0c94e2795059e552fa65da143a9f70b1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c94e2795059e552fa65da143a9f70b1_JaffaCakes118
Size

761KB
MD5

0c94e2795059e552fa65da143a9f70b1
SHA1

cf644cba453abcbb0df22b6154f3920fde702ff4
SHA256

ef3e9967c306cff32638691a5e1cb09c0152e1b6ffd28d104d7c9e52a60c9076
SHA512

59d6695faa7b5eaec9d97f2aa6a8276f711065ae69481e1d7ddfb8ca5cc707d30bed8ca9a60b427f7eb0e511dab31c32cb9a74e5c41341a1b13ea624119701a9
SSDEEP

12288:CYdYCj/++J++++Yd9W1fT9SFFFFw5r52s0dsB/rChSFqJE2wcWilrGyvI+xwdvx0:CYOq++J++++Yd81LQFFFFw54darCh3JP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c94e2795059e552fa65da143a9f70b1_JaffaCakes118

Files

0c94e2795059e552fa65da143a9f70b1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1223ab4227449334da9d4e11fa570120

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

p:\vc5\release\web_setup.pdb

Imports

ntdll

ZwSetValueKey
ZwDeleteKey
LdrAccessResource
LdrFindResource_U
ZwReadFile
RtlFreeUnicodeString
swprintf
RtlFormatCurrentUserKeyPath
ZwDeleteFile
ZwQueryDirectoryFile
ZwCreateKey
ZwQueryKey
strtoul
sprintf
RtlNtStatusToDosError
RtlImageNtHeader
RtlExitUserThread
wcstoul
RtlGetFrame
RtlDosPathNameToNtPathName_U
RtlPushFrame
RtlPopFrame
RtlCreateUserThread
LdrFindEntryForAddress
RtlInitUnicodeString
ZwDuplicateObject
ZwOpenProcess
RtlEqualUnicodeString
ZwQuerySystemInformation
ZwQueryVolumeInformationFile
RtlAdjustPrivilege
ZwDeviceIoControlFile
RtlIpv4StringToAddressA
RtlIpv4AddressToStringA
ZwEnumerateKey
ZwOpenKey
RtlIpv4StringToAddressW
ZwQueryValueKey
memcpy
_allshr
_allmul
_aulldvrm
ZwCreateFile
ZwClose
ZwSetInformationFile
ZwQueryInformationFile
ZwOpenFile
ZwWriteFile
memset

kernel32

GetModuleHandleW
LocalFree
VirtualAlloc
WideCharToMultiByte
VirtualFree
CreateProcessW
GetVersion
BindIoCompletionCallback
GetLastError
ExitProcess
Sleep
LocalAlloc
FormatMessageW
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetSystemTimeAsFileTime

advapi32

MD5Init
MD5Final
MD5Update

user32

GetDlgItemInt
SetDlgItemInt
SetCursor
PeekMessageW
DispatchMessageW
DestroyWindow
LoadCursorW
CheckDlgButton
PostQuitMessage
GetMessageW
IsDialogMessageW
BringWindowToTop
GetSysColorBrush
ScreenToClient
ClientToScreen
SetCursorPos
GetWindowTextLengthW
GetWindowRect
SetForegroundWindow
MessageBoxIndirectW
IsDlgButtonChecked
TranslateMessage
SetWindowTextW
GetDlgItem
MessageBoxW
PostMessageW
SendMessageW
LoadImageW
DestroyIcon
GetWindow
ShowWindow
SetFocus
GetWindowLongW
SetWindowLongW
GetWindowTextW
CreateDialogParamW
EnableWindow
SetDlgItemTextW
GetDlgCtrlID
GetParent

comctl32

ImageList_ReplaceIcon
ImageList_Create
ord17

ws2_32

WSACleanup
WSAStartup
WSARecvFrom
WSASendTo
setsockopt
WSASend
WSARecv
WSAIoctl
bind
closesocket
WSAGetLastError
WSASocketW

gdi32

DeleteObject
CreateFontIndirectW
GetStockObject

uxtheme

GetThemeSysFont

shell32

SHOpenFolderAndSelectItems
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetDesktopFolder
ShellExecuteExW

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

cabinet

ord22
ord20
ord23

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1223ab4227449334da9d4e11fa570120

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

user32

comctl32

ws2_32

gdi32

uxtheme

shell32

ole32

cabinet

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 388B

.rsrc Size: 191KB - Virtual size: 191KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 388B

.rsrc
Size: 191KB - Virtual size: 191KB