24e337b098c296cabb7d147c101e17b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24e337b098c296cabb7d147c101e17b0_JaffaCakes118
Size

1.1MB
MD5

24e337b098c296cabb7d147c101e17b0
SHA1

5ce63691a8d985fc7fd1ff38a54632b077cccd14
SHA256

52f9fbcfdabb7d830066d05b07293b1c1a2b2910ef5759c024e4a37fcba13a53
SHA512

9a4a9df050fea55f0a55b840069f4104a2330ae968484dec23543cdf7cae4ea73abdae8c23843548cc7b254548be790ab4d0e37ed9ef98275ef088fe28b42d09
SSDEEP

12288:X3jTH7TJN/mmaOFFUOk/vmwgwPrVK0iGq1eT9mUND5kQHZ7RHwngRR:DtVLaOFFFk/Owfh9yptQHZ7RHegR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24e337b098c296cabb7d147c101e17b0_JaffaCakes118

Files

24e337b098c296cabb7d147c101e17b0_JaffaCakes118
.exe windows:6 windows x86 arch:x86

b4141e03977faaf21e42d3ae32c0dac8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sdclt.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
EqualSid
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
GetTokenInformation
StartTraceW
EnableTrace
ControlTraceW
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
CheckTokenMembership
DuplicateToken
LookupAccountSidW
CreateWellKnownSid
RegLoadKeyW
CloseTrace
RegEnumKeyExW
RegUnLoadKeyW
RegSetValueExW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

GetModuleHandleW
LoadLibraryExW
GetNumberFormatW
FileTimeToLocalFileTime
GetDateFormatW
GetUserDefaultLCID
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
ExpandEnvironmentStringsW
DeviceIoControl
GetVolumePathNamesForVolumeNameW
MoveFileExW
DeleteFileW
CreateDirectoryW
RemoveDirectoryW
GetLongPathNameW
FormatMessageW
GetComputerNameW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
GetLastError
OpenProcess
FreeLibrary
RegisterApplicationRestart
LoadLibraryW
LocalFree
HeapSetInformation
SetErrorMode
GetCommandLineW
TerminateProcess
GetCurrentProcess
lstrlenW
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetCurrentThreadId
SetEvent
InterlockedExchange
InterlockedIncrement
WaitForSingleObject
GetThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetDiskFreeSpaceExW
GetLocalTime
ResetEvent
WaitForMultipleObjects
CreateEventW
CreateThread
InitializeCriticalSectionAndSpinCount
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
DecodePointer
CompareFileTime
InterlockedPushEntrySList
RtlCaptureStackBackTrace
InitializeSListHead
InterlockedPopEntrySList
CreateFileW
EncodePointer
SetLastError
GetProcAddress
GetTickCount
TlsGetValue
TlsSetValue
InterlockedDecrement
CloseHandle
UnhandledExceptionFilter
TlsAlloc
CreateProcessW
FindClose
GetCalendarInfoW
GetTimeFormatW
GetLocaleInfoW
FindNextFileW
FindFirstFileW
GetFileAttributesW

gdi32

CreateDIBSection
DeleteDC
GdiFlush
SelectObject
CreateFontIndirectW
CreateCompatibleDC
ExcludeClipRect
SetBkColor
SetTextColor
GetDeviceCaps
DeleteObject
SetLayout
ExtTextOutW

user32

SendMessageTimeoutW
EnumWindows
GetDlgCtrlID
GetDC
LoadStringW
UnregisterClassW
PostThreadMessageW
GetDesktopWindow
SetForegroundWindow
CreateDialogParamW
GetLastActivePopup
BeginPaint
SetFocus
GetDlgItem
DefWindowProcW
KillTimer
ReleaseDC
DestroyWindow
CopyRect
SetTimer
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetWindowThreadProcessId
SendMessageW
GetMessageW
ChangeWindowMessageFilterEx
EndPaint
GetClassNameW
EnableWindow
MessageBoxW
RegisterWindowMessageW
CreateWindowExW
RegisterClassExW
GetClassInfoExW
PostMessageW
SetWindowPos
EndDialog
GetSysColorBrush
GetSysColor
SystemParametersInfoW
DialogBoxParamW
GetWindowLongW
LoadIconW
DestroyIcon
SetWindowTextW
GetSystemMetrics
SetWindowLongW
CallWindowProcW
IsWindow
GetParent
RedrawWindow
ShowWindow
GetClientRect
CheckDlgButton
CheckRadioButton
GetDlgItemTextW
IsDlgButtonChecked
SetDlgItemTextW
UpdateWindow
MapWindowPoints
GetWindowRect
LoadImageW
GetWindowTextW
LoadCursorW
SetCursor
DestroyCursor
BeginDeferWindowPos
EndDeferWindowPos
FindWindowExW
SendDlgItemMessageW
EqualRect
DeferWindowPos
IsWindowVisible
GetWindowTextLengthW
GetAncestor
InflateRect
DrawFrameControl
OffsetRect
GetFocus

