21a412a150c0b24b3831e4a09a218946_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21a412a150c0b24b3831e4a09a218946_JaffaCakes118
Size

78KB
MD5

21a412a150c0b24b3831e4a09a218946
SHA1

1b580b12f59b03ce39b4070448ec40d1662b77a5
SHA256

0a81da927bc08ebcc2da495a50e9ae1154781cc09cd9bfacea1ee8a9fd76371e
SHA512

fee50a433b1137b13f040c95d494af8651ee006d4698d06b951f775ee8c3b97f97af1b895995230b1b7b7a6dbacb8ba30b4430f2fc6bf9dca132dcd8ebe094cf
SSDEEP

1536:BBF9AyAMrAoH8LMglAdTONFcqyUZChQ+dsewFt8cqGcpYGDA:BBF9POGgluyySEYXFt8bplDA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21a412a150c0b24b3831e4a09a218946_JaffaCakes118

Files

21a412a150c0b24b3831e4a09a218946_JaffaCakes118
.exe windows:4 windows x86 arch:x86

017f66bc03e5c5f6ee1fde34f69b0336

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsRootW
PathIsRelativeW
StrChrW
PathStripToRootW
StrRChrW
PathIsUNCW

advapi32

InitializeSecurityDescriptor
IsValidSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
RegOpenKeyExW
RegOpenCurrentUser
RegCloseKey
GetUserNameW
RegQueryValueExW
GetLengthSid
GetTokenInformation
CopySid
AllocateAndInitializeSid
CheckTokenMembership
DuplicateTokenEx
FreeSid
InitializeAcl

activeds

DllGetClassObject

crypt32

CertControlStore
CryptFormatObject
CertVerifyCertificateChainPolicy
CertFindCertificateInStore
CertOpenStore
CryptMsgClose
CertFreeCertificateContext
CertGetCertificateContextProperty

atl

AtlAdvise

kernel32

InterlockedCompareExchange
GetFileSizeEx
FindFirstFileW
MoveFileExW
CreateEventW
DeleteCriticalSection
RemoveDirectoryW
WriteFile
CloseHandle
VirtualAlloc
FreeConsole
GetSystemInfo
lstrlenW
EnterCriticalSection
SetEvent
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
GetFileSize
CreateFileW
GetSystemDirectoryW
GetSystemTime
CreateDirectoryW
GetCurrentThreadId
GetProcessHeap
DeleteFileW
GetSystemWindowsDirectoryW
GetTimeZoneInformation
GetTickCount
GetFileType
LeaveCriticalSection
VerSetConditionMask
GetTempPathW
OutputDebugStringW
SetFileAttributesW
InterlockedIncrement
FlushFileBuffers
ResetEvent
GetLastError
SetLastError
GetFileAttributesW
CreateFileMappingW
ExpandEnvironmentStringsW
FreeLibrary
HeapFree
GetVolumePathNameW
UnmapViewOfFile
GetModuleFileNameW
HeapAlloc
InterlockedDecrement
SetFilePointer
CreateMutexW
GetModuleHandleW
SystemTimeToFileTime
FindClose
LoadLibraryExW
ReleaseMutex
VerifyVersionInfoW
SetEndOfFile
FindNextFileW
CompareStringW
MapViewOfFile
ReadFile
RtlUnwind
TerminateProcess
InterlockedExchange
WaitForSingleObject
GetCurrentProcess
HeapReAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
GetDriveTypeW
Sleep
GetCurrentProcessId
WideCharToMultiByte
GetProcAddress
InitializeCriticalSectionAndSpinCount

rpcrt4

UuidToStringA
RpcStringFreeA

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

wininet

InternetAutodialHangup
InternetAttemptConnect
InternetGetConnectedState

msvcrt

__dllonexit
_onexit
memset
_purecall
free
_unlock
qsort
_initterm
memcpy
_XcptFilter
_vsnwprintf
memmove
_wtol
_lock
malloc
_amsg_exit

ole32

CoCreateGuid
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoUninitialize

user32

TranslateMessage
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW

shell32

SHCreateDirectoryExW

Sections

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

017f66bc03e5c5f6ee1fde34f69b0336

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

advapi32

activeds

crypt32

atl

kernel32

rpcrt4

wintrust

wininet

msvcrt

ole32

user32

shell32

Sections

.rsrc Size: 50KB - Virtual size: 50KB

.text Size: 512B - Virtual size: 460B

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 32B

.data Size: - Virtual size: 656KB

.rsrc
Size: 50KB - Virtual size: 50KB

.text
Size: 512B - Virtual size: 460B

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 32B

.data
Size: - Virtual size: 656KB