23f2f10bceb76c639029d87fb2af8f43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23f2f10bceb76c639029d87fb2af8f43_JaffaCakes118
Size

2.6MB
MD5

23f2f10bceb76c639029d87fb2af8f43
SHA1

92e69b933a6f73bf93c4576ce4dbc51613c3fce5
SHA256

21a1588f5e4b8a9120668fa632d6032aa5a30f68a6e8868f5804183b3394c52a
SHA512

0aaff7baf9574850fb633ef40e09fddcf8c8644956238e080a74ebdc58724f96ddc3fdcea48e71611e92d4c1c4901ccfe5ee369d0ae632e6c46b64a1c78ad1e0
SSDEEP

49152:jO3tQSVqXKugckQiDopnxpPUSW/FjlVpjzrq9uqVwzfYbmUiDIhW2hMRL1V8ZjBb:6uSAX8cziDorpgdHpjzrq9jMfARiyWw3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23f2f10bceb76c639029d87fb2af8f43_JaffaCakes118

Files

23f2f10bceb76c639029d87fb2af8f43_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3db335f5f27fd97861dcafd1263100d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHSetValueW
PathAppendW
PathFileExistsW
StrCatW
PathFindExtensionW
StrDupW
StrCmpIW
wnsprintfA
StrStrW
PathIsRelativeW
PathIsRootW
StrCatBuffW
StrCpyW
PathIsDirectoryW
StrCpyNW
StrCmpNIW
SHStrDupW
PathRemoveBackslashW
SHRegGetBoolUSValueW
StrRetToBufW
PathStripToRootW
PathSkipRootW
PathCreateFromUrlW
AssocQueryStringW
PathCombineW
StrStrIA
PathIsURLW
UrlUnescapeW
SHDeleteKeyW
UrlIsW
StrToIntW
PathFindFileNameW
SHDeleteValueA
StrStrIW
SHDeleteKeyA
StrTrimW
PathIsUNCW
PathFindFileNameA
PathStripToRootA
PathGetDriveNumberW
StrChrIW
StrRChrW
SHGetValueW
StrCmpNIA
StrToIntExW

kernel32

GetExitCodeProcess
VirtualFree
HeapAlloc
GetDriveTypeW
IsBadReadPtr
GetCurrentProcessId
Sleep
GetThreadLocale
ExitProcess
VirtualAlloc
GetLastError
GetExitCodeThread
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleA

ntdll

RtlAddAccessAllowedAce
_chkstk
RtlRunDecodeUnicodeString
strchr
NtQueryDirectoryObject
_wcsicmp
NtFreeVirtualMemory
NtFsControlFile
RtlGetAce
RtlInitializeGenericTable
RtlUpcaseUnicodeChar
RtlEqualSid
RtlCreateEnvironment
RtlTimeFieldsToTime
RtlCreateAcl
NtQueryInformationFile
RtlSetGroupSecurityDescriptor
RtlUnwind
RtlFreeAnsiString
RtlGetNtProductType
RtlDeleteResource
RtlMultiByteToUnicodeN
RtlInitializeCriticalSection
NtAllocateVirtualMemory
RtlAllocateAndInitializeSid
NtOpenThread
RtlInitAnsiString
_snwprintf
qsort
sprintf
NtWaitForSingleObject
wcscmp
NtQueryKey
atoi
NtCreateKey
RtlOpenCurrentUser
RtlLeaveCriticalSection
NtDuplicateObject
NtQueryVolumeInformationFile
_wcsupr
RtlImageNtHeader
RtlGUIDFromString
NlsMbOemCodePageTag
NtOpenThreadToken
NtQueryVirtualMemory
RtlGetDaclSecurityDescriptor
NtConnectPort
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlAcquireResourceShared
RtlValidSecurityDescriptor
RtlInitializeSid
RtlCopyLuid
NtReadFile
RtlSetDaclSecurityDescriptor
NtSetInformationFile
NtSetValueKey
NtClose
RtlDetermineDosPathNameType_U
swprintf
_stricmp
_vsnprintf
RtlQueryInformationAcl
RtlExtendedLargeIntegerDivide
RtlSubAuthoritySid
NlsMbCodePageTag
RtlGetFullPathName_U
RtlCreateSecurityDescriptor
RtlAppendUnicodeToString
RtlCreateTimer
_allmul
RtlNtStatusToDosError

version

VerQueryValueW
VerQueryValueA
VerFindFileW
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerLanguageNameA

advapi32

SetSecurityDescriptorDacl
ConvertSidToStringSidW
RegQueryInfoKeyA
SetFileSecurityW
RegEnumValueW
InitializeAcl
LookupAccountNameW
CryptDestroyKey
OpenSCManagerA
FreeSid
EqualSid
OpenSCManagerW
SetServiceStatus
RegEnumKeyExW
OpenServiceW
RegFlushKey
GetUserNameW
GetAclInformation
RegQueryValueExW
GetSidLengthRequired
ConvertStringSidToSidW
GetSecurityDescriptorLength
LsaFreeMemory
UnregisterTraceGuids
OpenServiceA
IsValidSecurityDescriptor
LsaQueryInformationPolicy
RegQueryValueExA
RegEnumKeyW
RevertToSelf
RegOpenKeyA
CryptAcquireContextA
LookupAccountSidW
CloseServiceHandle
RegEnumKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
DeleteService
GetSecurityDescriptorOwner
LockServiceDatabase
RegOpenKeyExA
ReportEventW
LookupPrivilegeValueW
RegCloseKey
GetTokenInformation
GetLengthSid
GetTraceEnableLevel
OpenThreadToken