msvcrt

_purecall
wcsrchr
_wtoi
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
_snwscanf_s
strncmp
_wtol
wcscat_s
swprintf_s
wcsstr
wcschr
memmove
_vsnwprintf
??2@YAPAXI@Z
memcpy
__p__fmode
__set_app_type
_unlock
wcscpy_s
_ultow_s
wcstoul
_wcsicmp
_wcsnicmp
__dllonexit
_lock
_onexit
_except_handler4_common
?terminate@@YAXXZ
_controlfp
memset
swscanf
wcsnlen
??3@YAXPAX@Z
_vscwprintf
iswspace
wcspbrk
wcsncmp
_wcsupr
_wcslwr

shell32

SHBindToObject
SHGetIDListFromObject
ord727
ord102
SHSetTemporaryPropertyForItem
ord77
ShellExecuteW
SHCreateItemFromParsingName
ShellExecuteExW
ord16
CommandLineToArgvW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHParseDisplayName
ord75
SHGetDesktopFolder
SHGetFileInfoW
SHGetPathFromIDListW
SHBindToParent
ord155
SHGetStockIconInfo

uxtheme

SetWindowTheme

ole32

CLSIDFromString
CoUninitialize
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
CoTaskMemAlloc
CoGetMalloc
CoTaskMemRealloc
CoGetClassObject
PropVariantClear
CreateBindCtx
StringFromGUID2
CoWaitForMultipleHandles
CoDisconnectObject
GetRunningObjectTable
CreateClassMoniker
CoCreateInstance

oleaut32

VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

shlwapi

ord174
ord172
SHStrDupW
PathIsDirectoryW
ord219
StrRetToBufW
PathFileExistsW
SHAutoComplete
PathIsNetworkPathW
PathCompactPathExW
PathFindFileNameW

comctl32

ord344
ImageList_ReplaceIcon
ImageList_Create
ImageList_Add
ImageList_Destroy
ImageList_AddMasked
PropertySheetW
InitCommonControlsEx
ord345

ntdll

NtDeleteValueKey
NtQueryValueKey
NtSetValueKey
RtlAllocateAndInitializeSid
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlFreeSid
EtwTraceMessage
NtQueryInformationFile
NtQueryVolumeInformationFile
NtSetInformationKey
NtQueryKey
RtlLookupElementGenericTableAvl
RtlSetThreadErrorMode
NtQuerySystemInformation
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
RtlNtStatusToDosError
RtlGetLastNtStatus
NtSetInformationProcess
RtlInitUnicodeString
NtSetInformationFile
NtSetSecurityObject
RtlGetThreadErrorMode
RtlEnumerateGenericTableWithoutSplayingAvl
NtOpenThreadToken
NtOpenProcessToken
NtAdjustPrivilegesToken
NtLoadKey
NtDeleteKey
LdrGetProcedureAddress
RtlInitAnsiString
NtUnloadKey
RtlAllocateHeap
RtlFreeHeap
WinSqmAddToStream
WinSqmAddToStreamEx
LdrGetDllHandle
NtResetEvent
RtlGetVersion
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtCreateKey
NtClose
NtWaitForSingleObject
NtDeviceIoControlFile
NtCreateEvent
NtOpenFile
RtlStringFromGUID
RtlFreeUnicodeString
RtlGUIDFromString
NtOpenKey
NtEnumerateKey
NtQueryAttributesFile
NtAllocateUuids

crypt32

CryptProtectMemory
CryptUnprotectMemory

mpr

WNetAddConnection3W

secur32

GetUserNameExW

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal
GetProviderMgmtInterfaceInternal

reagent

WinReGetConfig

spp

SxTracerDebuggerBreak
SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure

wer

WerReportCloseHandle
WerReportAddFile
WerReportCreate
WerReportSetParameter
WerReportSubmit

slc

SLGetWindowsInformationDWORD

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 614KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tdamzqr
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4141e03977faaf21e42d3ae32c0dac8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

shell32

uxtheme

ole32

oleaut32

shlwapi

comctl32

ntdll

crypt32

mpr

secur32

vssapi

reagent

spp

wer

slc

wtsapi32

Sections

.text Size: 461KB - Virtual size: 461KB

.data Size: 7KB - Virtual size: 10KB

.rsrc Size: 614KB - Virtual size: 613KB

.reloc Size: 21KB - Virtual size: 49KB

tdamzqr Size: - Virtual size: 4KB

.text
Size: 461KB - Virtual size: 461KB

.data
Size: 7KB - Virtual size: 10KB

.rsrc
Size: 614KB - Virtual size: 613KB

.reloc
Size: 21KB - Virtual size: 49KB

tdamzqr
Size: - Virtual size: 4KB