0d28d391ec74810633a9cf55951993d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d28d391ec74810633a9cf55951993d9_JaffaCakes118
Size

81KB
MD5

0d28d391ec74810633a9cf55951993d9
SHA1

5aaaca9d8fffa7f363b150519a054499d031a0af
SHA256

da87b74752f05fd08aaa58022401e0a248658c0ff32daff57b4375e5ecf50cc0
SHA512

31c35c106fabbb5f9cbc589a4526d12301edcf3e812f8e02a63e566b67103daf75528e62bb9d1cbc236e071b1f0598a489ed7e7114c187d71e65493f94bacec1
SSDEEP

1536:0JJuhwUMEco+mskaXXQIJHuQ083bKjFd0vv/IMWL+VV29NLzLCuN:Apdm/arJHzpbCj0vPC+VV2HxN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d28d391ec74810633a9cf55951993d9_JaffaCakes118

Files

0d28d391ec74810633a9cf55951993d9_JaffaCakes118
.exe windows:1 windows x86 arch:x86

2c4ad58014cc7f41a5befed80016d4a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlInitUnicodeString
NtClose
DbgPrint
memmove
NtOpenKey
NtQueryValueKey
RtlUnicodeToMultiByteN

kernel32

SetThreadExecutionState
QueryPerformanceCounter
SetUnhandledExceptionFilter
IsDBCSLeadByteEx
BaseDumpAppcompatCache
Process32Next
DosPathToSessionPathA
PrepareTape
EscapeCommFunction
PurgeComm
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
AddVectoredExceptionHandler
SetFilePointer
SetLastError
WriteConsoleOutputAttribute
AddAtomW
MulDiv
GetNumaNodeProcessorMask
UnhandledExceptionFilter
FindActCtxSectionStringA
SetConsoleFont
CreateWaitableTimerA
TzSpecificLocalTimeToSystemTime
AttachConsole
SetVolumeMountPointA
QueryDepthSList
LocalFree
SetSystemPowerState
WideCharToMultiByte
GetVolumeInformationW
GlobalWire
DefineDosDeviceW
GetConsoleFontInfo
LocalAlloc
GetConsoleAliasExesW
CreateActCtxW
OpenJobObjectA
InitializeCriticalSectionAndSpinCount
OpenThread
VerLanguageNameA
_hread
GetCommandLineW
OpenMutexA
DeleteCriticalSection
GetUserDefaultLangID
GetConsoleAliasesW
TerminateProcess
WritePrivateProfileSectionA
FindNextFileW
GetCurrentProcess
SetLocalTime
Process32First
lstrcmpi
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcessId
ReadConsoleOutputCharacterW
VirtualAlloc
ReadConsoleOutputA
FindFirstFileExW
GetSystemWow64DirectoryW
GlobalGetAtomNameW
ReleaseSemaphore
LocalReAlloc
FillConsoleOutputAttribute
GetTickCount
VirtualUnlock
WriteConsoleW
FindFirstFileW
GetLocalTime
SetThreadAffinityMask
GetProcessVersion
GetDiskFreeSpaceExA

gdi32

GetTextAlign
PolylineTo
GetRandomRgn
SetGraphicsMode
SetViewportExtEx
CreateRectRgn
Pie
CreateDIBPatternBrushPt
GetObjectW
SetWorldTransform
StrokeAndFillPath
GetTransform
ModifyWorldTransform
SetBkMode
CreateDIBitmap
DPtoLP
ArcTo
GetDIBits
DeleteDC
Ellipse
ScaleWindowExtEx
OffsetViewportOrgEx
BeginPath
SetPaletteEntries
SetWindowOrgEx
RoundRect
SetWindowExtEx
StretchDIBits
GetRegionData
PatBlt
PlayEnhMetaFile
WidenPath
TranslateCharsetInfo
CreateCompatibleDC
ExtCreateRegion
PlgBlt
OffsetClipRgn
ResizePalette
CreateFontIndirectW
SetTextAlign
SaveDC
SelectPalette
SetMapMode
ExtTextOutW
LineTo
StrokePath
Polygon
GetCurrentPositionEx
GetStockObject
GetObjectA
ExtTextOutA
GetWinMetaFileBits
MoveToEx
CreateEnhMetaFileA
Chord
ExtSelectClipRgn
Arc
AngleArc
SelectClipPath
GetRgnBox
FlattenPath
CloseEnhMetaFile
SelectObject
SetViewportOrgEx
EndPath
Rectangle
SetMetaRgn
CreateICA
SetDIBits
CreateBrushIndirect
SetMapperFlags
BitBlt
CreateBitmap
ExcludeClipRect
IntersectClipRect
CreatePalette
SetVirtualResolution
GetPaletteEntries
PolyDraw
CombineRgn
GetPath
RestoreDC
CreatePen
FillPath
SetArcDirection
CreatePatternBrush
CombineTransform
PolyBezierTo
Polyline
AbortPath
ScaleViewportExtEx
DeleteObject
PolyPolygon
CloseFigure
GetDeviceCaps
SetEnhMetaFileBits
GetTextCharsetInfo
PolyBezier
DeleteEnhMetaFile
StretchBlt

