0e6ae08469dbc0a4fa4453584edb0061_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e6ae08469dbc0a4fa4453584edb0061_JaffaCakes118
Size

36KB
MD5

0e6ae08469dbc0a4fa4453584edb0061
SHA1

d788e3e5f079228f3776f7a41770838d4ca61c57
SHA256

a3582c41fc98a6cc297fa9cd71bfd7eb4f0d0134e62f8c35c9d87845c83e68bb
SHA512

96a680f5651f353263cdb845954d94aa140892cf7f5e3c46bd914d2478bf69d75998e447bc86d1195ef9b4dc23edb5cc5aacf8fca064de1125e6bf490149b354
SSDEEP

768:47thUMvx0QcDrXiIFmaOncXDUY+mWD0Qe7j/7ziNaAmjD1l1vtMSms:iUM9cPXDmaOd3mo0Qcj/7ziI1vtVZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e6ae08469dbc0a4fa4453584edb0061_JaffaCakes118

Files

0e6ae08469dbc0a4fa4453584edb0061_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9d8e3e2b426073b01a7dcdb487e4b6f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__RTDynamicCast
_except_handler3
_adjust_fdiv
_onexit
wcslen
_wtoi
wcscmp
wcsncmp
_wcsicmp
_beginthreadex
_wcsdup
_initterm
free
__CxxFrameHandler
wcscpy
_purecall
wcsncpy
__dllonexit
malloc

user32

SetWindowsHookExW
EnableWindow
OpenClipboard
LoadStringW
PostMessageW
MessageBeep
EmptyClipboard
LoadBitmapW
ScreenToClient
DestroyWindow
WinHelpW
CloseClipboard
GetDlgItem
GetWindowRect
GetSystemMetrics
IsWindow
GetParent
DestroyIcon
LoadIconW
RegisterClipboardFormatW
UnhookWindowsHookEx
ShowWindow
SendMessageW
GetCursorPos
GetClipboardData
CallNextHookEx

ntmsapi

InjectNtmsMedia
EnumerateNtmsObject
AddNtmsMediaType
GetNtmsMediaPoolNameW
EjectNtmsMedia
SetNtmsObjectSecurity
DismountNtmsDrive
OpenNtmsNotification
CreateNtmsMediaPoolW
DeleteNtmsMediaType
DeallocateNtmsMedia
SetNtmsRequestOrder
SatisfyNtmsOperatorRequest
GetNtmsObjectInformationW
GetVolumesFromDriveW
DisableNtmsObject
DismountNtmsMedia
DeleteNtmsDrive
MoveToNtmsMediaPool
AccessNtmsLibraryDoor
WaitForNtmsNotification
ReleaseNtmsCleanerSlot
EjectNtmsCleaner
InjectNtmsCleaner
InventoryNtmsLibrary
DeleteNtmsMedia
DoEjectFromSADriveW
CloseNtmsSession
CloseNtmsNotification
CleanNtmsDrive
MountNtmsMedia
ReserveNtmsCleanerSlot
DeleteNtmsMediaPool
SetNtmsDeviceChangeDetection
CancelNtmsOperatorRequest
GetNtmsRequestOrder
DeleteNtmsRequests
OpenNtmsSessionW
GetNtmsObjectSecurity
DeleteNtmsLibrary
CancelNtmsLibraryRequest
SetNtmsObjectInformationW
EnableNtmsObject

kernel32

GetVersion
InitializeCriticalSection
lstrcmpW
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
lstrcmpiW
SetEvent
GetModuleFileNameW
GetComputerNameW
SetLastError
EnterCriticalSection
TerminateProcess
InterlockedDecrement
GlobalAlloc
SystemTimeToFileTime
LocalFree
GetTimeFormatW
Sleep
SetUnhandledExceptionFilter
GetFileAttributesW
QueryPerformanceCounter
GetTickCount
SetThreadPriority
GetCurrentThreadId
GlobalUnlock
WaitForSingleObject
InterlockedIncrement
CloseHandle
ExpandEnvironmentStringsW
CreateThread
OutputDebugStringA
FreeLibrary
LoadLibraryW
lstrlenW
lstrcpyW
LoadLibraryA
GetWindowsDirectoryW
GetVersionExW
GlobalLock
IsBadReadPtr
LocalAlloc
GetDateFormatW
GetCommandLineW
GlobalFree
lstrcpynW
DeleteCriticalSection
GetLastError
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
LeaveCriticalSection
GetCurrentProcessId
GetModuleHandleA
GetProcAddress
VirtualAlloc
ExitThread
GetCurrentProcess

gdi32

DeleteObject

ntdll

NtAddAtom

ole32

CoInitializeEx
CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
StringFromCLSID

advapi32

SetSecurityDescriptorGroup
OpenProcessToken
GetPrivateObjectSecurity
SetSecurityDescriptorDacl
GetTokenInformation
AllocateAndInitializeSid
GetSecurityDescriptorDacl
SetPrivateObjectSecurity
RegEnumKeyExW
MapGenericMask
RegSetValueExW
FreeSid
DestroyPrivateObjectSecurity
InitializeSecurityDescriptor
RegOpenKeyExW
MakeSelfRelativeSD
GetAce
RegCloseKey
RegCreateKeyExW
CreatePrivateObjectSecurityEx
IsValidSecurityDescriptor
AddAce
SetSecurityDescriptorOwner
RegDeleteKeyW
GetLengthSid
GetSecurityDescriptorLength
InitializeAcl

dhcpcsvc

DhcpEnumClasses

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9d8e3e2b426073b01a7dcdb487e4b6f4

Headers

File Characteristics

Imports

msvcrt

user32

ntmsapi

kernel32

gdi32

ntdll

ole32

advapi32

dhcpcsvc

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 420B

.rdata Size: 512B - Virtual size: 32B

.idata Size: 48KB - Virtual size: 47KB

.data Size: 512B - Virtual size: 448B

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 420B

.rdata
Size: 512B - Virtual size: 32B

.idata
Size: 48KB - Virtual size: 47KB

.data
Size: 512B - Virtual size: 448B