210e30e21978919cd9bf0c53a068c578_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

210e30e21978919cd9bf0c53a068c578_JaffaCakes118
Size

169KB
MD5

210e30e21978919cd9bf0c53a068c578
SHA1

0b3508e7794e70b02256813ea7c68c810e1de2a0
SHA256

60edc56fbe7845ce3a4711546d755d141f2794e5e4a8e338695874faf81cabd6
SHA512

24092a4e04fd2b52fa00f10a3f6647b5dff8eb0e2da461a13b0447aca43b61519688055c98d8e60a705e14daa60180da11371d759531645e21f48bbff3ec5801
SSDEEP

3072:hdvF0KiY6J4nrScC5FmxNrd9Eo43KPlhoEvZv9UBOsSnC:hhFQJ4nrScCT0Nrd9M3yT7V6BO7n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
210e30e21978919cd9bf0c53a068c578_JaffaCakes118

Files

210e30e21978919cd9bf0c53a068c578_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4cfa981d3f39ca73102700c3f01a8047

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ScrollConsoleScreenBufferA
GetConsoleCommandHistoryLengthW
SetFileApisToOEM
DeleteVolumeMountPointW
LoadLibraryA
WriteProfileStringA
EnumResourceNamesW
DosDateTimeToFileTime
ClearCommError
IsSystemResumeAutomatic
GlobalMemoryStatus
VirtualAlloc
SetConsoleCtrlHandler
FlushInstructionCache
CreatePipe
SetCommMask
MapViewOfFileEx
UnlockFile
GetCurrentThread
VerifyConsoleIoHandle
GetNumaAvailableMemoryNode
GlobalUnlock
CompareStringA
GetSystemDefaultLCID
FormatMessageW
SetClientTimeZoneInformation
GetModuleHandleW
WriteFileEx
LocalAlloc
GetFileAttributesExA
SearchPathW
GetConsoleAliasExesLengthW
SetConsoleTitleA
GetSystemDefaultUILanguage
DeleteFileA
FindAtomA
IsBadHugeWritePtr

ntdll

RtlSetCriticalSectionSpinCount
RtlTimeToSecondsSince1970
RtlNtStatusToDosError
ZwFlushBuffersFile
RtlQueryInformationActivationContext
ZwCreateProfile
RtlInitializeBitMap
ZwQueryBootOptions
ZwQueryQuotaInformationFile
RtlExitUserThread
RtlUpperChar
RtlSecondsSince1980ToTime
ZwTranslateFilePath
NtCreateProfile
RtlFindSetBits
ZwSetValueKey
NtWaitLowEventPair
RtlFindClearBitsAndSet
RtlSetOwnerSecurityDescriptor
NtQueryDefaultLocale
NtSetDefaultLocale
ZwCreateDebugObject
NtWaitHighEventPair
_CIpow
ZwImpersonateClientOfPort
NtOpenJobObject
ZwPrivilegeCheck
RtlLockHeap
NtQueryEvent
RtlPcToFileHeader
ZwGetContextThread
RtlConvertSharedToExclusive
RtlUpcaseUnicodeToOemN
NtAccessCheckByType
NtSystemDebugControl
RtlSetTimeZoneInformation
strcmp
RtlEqualString
RtlDestroyAtomTable
RtlEraseUnicodeString
ZwReadVirtualMemory
RtlDestroyQueryDebugBuffer
NtMakeTemporaryObject
CsrClientConnectToServer
RtlUnicodeStringToAnsiSize
NtCreateFile
NtQueryInformationToken
ZwCreateProcessEx
NtRaiseException
RtlIpv6StringToAddressW
NlsAnsiCodePage
ZwSetInformationToken
RtlCompareMemory
ZwDeleteObjectAuditAlarm
NtDelayExecution
ZwOpenFile
NtUnloadKeyEx
ZwFlushInstructionCache
RtlGetAce
NtQueryEaFile
RtlCopyString
_ui64tow

