223c87d26bcc08e1b89a4c2335f782c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

223c87d26bcc08e1b89a4c2335f782c0_JaffaCakes118
Size

260KB
MD5

223c87d26bcc08e1b89a4c2335f782c0
SHA1

854649d94a6ba6aa65eb2d4384b55d6d8fb9f3b0
SHA256

c22d5b8637f3540ba42c143f9357bafe9308e79af58c143588f09184a540f49f
SHA512

490aa54fd59e8f65220d0046437696c46578172ee840a6e8763859b706bf0c63970a31d238c3924b4197efb3826fea1d625622b28ee9d7c109d7afeda9f54855
SSDEEP

6144:Tzj8mx6fbL3pfl5HtPxE+C1/FlBKOYmu5fDj:r8mwFHtK+2FDju

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
223c87d26bcc08e1b89a4c2335f782c0_JaffaCakes118

Files

223c87d26bcc08e1b89a4c2335f782c0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

645bb8e32bd5b7e92765d190abbd545c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadStringW
wsprintfW
UnregisterClassA
CharNextW

advapi32

InitializeSid
RegEnumKeyExW
GetSidLengthRequired
MakeAbsoluteSD
RegDeleteValueW
RegSetValueExW
GetSecurityDescriptorLength
RegCloseKey
GetSecurityDescriptorGroup
GetAclInformation
MakeSelfRelativeSD
RegOpenKeyExW
AddAce
GetLengthSid
InitializeSecurityDescriptor
OpenThreadToken
CopySid
GetSecurityDescriptorSacl
ConvertStringSidToSidW
GetSidSubAuthority
GetSecurityDescriptorOwner
RegCreateKeyExW
LookupAccountSidW
InitializeAcl
EqualSid
SetSecurityDescriptorDacl
RegQueryInfoKeyW
IsValidSid
GetTokenInformation
SetSecurityDescriptorOwner
GetSidSubAuthorityCount
ConvertSidToStringSidW
OpenProcessToken
RegDeleteKeyW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl

oleaut32

LoadRegTypeLi
SafeArrayCopy
SysAllocString
SysStringLen
SafeArrayGetUBound
UnRegisterTypeLi
LoadTypeLi
SafeArrayGetVartype
VariantClear
VariantChangeType
VariantCopyInd
SafeArrayRedim
SysAllocStringLen
RegisterTypeLi
SysStringByteLen
VarCmp
SysAllocStringByteLen
SetErrorInfo
SafeArrayDestroy
VarUI4FromStr
SafeArrayUnlock
VarBstrCmp
SafeArrayGetLBound
VariantInit
VariantCopy
SysFreeString
SafeArrayCreate
CreateErrorInfo
SafeArrayLock

ole32

CoCreateInstance
ProgIDFromCLSID
CoImpersonateClient
StringFromGUID2
CoRevertToSelf
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

kernel32

HeapAlloc
FindResourceExW
LoadResource
GetThreadLocale
SetThreadLocale
RaiseException
FormatMessageW
lstrcmpiW
LocalFree
SetUnhandledExceptionFilter
HeapSize
HeapFree
GetACP
UnhandledExceptionFilter
LoadLibraryExW
LockResource
GetSystemTimeAsFileTime
SizeofResource
FindResourceW
FreeLibrary
HeapReAlloc
GetCurrentThreadId
GetProcessHeap
CreateEventW
EnterCriticalSection
lstrlenW
DeleteCriticalSection
HeapDestroy
CloseHandle
ResetEvent
IsDebuggerPresent
GetModuleHandleW
LeaveCriticalSection
GetStartupInfoA
VirtualAllocEx

userenv

UnloadUserProfile

winspool.drv

DocumentEvent
DeletePrinterDataW
DeletePrinterDriverW
SetPrinterA
StartDocPrinterW
EnumMonitorsA
DeletePrinter
PrinterMessageBoxW
DeletePrinterKeyA
DeletePortW
QuerySpoolMode
PrinterProperties
DeviceMode
WaitForPrinterChange
DeletePrintProvidorA
EnumPrinterDriversA
ConvertAnsiDevModeToUnicodeDevmode

mpr

WNetAddConnection2W
WNetGetLastErrorW
WNetGetNetworkInformationW
WNetAddConnection3W
WNetSetConnectionW

Sections

.CbRzdNe
Size: 2KB - Virtual size: 39KB

IMAGE_SCN_MEM_READ

.QpsX
Size: 512B - Virtual size: 31KB

IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fVuGJim
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.epKNkPY
Size: 512B - Virtual size: 387B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.luST
Size: 1024B - Virtual size: 765B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GLyDFE
Size: 1024B - Virtual size: 815B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iFdTEfA
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pabEAiE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CBnhdQX
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lOMdu
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZvoAeNq
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

645bb8e32bd5b7e92765d190abbd545c

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

oleaut32

ole32

kernel32

userenv

winspool.drv

mpr

Sections

.CbRzdNe Size: 2KB - Virtual size: 39KB

.QpsX Size: 512B - Virtual size: 31KB

.text Size: 17KB - Virtual size: 16KB

.fVuGJim Size: 2KB - Virtual size: 1KB

.epKNkPY Size: 512B - Virtual size: 387B

.luST Size: 1024B - Virtual size: 765B

.GLyDFE Size: 1024B - Virtual size: 815B

.data Size: 8KB - Virtual size: 296KB

.iFdTEfA Size: 512B - Virtual size: 142B

.rdata Size: 209KB - Virtual size: 208KB

.pabEAiE Size: 1KB - Virtual size: 1KB

.CBnhdQX Size: 1024B - Virtual size: 610B

.lOMdu Size: 3KB - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

.ZvoAeNq Size: 1KB - Virtual size: 1KB

.CbRzdNe
Size: 2KB - Virtual size: 39KB

.QpsX
Size: 512B - Virtual size: 31KB

.text
Size: 17KB - Virtual size: 16KB

.fVuGJim
Size: 2KB - Virtual size: 1KB

.epKNkPY
Size: 512B - Virtual size: 387B

.luST
Size: 1024B - Virtual size: 765B

.GLyDFE
Size: 1024B - Virtual size: 815B

.data
Size: 8KB - Virtual size: 296KB

.iFdTEfA
Size: 512B - Virtual size: 142B

.rdata
Size: 209KB - Virtual size: 208KB

.pabEAiE
Size: 1KB - Virtual size: 1KB

.CBnhdQX
Size: 1024B - Virtual size: 610B

.lOMdu
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

.ZvoAeNq
Size: 1KB - Virtual size: 1KB