user32

CreateIcon
PrivateExtractIconsW
RemoveMenu
DrawTextA
FrameRect
IsCharAlphaW
DdeDisconnect
RegisterClassExA
UserRealizePalette
GetQueueStatus
DdePostAdvise
MessageBoxW
IsServerSideWindow
CountClipboardFormats
ScrollChildren
AttachThreadInput
DdeDisconnectList
GetWindow
DdeAddData
DdeAccessData
GetWinStationInfo
SwitchToThisWindow
CreateDialogParamW
GetAsyncKeyState
GetInputDesktop
GetMenuItemCount
DlgDirSelectComboBoxExA
SetWindowLongA
GetAncestor
GetSysColor
SetPropW
SetDebugErrorLevel
EnumThreadWindows
EnumWindowStationsA
CreateDesktopW
GetComboBoxInfo
GetUserObjectInformationW
CalcMenuBar
DlgDirSelectExW
EnumDisplaySettingsExW
OpenInputDesktop
EnumDisplaySettingsA
DestroyReasons
RealChildWindowFromPoint
RegisterDeviceNotificationW
FindWindowA
AlignRects
MsgWaitForMultipleObjects
PrivateExtractIconExA
SetClipboardViewer
GetCursor
TranslateMessage
ExcludeUpdateRgn

secur32

AddCredentialsW
InitializeSecurityContextA
LsaLogonUser
LsaUnregisterPolicyChangeNotification
QueryContextAttributesA
SaslGetProfilePackageW
SaslEnumerateProfilesA
DeleteSecurityContext
SaslInitializeSecurityContextW
DecryptMessage
TranslateNameW
QueryContextAttributesW
AcquireCredentialsHandleW
ExportSecurityContext
LsaRegisterPolicyChangeNotification
VerifySignature
LsaRegisterLogonProcess
SaslGetProfilePackageA
DeleteSecurityPackageW
SetContextAttributesA
GetUserNameExW
QueryCredentialsAttributesW
ImpersonateSecurityContext
GetUserNameExA
SecpFreeMemory
LsaGetLogonSessionData
InitSecurityInterfaceW
SaslAcceptSecurityContext
QuerySecurityPackageInfoA
LsaCallAuthenticationPackage
EnumerateSecurityPackagesW
SetContextAttributesW
EnumerateSecurityPackagesA
LsaEnumerateLogonSessions
RevertSecurityContext
QueryCredentialsAttributesA
AddSecurityPackageA

Sections

.uR
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sTMKq
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K
Size: 3KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OYXf
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oDUrE
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ

.F
Size: 2KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c4ad58014cc7f41a5befed80016d4a9

Headers

File Characteristics

Imports

ntdll

kernel32

gdi32

user32

secur32

Sections

.uR Size: 2KB - Virtual size: 1KB

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 5KB - Virtual size: 16KB

.sTMKq Size: 2KB - Virtual size: 35KB

.K Size: 3KB - Virtual size: 43KB

.OYXf Size: 2KB - Virtual size: 35KB

.oDUrE Size: 2KB - Virtual size: 3KB

.F Size: 2KB - Virtual size: 34KB

.rsrc Size: 34KB - Virtual size: 34KB

.uR
Size: 2KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 16KB

.sTMKq
Size: 2KB - Virtual size: 35KB

.K
Size: 3KB - Virtual size: 43KB

.OYXf
Size: 2KB - Virtual size: 35KB

.oDUrE
Size: 2KB - Virtual size: 3KB

.F
Size: 2KB - Virtual size: 34KB

.rsrc
Size: 34KB - Virtual size: 34KB