258799b78df30b74d29ed1f1f2a936fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

258799b78df30b74d29ed1f1f2a936fc_JaffaCakes118
Size

273KB
MD5

258799b78df30b74d29ed1f1f2a936fc
SHA1

a5e012c3ca000f11e8f14e2d464670dcd256bd11
SHA256

73a2f19e1d0da7a1132d2ac754e80c1dc685b02965ed6e7c92f37e0f4c3a90b9
SHA512

00d7051a3cd6782fcbb448e7b5a26ae75a4e8ea9bbd0edf96310e46db0d58b4e219294b3912486a4a26daca410fdb15432c834f57ca6f660d12a9efda99b597d
SSDEEP

6144:ziVidK1INJNf+rDXDLLOKavqcLnPTdUUhh:+VMKiNXGrDXH/v4PTPH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
258799b78df30b74d29ed1f1f2a936fc_JaffaCakes118

Files

258799b78df30b74d29ed1f1f2a936fc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0b1313c8f098749b913b1ccac9366818

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\out_Win32\Release\kav50.pdb

Imports

prremote

PRStopServer
PRIsValidProxy
PRGetObjectProxy
PRReleaseObjectProxy
PRInitialize
PRCloseProcessRequest
PRDeinitialize
PRCreateProcess
PRRegisterObject
PRUnregisterObject

fssync

FSSync_SetCheck
FSSync_ScreeNotify
FSSync_DR
FSSync_DUR
FSSync_DACL
FSSync_ScreeState
FSSync_ScreeActive
FSSync_Done
FSSync_Remove
FSSync_Init

kernel32

lstrcpyA
CreateEventA
QueryPerformanceCounter
OpenProcess
LoadLibraryW
lstrcmpiW
GetModuleHandleW
QueryDosDeviceW
lstrcpyW
lstrlenW
GetShortPathNameW
FindFirstFileW
FindClose
GetFullPathNameW
GetVersionExA
ExpandEnvironmentStringsW
GetModuleFileNameW
GetLocalTime
CreateMutexA
GetModuleFileNameA
GetTickCount
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
lstrcatA
FileTimeToLocalFileTime
TerminateProcess
GetCommandLineW
GetModuleHandleA
GetFileType
GetStdHandle
OpenMutexA
ExpandEnvironmentStringsA
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateProcessA
SetProcessAffinityMask
SetErrorMode
SetEvent
InitializeCriticalSection
DeviceIoControl
SetConsoleCtrlHandler
SetProcessWorkingSetSize
WaitForMultipleObjects
DeleteCriticalSection
LocalFree
FormatMessageA
SetConsoleMode
GetConsoleMode
SetConsoleTitleA
AllocConsole
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
GetFileAttributesA
ResetEvent
GetFullPathNameA
WideCharToMultiByte
DeleteFileA
GetTempFileNameA
CreateDirectoryA
GetTempPathA
GetVersion
CreateThread
WaitForSingleObject
GetExitCodeThread
WriteFile
FlushFileBuffers
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetFileSize
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
CreateFileW
GetLastError
Sleep
ReleaseMutex
FreeConsole
SetUnhandledExceptionFilter
OpenMutexW
InterlockedExchange
IsDebuggerPresent
InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
GetSystemTimeAsFileTime

user32

wsprintfA
GetSystemMetrics
RegisterWindowMessageA
ExitWindowsEx
DefWindowProcA
IsWindow
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
DestroyWindow
CreateWindowExA
RegisterClassA
PostMessageA
MsgWaitForMultipleObjects

advapi32

RegNotifyChangeKeyValue
GetLengthSid
CopySid
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
RegOpenKeyA
RegEnumValueA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
StartServiceCtrlDispatcherA
RegCloseKey
LookupAccountNameA
GetUserNameA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
SetServiceStatus
RegDeleteValueA
CreateServiceA
DeleteService
QueryServiceStatus
ControlService
StartServiceA
RegisterServiceCtrlHandlerA
IsValidSid

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

fltlib

FilterSendMessage
FilterConnectCommunicationPort

msvcr80

_acmdln
exit
_XcptFilter
_initterm
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_exit
_onexit
_lock
_encode_pointer
_fdopen
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
memcpy
memmove
_set_invalid_parameter_handler
atoi
??3@YAXPAX@Z
strchr
strrchr
wcsrchr
_mbschr
_mbsicmp
_mbsnbicmp
_time32
memset
wcscat_s
wcscpy_s
_snprintf_s
_itoa
strtoul
_getch
printf
sprintf
__CxxFrameHandler3
malloc
free
__argc
__argv
_makepath
_splitpath
setlocale
_mbslen
??_U@YAPAXI@Z
??_V@YAXPAX@Z
setvbuf
__dllonexit
_open_osfhandle
__iob_func
_ismbblead
??2@YAPAXI@Z
_localtime32
fflush
fprintf
_vsnprintf
fclose
fgets
fopen
strerror
_errno
_snprintf
getchar
getc
_flushall
strcat_s
strcpy_s
sprintf_s
wcsncat
wcsncpy
_unlock
__set_app_type

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.prdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b1313c8f098749b913b1ccac9366818

Headers

File Characteristics

PDB Paths

Imports

prremote

fssync

kernel32

user32

advapi32

shell32

ole32

fltlib

msvcr80

msvcp80

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 12KB - Virtual size: 9KB

.prdata Size: 76KB - Virtual size: 76KB

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 12KB - Virtual size: 9KB

.prdata
Size: 76KB - Virtual size: 76KB