1791016b3a060cf7eb8b2145df7fa749_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1791016b3a060cf7eb8b2145df7fa749_JaffaCakes118
Size

934KB
MD5

1791016b3a060cf7eb8b2145df7fa749
SHA1

a68c0b4666da101c2d1ceacdf0ecbbd50b9028b4
SHA256

4a3099cd107433a863a6f614893a1304fd82ca3e6e031a113bd0be5564f9e97f
SHA512

00868e12cae6b777824c3e4b256ba148c2fb6664d68fb1d66d2f3b95153879c71fddeae74c049f164b18b4111dad2c6a9a44f5c89692a92f4fe565ee7df799e7
SSDEEP

12288:x8PmYdOez7GAHFAwHNxtr8PmYdOet7GAHFAwHNxtHK7A0unDzVJ+ql:x8Pmi2SFr8PmiISFHK7ZAvP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1791016b3a060cf7eb8b2145df7fa749_JaffaCakes118

Files

1791016b3a060cf7eb8b2145df7fa749_JaffaCakes118
.exe windows:10 windows x64 arch:x64

8542fb14699d84d7e8da92f66145c7fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cmd.pdb

Imports

msvcrt

_wcslwr
free
calloc
_XcptFilter
_amsg_exit
__getmainargs
swscanf
_wcsupr
towlower
iswdigit
_wcsicmp
iswspace
wcschr
memmove
_ultoa
_pclose
ferror
_pipe
__set_app_type
_exit
wcsncmp
_setmode
feof
_wpopen
printf
_open_osfhandle
exit
_wcsnicmp
wcstol
_cexit
iswxdigit
_errno
?what@exception@@UEBAPEBDXZ
_get_osfhandle
_CxxThrowException
memcpy
rand
_getch
towupper
??1type_info@@UEAA@XZ
qsort
time
fprintf
realloc
srand
_close
wcsspn
_dup2
__setusermatherr
_tell
_initterm
_fmode
??_V@YAXPEAX@Z
_commode
_wtol
_lock
longjmp
setlocale
wcstoul
_dup
__C_specific_handler
wcsrchr
??3@YAXPEAX@Z
_local_unwind
iswalpha
_setjmp
memcmp
__CxxFrameHandler3
memset
fflush
?terminate@@YAXXZ
_vsnwprintf
wcsstr
fgets
_onexit
__dllonexit
memcpy_s
_unlock
__iob_func
malloc
_callnewh
_purecall
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken
RtlFreeHeap
NtFsControlFile
RtlDosPathNameToNtPathName_U
RtlVirtualUnwind
RtlFreeUnicodeString
RtlReleaseRelativeName
NtOpenFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetInformationFile
NtQueryVolumeInformationFile
NtSetInformationProcess
NtQueryInformationProcess
RtlNtStatusToDosError
NtCancelSynchronousIoFile
RtlCreateUnicodeStringFromAsciiz
RtlFindLeastSignificantBit

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
TryAcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapFree
HeapAlloc
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
InitializeProcThreadAttributeList
ResumeThread
GetCurrentProcess
GetExitCodeProcess
DeleteProcThreadAttributeList
GetStartupInfoW
CreateProcessAsUserW
CreateProcessW
TerminateProcess
UpdateProcThreadAttribute
OpenThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

SetThreadLocale
GetACP
FormatMessageW
GetThreadLocale
GetUserDefaultLCID
GetCPInfo
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-memory-l1-1-0

ReadProcessMemory
VirtualFree
VirtualAlloc
VirtualQuery

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
SetConsoleMode
GetConsoleMode
WriteConsoleW
ReadConsoleW
GetConsoleOutputCP

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
GetFileType
SetEndOfFile
DeleteFileW
SetFileTime
RemoveDirectoryW
CompareFileTime
GetDiskFreeSpaceExW
CreateDirectoryW
ReadFile
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
SetFilePointer
FindFirstFileExW
GetVolumePathNameW
FlushFileBuffers
GetFileAttributesExW
GetDriveTypeW
GetVolumeInformationW
GetFileAttributesW
SetFileAttributesW
SetFilePointerEx
GetFileSize
WriteFile

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
SetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetStdHandle
GetEnvironmentStringsW
GetCommandLineW
SetEnvironmentVariableW

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
SetConsoleCursorPosition
FillConsoleOutputCharacterW
FlushConsoleInputBuffer
GetConsoleScreenBufferInfo
ScrollConsoleScreenBufferW
FillConsoleOutputAttribute

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorOwner
GetFileSecurityW
RevertToSelf

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersion
GetTickCount
GetSystemTime
SetLocalTime
GetLocalTime
GetWindowsDirectoryW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx

api-ms-win-core-console-l2-2-0

SetConsoleTitleW
GetConsoleTitleW

api-ms-win-core-processenvironment-l1-2-0

NeedCurrentDirectoryForExePathW

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegOpenKeyExW
RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-file-l2-1-0

CreateHardLinkW
MoveFileExW
CreateSymbolicLinkW
GetFileInformationByHandleEx
MoveFileWithProgressW

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
GlobalAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-processtopology-l1-1-0

GetThreadGroupAffinity

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-processtopology-obsolete-l1-1-0

SetProcessAffinityMask

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8542fb14699d84d7e8da92f66145c7fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-systemtopology-l1-1-0

api-ms-win-core-console-l2-2-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-processtopology-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 512B - Virtual size: 110KB

.pdata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 128B

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 1024B - Virtual size: 712B

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 512B - Virtual size: 110KB

.pdata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 128B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 1024B - Virtual size: 712B