rpcrt4

NdrDllRegisterProxy
RpcBindingSetAuthInfoW
UuidCreate
IUnknown_Release_Proxy
CStdStubBuffer_Invoke
RpcStringFreeW
CStdStubBuffer_IsIIDSupported
UuidFromStringW
NdrServerCall2
NdrCStdStubBuffer_Release
RpcStringBindingComposeW
RpcServerUseProtseqEpW
NdrDllUnregisterProxy
RpcEpResolveBinding
CStdStubBuffer_DebugServerQueryInterface
RpcServerRegisterIfEx
NdrDllGetClassObject
RpcServerInqBindings
NdrStubForwardingFunction
NdrOleAllocate
NdrCStdStubBuffer2_Release
CStdStubBuffer_Connect
UuidToStringA
CStdStubBuffer_DebugServerRelease
RpcImpersonateClient
RpcBindingSetAuthInfoExW
RpcStringBindingParseW
RpcRevertToSelf
RpcServerRegisterAuthInfoW
RpcRaiseException
NdrStubCall2
RpcBindingFree
NdrOleFree
CStdStubBuffer_Disconnect
RpcBindingVectorFree
RpcStringFreeA
CStdStubBuffer_AddRef
NdrClientCall2
CStdStubBuffer_CountRefs
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
UuidToStringW
NdrDllCanUnloadNow
RpcBindingToStringBindingW
RpcBindingFromStringBindingW

user32

PostMessageW
IsIconic
ScreenToClient
SetDlgItemTextW
CreateWindowExA
DestroyWindow
SendDlgItemMessageA
SystemParametersInfoW
SetRect
SetMenu
CharPrevA
PostQuitMessage
FindWindowW
MoveWindow
ClientToScreen
wsprintfW
RegisterClassExA
DispatchMessageA
GetDlgItemTextW
GetMenu
GetActiveWindow
LoadStringW
GetCapture
RegisterClassExW
TranslateMessage
RegisterClipboardFormatW
SetDlgItemTextA
CallWindowProcW
GetProcessWindowStation
IsDlgButtonChecked
LoadBitmapW
CopyRect
RegisterClassA
GetMessagePos
EndDialog
EndPaint
CharLowerW
EnableMenuItem
SystemParametersInfoA
GetWindowThreadProcessId
CharNextA
CheckMenuItem
KillTimer
RegisterWindowMessageA
CallNextHookEx
DialogBoxParamW
BeginPaint
GetWindowPlacement
SetCapture
GetWindowLongW
SetForegroundWindow
LoadIconW
UnregisterClassA
GetWindowRect
DestroyMenu
LoadBitmapA
EnumChildWindows
GetCursorPos
GetSubMenu
WinHelpW
EqualRect
ShowWindow
DialogBoxParamA
CharPrevW
ReleaseCapture
SetWindowPos
InflateRect
TrackPopupMenu
CreateDialogParamW
DestroyIcon
CharNextW
SetWindowLongA
CheckRadioButton
GetDlgItemTextA
GetClassNameA
LoadCursorA
SetCursor

gdi32

GetStockObject
ExtTextOutW
CreateHalftonePalette
GetObjectType
GetTextExtentPointA
GetPaletteEntries
CreatePatternBrush
CreateDIBSection
GetGlyphOutlineA
TextOutW
GetViewportExtEx
SaveDC
ExtSelectClipRgn
PolyBezier
SetStretchBltMode
CombineRgn
CreatePen
GetTextExtentPointW
CreateDCW
RectVisible
DeleteMetaFile

Sections

.edata
Size: 1024B - Virtual size: 995B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 481B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3db335f5f27fd97861dcafd1263100d5

Headers

File Characteristics

Imports

shlwapi

kernel32

ntdll

version

advapi32

rpcrt4

user32

gdi32

Sections

.edata Size: 1024B - Virtual size: 995B

.code Size: 2.6MB - Virtual size: 2.6MB

DATA Size: 512B - Virtual size: 481B

.bss Size: 512B - Virtual size: 480B

.tls Size: 512B - Virtual size: 3.1MB

BSS Size: 1024B - Virtual size: 992B

.tls Size: - Virtual size: 11KB

.rsrc Size: 15KB - Virtual size: 15KB

.edata
Size: 1024B - Virtual size: 995B

.code
Size: 2.6MB - Virtual size: 2.6MB

DATA
Size: 512B - Virtual size: 481B

.bss
Size: 512B - Virtual size: 480B

.tls
Size: 512B - Virtual size: 3.1MB

BSS
Size: 1024B - Virtual size: 992B

.tls
Size: - Virtual size: 11KB

.rsrc
Size: 15KB - Virtual size: 15KB