0c9db49276fc4712f930e1939ec74f6c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c9db49276fc4712f930e1939ec74f6c_JaffaCakes118
Size

100KB
MD5

0c9db49276fc4712f930e1939ec74f6c
SHA1

2fca240e1785e8748f28528d2a1195cce9b36e5c
SHA256

5b0cd1bfb544f022bb2157bb71008b0b83013c88ec044c758f80fcdc1d65825f
SHA512

2e713159af7837125da5b5612afd832662a5f1845968fe272e43bc1b807c99efe6eb30844bcb69aefdf9ccc8e452a30fdb064d948fc1c84401c874464c6d93d2
SSDEEP

3072:a8oyq3RkRgaKDYjQh67Yb1LvYBctpwBO:a8oBXO7K1YcbIO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c9db49276fc4712f930e1939ec74f6c_JaffaCakes118

Files

0c9db49276fc4712f930e1939ec74f6c_JaffaCakes118
.exe windows:6 windows x86 arch:x86

bb867396f5de971ee18fe1f6dcd2bfdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setupugc.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
AdjustTokenPrivileges
RegEnumKeyW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW

kernel32

CreateProcessW
GetExitCodeProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenEventW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
DeleteFileW
SetFileAttributesW
GetModuleFileNameW
GetCurrentDirectoryW
GetFullPathNameW
SetErrorMode
CreateFileW
DeviceIoControl
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
ExpandEnvironmentStringsW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
SetVolumeLabelW
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
CreateDirectoryW
CreateEventW
CreateThread
WaitForSingleObject
CloseHandle
SetEvent
MulDiv
SetLastError
lstrlenW
HeapAlloc
CompareStringW
GetWindowsDirectoryW
SetComputerNameExW
GetLastError
GetProcessHeap
HeapFree
RemoveDirectoryW

gdi32

GetDeviceCaps
CreateFontIndirectW
GetObjectW
GetTextExtentPoint32W
DeleteObject

user32

LoadStringW
CharNextW
CharPrevW
SendMessageW
IsWindow
SetWindowPos
SetWindowTextW
SendDlgItemMessageW
CreateWindowExW
ReleaseDC
GetWindowDC
MapWindowPoints
GetWindowRect
GetDlgItem
GetDC
PostMessageW
ShowWindow
SystemParametersInfoW
SetDlgItemTextW
EndDialog
LoadImageW
DispatchMessageW
TranslateMessage
GetMessageW
CreateDialogParamW

msvcrt

?terminate@@YAXXZ
_except_handler4_common
_controlfp
_unlock
__dllonexit
_lock
_onexit
__set_app_type
memmove
_wcsnicmp
wcschr
_vsnprintf
__p__fmode
wcscspn
wcsspn
iswalpha
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
qsort
_wtoi
iswdigit
iswspace
_vsnwprintf
wcsrchr
memset

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree

dnsapi

DnsValidateName_W

wdscore

WdsSetBlackboardValue
WdsFreeData
WdsTerminate
WdsValidBlackboard
WdsInitialize
WdsCreateBlackboard
WdsGetBlackboardValue
WdsInitializeDataUInt32
WdsDeleteBlackboardValue
WdsAbortBlackboardItemEnum
WdsEnumFirstBlackboardItem
WdsDestroyBlackboard
WdsInitializeDataStringW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

ntdll

NtClose
NtDeviceIoControlFile
NtOpenFile
RtlInitUnicodeString

mpr

WNetAddConnection2W
WNetCancelConnection2W

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb867396f5de971ee18fe1f6dcd2bfdf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

dnsapi

wdscore

rpcrt4

ntdll

mpr

Sections

.text Size: 72KB - Virtual size: 72KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 21KB - Virtual size: 25KB

.text
Size: 72KB - Virtual size: 72KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 21KB - Virtual size: 25KB