0813797170f48707553c801e2ae27867_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0813797170f48707553c801e2ae27867_JaffaCakes118
Size

107KB
MD5

0813797170f48707553c801e2ae27867
SHA1

5f7ed00afdbd20e2d757d8b813f38c24a014b6a8
SHA256

e905fd09ef72be15d2cb42a1bfe634afa31ca275cdac6e906b14649671a520bf
SHA512

3da1604676223d44222e1d42cc609be9d1b5a45a3dcf2d95449a68fc527b255aed1138c91ebfb721b9a855b40d0276d22db9f12f329c0b9efcd7fcd8807ceda0
SSDEEP

1536:qHvKqC9Jt8huBeGuWUG8mlyzGqurgM4V2YpJ0qIHZ2sIrnW:YvKXkMeGu/zGi5LAZ2J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0813797170f48707553c801e2ae27867_JaffaCakes118

Files

0813797170f48707553c801e2ae27867_JaffaCakes118
.exe windows:6 windows x86 arch:x86

3e411b26227544071875ec8ea2349f5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

consent.pdb

Imports

advapi32

RevertToSelf
ImpersonateLoggedOnUser
EventWrite
RegGetValueW
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventUnregister
EventRegister

kernel32

LoadLibraryW
CreateThread
SetEvent
GetTickCount
GetExitCodeThread
WaitForMultipleObjects
ResumeThread
CreateEventW
GlobalFree
Sleep
CreateFileW
SetPriorityClass
GetCurrentProcess
HeapSetInformation
CompareStringW
GetProcAddress
InterlockedCompareExchange
LoadLibraryA
CloseHandle
ReleaseMutex
WaitForSingleObject
GetCurrentProcessId
GetCurrentThreadId
LoadLibraryExW
FreeLibrary
GetLocaleInfoW
GetUserPreferredUILanguages
SetThreadPreferredUILanguages
QueueUserWorkItem
LocalAlloc
GetCommandLineW
LocalFree
DelayLoadFailureHook
InterlockedExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
LockResource
LoadResource
FindResourceExW
GetLastError

gdi32

SetDCBrushColor
GetStockObject
GetDeviceCaps
CreateRectRgn
SelectClipRgn
ExcludeClipRect
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
BitBlt
CreateCompatibleBitmap

user32

GetWindowTextW
GetWindowRect
GetAncestor
SystemParametersInfoW
FillRect
GetSystemMetrics
GetDC
SetThreadDesktop
OpenDesktopW
GetClassNameW
GetForegroundWindow
FlashWindowEx
SetPropW
DestroyWindow
PostMessageW
UnregisterClassW
DispatchMessageW
TranslateMessage
GetMessageW
ShowWindow
GetDesktopWindow
EnumWindows
LoadCursorW
LoadStringW
SetProcessDPIAware
RegisterClassW
FindWindowA
GetWindowThreadProcessId
DefWindowProcW
BeginPaint
GetWindowDC
ReleaseDC
PostQuitMessage
GetWindowLongW
SetWindowLongW
GetThreadDesktop
OpenInputDesktop
CloseDesktop
GetUserObjectInformationW
LoadIconW
GetParent
CreateWindowExW
GetWindowInfo
DestroyIcon
EndPaint

msvcrt

_vsnwprintf
memset
_wtoi
_wtol
_errno
_wcsicmp
swscanf_s
wcsrchr
wcschr
_cexit
_exit
memcpy
_ismbblead
exit
_acmdln
_controlfp
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
printf
__p__fmode
__p__commode
_XcptFilter
_amsg_exit
_initterm
_adjust_fdiv
__getmainargs
__setusermatherr

ntdll

RtlFreeHeap
RtlNtStatusToDosError
NtQueryInformationToken
RtlNtStatusToDosErrorNoTeb
NtDuplicateToken
NtClose
WinSqmAddToStream
NtOpenProcess
NtWriteVirtualMemory
RtlAllocateHeap
NtReadVirtualMemory
NtDuplicateObject
RtlSubAuthoritySid
EtwSendNotification
RtlLengthRequiredSid
RtlInitializeSid
RtlAdjustPrivilege
RtlInitString
NtAllocateLocallyUniqueId

ole32

CoTaskMemFree
StringFromGUID2
CoInitializeSecurity
CoInitializeEx
CoTaskMemAlloc
CoUninitialize

dwmapi

DwmIsCompositionEnabled

msimg32

AlphaBlend

wmsgapi

WmsgSendMessage

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

winmm

PlaySoundW

userenv

UnloadUserProfile
LoadUserProfileW

winsta

WinStationQueryInformationW

msctfmonitor

UninitLocalMsCtfMonitor
InitLocalMsCtfMonitor

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ecaafwy
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3e411b26227544071875ec8ea2349f5f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

ole32

dwmapi

msimg32

wmsgapi

wtsapi32

winmm

userenv

winsta

msctfmonitor

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 28KB - Virtual size: 29KB

ecaafwy Size: - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 28KB - Virtual size: 29KB

ecaafwy
Size: - Virtual size: 4KB