263da93f8da4810a244bfafc0fba13e9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

263da93f8da4810a244bfafc0fba13e9_JaffaCakes118
Size

215KB
MD5

263da93f8da4810a244bfafc0fba13e9
SHA1

f04393b3e9d0ef4f97075c74dd3ddbb98a32dea0
SHA256

f41d18beb4438c715f7e23ae722d086d1afda73c7e3331aa2d0a954d0e9b93b5
SHA512

c4399e07a0cb6491533f0165dfa3e5c490d839491e28b9d504cf8442d83a839d816a3e4ff0b8310dc0da470aa81e75c68773eb7682509b1571e118e281e15f6d
SSDEEP

3072:/sKlBWcq7lW2yT70Ng8b+hsiJ6kHYCk+c2QUst8CGrUOrG5lcgTORAWp:K7MfIkHYt2e8CxOrgcgTm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
263da93f8da4810a244bfafc0fba13e9_JaffaCakes118

Files

263da93f8da4810a244bfafc0fba13e9_JaffaCakes118
.exe windows:6 windows x86 arch:x86

20956f0573b82b15ca13475016a09342

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDBCSLeadByte
GetShortPathNameA
FreeLibrary
LoadLibraryExA
CreateProcessA
OpenMutexA
GetCurrentThreadId
SetConsoleCtrlHandler
GetCommandLineA
GetLocaleInfoA
ReadFile
LoadLibraryA
GetModuleHandleW
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameA
GetCurrentThread
lstrcmpiA
GetProcessHeap
HeapAlloc
HeapFree
InterlockedIncrement
GetModuleHandleA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
Sleep
ResetEvent
ReleaseSemaphore
CreateEventA
CreateSemaphoreA
CreateMutexA
CreateDirectoryA
ReleaseMutex
CreateFileA
GetTickCount
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
InterlockedDecrement
FormatMessageA
lstrlenA
LocalAlloc
lstrcatW
GetCurrentProcess
LocalFree
GetLastError
SetEvent
WaitForSingleObject
CloseHandle
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
RaiseException
CreateThread
GetVersionExA
lstrcpyW
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
WriteFile
ExitProcess
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA

user32

PeekMessageA
CharNextA
MsgWaitForMultipleObjects
SetTimer
DefWindowProcA
LoadStringA
GetWindowLongA
PostThreadMessageA
CharNextW
KillTimer
RegisterClassA
CreateWindowExA
GetMessageA
DispatchMessageA
UnregisterClassA
MessageBoxA
SetWindowLongA

advapi32

OpenSCManagerA
StartServiceCtrlDispatcherA
DeleteService
CreateServiceA
OpenThreadToken
RegEnumKeyExA
SetSecurityDescriptorGroup
RegQueryInfoKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
EnumDependentServicesA
ControlService
StartServiceA
QueryServiceStatus
SetServiceStatus
OpenServiceA
CloseServiceHandle
SetNamedSecurityInfoA
LookupAccountSidA
GetTokenInformation
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
CopySid
IsValidSid
GetLengthSid
OpenProcessToken
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
SetSecurityDescriptorControl
GetSecurityDescriptorControl
GetAclInformation
InitializeAcl
AddAce
LookupPrivilegeValueA
AdjustTokenPrivileges
RegisterEventSourceA
ReportEventA
DeregisterEventSource

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA

ole32

MkParseDisplayName
CreateBindCtx
CLSIDFromString
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoInitializeSecurity
StringFromGUID2

oleaut32

GetErrorInfo
VariantClear
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
SysFreeString

shlwapi

PathFileExistsA

userenv

UnloadUserProfile

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20956f0573b82b15ca13475016a09342

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

Sections

.text Size: 145KB - Virtual size: 145KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 145KB - Virtual size: 145KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 34KB - Virtual size: 34KB