resutils

ResUtilFindSzProperty
ResUtilGetBinaryProperty
ResUtilGetEnvironmentWithNetName
ResUtilGetPropertyFormats
ResUtilSetDwordValue
ResUtilFindBinaryProperty
ResUtilEnumPrivateProperties
ResUtilGetPropertySize
ResUtilFindMultiSzProperty
ResUtilIsResourceClassEqual
ResUtilCreateDirectoryTree
ResUtilTerminateServiceProcessFromResDll
ResUtilVerifyPropertyTable
ResUtilGetDwordValue
ResUtilSetPropertyTable
ResUtilSetPropertyTableEx
ResUtilStartResourceService
ResUtilFindExpandedSzProperty
ResUtilStopService
ResUtilEnumResources
ResUtilGetMultiSzProperty
ResUtilGetPrivateProperties
ResUtilGetResourceDependentIPAddressProps
ResUtilSetPrivatePropertyList
ResUtilFindExpandSzProperty
ResUtilGetSzProperty
ResUtilGetResourceDependency
ResUtilFindDependentDiskResourceDriveLetter
ResUtilIsPathValid

ole32

StgOpenAsyncDocfileOnIFillLockBytes
HGLOBAL_UserMarshal
CreateAntiMoniker
CreateBindCtx
OleCreateFromFileEx
IsValidIid
CoGetCancelObject
CoIsOle1Class
StgCreatePropSetStg
OleGetClipboard
CreateILockBytesOnHGlobal
ComPs_NdrDllGetClassObject
OleCreateMenuDescriptor
GetConvertStg
GetRunningObjectTable
CoDisableCallCancellation
HENHMETAFILE_UserSize
IIDFromString
HMENU_UserFree
CoGetComCatalog
StringFromIID
CLIPFORMAT_UserMarshal
DllGetClassObjectWOW
CoDisconnectObject
OleCreateLink
HMENU_UserMarshal
WriteFmtUserTypeStg
OleCreateFromDataEx
UtConvertDvtd16toDvtd32
OleLockRunning
CoGetPSClsid
StgCreateDocfileOnILockBytes
CoBuildVersion

user32

EnumDisplaySettingsExA
OemToCharA
OemToCharW
EnumDesktopsA
UnregisterClassA
SetProcessDefaultLayout
RegisterWindowMessageW
SetThreadDesktop
ActivateKeyboardLayout
SetKeyboardState
DlgDirListW
DdeQueryConvInfo
PostMessageW
SystemParametersInfoW
ChangeDisplaySettingsExA
AlignRects
SendMessageTimeoutW
SetClassWord
AppendMenuA
CsrBroadcastSystemMessageExW
UnregisterMessagePumpHook
GetDlgItemInt
GetScrollBarInfo
MonitorFromPoint
IsChild
CreateIcon
WaitForInputIdle
InvalidateRgn
SetSystemCursor
CloseWindowStation
GetUserObjectInformationW
PostThreadMessageW
DeferWindowPos
GetClassNameA
GetMenuStringA
EmptyClipboard
CascadeWindows
DrawMenuBar
MessageBoxTimeoutW
SetDlgItemTextW
ReuseDDElParam
AnimateWindow
CharPrevExA

cryptnet

CertDllVerifyRevocation
CryptUninstallCancelRetrieval
CryptGetObjectUrl
CertDllVerifyCTLUsage
CryptGetTimeValidObject
CryptCancelAsyncRetrieval
CryptFlushTimeValidObject
I_CryptNetGetUserDsStoreUrl
CryptRetrieveObjectByUrlA
CryptRetrieveObjectByUrlW
I_CryptNetGetHostNameFromUrl
LdapProvOpenStore
CryptInstallCancelRetrieval

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cfa981d3f39ca73102700c3f01a8047

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

resutils

ole32

user32

cryptnet

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 85KB - Virtual size: 270KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 840B

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 85KB - Virtual size: 270KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 840B