0b8d5aecb7cc569f02d7820abf0194cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b8d5aecb7cc569f02d7820abf0194cc_JaffaCakes118
Size

459KB
MD5

0b8d5aecb7cc569f02d7820abf0194cc
SHA1

d0aed9bb2863b915d486fd448f44d6538c2f68d6
SHA256

cc58555a5a900f9182af8db82caa1cd0d9f6cca8e1ea4abfa55baae9df614fce
SHA512

4cffe185f73b3c80b0ace428de136709dde7fbe509e0a32dfe29ace7558ae3a472ce3b6c2496ce74624501353aaf57420c92f1771928453b17e92691ca11fe6b
SSDEEP

12288:WWjXle02cUcNKcR9n/GSmbZ5oNmR4KIPhcQfm/MMnMMMMMyfxtz87GX3:WWjl5IuuSmNbR/MuMMnMMMMMyfxtGu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b8d5aecb7cc569f02d7820abf0194cc_JaffaCakes118

Files

0b8d5aecb7cc569f02d7820abf0194cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

66710cad669392ff1e93cccaabb34462

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyW
RegOpenKeyExA
RegSetValueA
RegOpenKeyW
RegQueryInfoKeyA
RegQueryValueA
RegEnumValueW
InitializeSecurityDescriptor
RegCloseKey
RegDeleteKeyA
RegEnumValueA
RegDeleteValueW
RegQueryValueExA
ReportEventA
RegDeleteValueA
RegSetValueExA
RegisterEventSourceA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyA
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExW
RegDeleteKeyW
SetSecurityDescriptorDacl
RegEnumKeyA
DeregisterEventSource

samlib

SamConnectWithCreds
SamTestPrivateFunctionsDomain
SamRemoveMultipleMembersFromAlias

ddraw

DirectDrawEnumerateA

kernel32

GlobalLock
FreeEnvironmentStringsW
SetFileAttributesA
CreateDirectoryA
SetLastError
LoadResource
GetModuleFileNameW
CreateSemaphoreA
CreateProcessA
ExitThread
FlushInstructionCache
LCMapStringW
RtlUnwind
lstrcmpiA
Sleep
GetVersionExA
lstrcpyA
GetUserDefaultLCID
GlobalDeleteAtom
GetEnvironmentStrings
VirtualAlloc
WideCharToMultiByte
GlobalReAlloc
CompareStringA
lstrcmpA
FileTimeToSystemTime
RemoveDirectoryA
lstrlenA
GetStartupInfoA
HeapCreate
GetLocalTime
GetTempFileNameA
SetFilePointer
GetFileType
FreeEnvironmentStringsA
IsBadReadPtr
GetSystemDirectoryA
VirtualQuery
VirtualFree
HeapSize
InterlockedDecrement
ReleaseSemaphore
FormatMessageW
InterlockedIncrement
GetTickCount
GetStdHandle
CreateMailslotA
GetFullPathNameA
lstrcatA
ExitProcess
GetCurrentProcess
GetLocaleInfoA
EnterCriticalSection
IsBadCodePtr
ResetEvent
GetCommandLineA
CreateFileA
WriteFile
VirtualProtect
CreateThread
FileTimeToLocalFileTime
GetEnvironmentStringsW
SetHandleCount
FlushFileBuffers
LoadLibraryExA
TlsSetValue
GetCPInfo
_lclose
GetStringTypeExA
GetModuleFileNameA
CreateEventA
SetFileTime
DuplicateHandle
MulDiv
GetOEMCP
GetModuleHandleA
HeapFree
GetSystemDefaultLangID
GetFileAttributesA
GetStringTypeA
DeleteFileA
WinExec
GlobalHandle
FindFirstFileA
TlsGetValue
GetCurrentDirectoryA
_lread
TlsAlloc
GetACP
LockResource
GetDriveTypeA
InitializeCriticalSection
GetCurrentProcessId
MoveFileA
FindResourceA
SetEnvironmentVariableA
HeapAlloc
RaiseException
GetProfileStringA
FormatMessageA
HeapDestroy
FindNextFileA
GetTempPathA
UnhandledExceptionFilter
GetProcAddress
TlsFree
SetErrorMode
LockFile
CreateProcessW
LoadLibraryA
SetStdHandle
IsDBCSLeadByte
GetStringTypeW
GetWindowsDirectoryA
GetExitCodeProcess
GetDateFormatA
GetShortPathNameA
FindClose
GetVersion
_lwrite
SetEndOfFile
SetCurrentDirectoryA
SystemTimeToFileTime
GlobalSize
ResumeThread
GetTimeZoneInformation
LCMapStringA
CloseHandle
GetSystemTime
HeapReAlloc
TerminateProcess
GlobalUnlock
GlobalAddAtomA
DeleteCriticalSection
GetFileTime
GetSystemDefaultLCID
MultiByteToWideChar
GetCurrentThreadId
ReadFile
CompareStringW
WaitForSingleObject
SetEvent
lstrcpynA
_llseek
GetUserDefaultLangID
GetLastError
UnlockFile
SizeofResource
GlobalAlloc
SearchPathA
FreeLibrary
FreeResource
GlobalFree
LeaveCriticalSection
SetLocalTime
GetSystemInfo
GetVolumeInformationA

ws2_32

setsockopt

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 154KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66710cad669392ff1e93cccaabb34462

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

samlib

ddraw

kernel32

ws2_32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 205KB - Virtual size: 205KB

.idata Size: 5KB - Virtual size: 5KB

.data Size: 154KB - Virtual size: 1016KB

.rsrc Size: 131KB - Virtual size: 130KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 205KB - Virtual size: 205KB

.idata
Size: 5KB - Virtual size: 5KB

.data
Size: 154KB - Virtual size: 1016KB

.rsrc
Size: 131KB - Virtual size: 130KB

.reloc
Size: 512B - Virtual size: 64B