtx
DeactivateActCtx
TerminateProcess
CreateTimerQueueTimer
FindFirstFileW
OpenProcess
LocalAlloc
OutputDebugStringW
GetTempPathW
GetTempFileNameW
CreateFileW
GetNativeSystemInfo
GetEnvironmentVariableW
CreateProcessW
WaitForSingleObject
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
FindResourceExW
GetProcessHeap
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
UnhandledExceptionFilter
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
SetLastError
TlsSetValue
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
Sleep
GetStdHandle
FreeEnvironmentStringsA
VirtualAllocEx

user32

PostMessageW
MessageBoxA
MsgWaitForMultipleObjects
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
CharNextW
WaitForInputIdle
MessageBeep
MessageBoxW
PostQuitMessage

ntdll

RtlInitUnicodeString
RtlUnwind

ole32

CoMarshalInterThreadInterfaceInStream
CoRevokeClassObject
CoReleaseMarshalData
CreateBindCtx
CLSIDFromProgID
CoTaskMemAlloc
CoUninitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoRegisterClassObject

shlwapi

PathFindExtensionW
AssocQueryStringW

wininet

InternetCreateUrlW
InternetCrackUrlW

urlmon

CreateURLMonikerEx
CoInternetParseUrl
RegisterBindStatusCallback
CoInternetCreateSecurityManager
CoInternetCombineUrl
URLDownloadToCacheFileW
GetClassFileOrMime

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW

winmm

mciSetDriverData
mmioRenameA
waveOutSetVolume
mciDriverYield
joyGetDevCapsW
midiStreamProperty
waveOutClose
midiInGetDevCapsW
joyGetThreshold
waveInMessage
sndPlaySoundW
mmioInstallIOProcW
mmioStringToFOURCCA
midiStreamPause
midiDisconnect
mciGetYieldProc
waveInReset
midiOutCacheDrumPatches
mciDriverNotify
midiStreamStop
joyGetPosEx
waveInPrepareHeader
midiInReset
waveOutGetPosition
mmGetCurrentTask

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.G
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oYP
Size: 2KB - Virtual size: 48KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a27122155f1faa5cfe7fc6769227566

Headers

File Characteristics

Imports

advapi32

kernel32

user32

ntdll

ole32

shlwapi

wininet

urlmon

shell32

winmm

Sections

.text Size: 22KB - Virtual size: 22KB

.G Size: 1KB - Virtual size: 31KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 13KB - Virtual size: 137KB

.oYP Size: 2KB - Virtual size: 48KB

.rsrc Size: 118KB - Virtual size: 117KB

.text
Size: 22KB - Virtual size: 22KB

.G
Size: 1KB - Virtual size: 31KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 13KB - Virtual size: 137KB

.oYP
Size: 2KB - Virtual size: 48KB

.rsrc
Size: 118KB - Virtual size: 117KB