26283fe9735cc39b417a84f1bcb294fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26283fe9735cc39b417a84f1bcb294fe_JaffaCakes118
Size

60KB
MD5

26283fe9735cc39b417a84f1bcb294fe
SHA1

b2ecb64e4c824b89eed8dc741ebcb05af23a2f64
SHA256

1be7c9ec57a5a78e8f012a52667a30192bf806deceb91e3bc712b0d2657c799b
SHA512

a4039fcfc0e6444c4677daeeadc173ad9d5e8ecc725df83ee888d25507712d3e130660eaef3f09baee15c295c468e3d6562ad6f9d26f35e9eefd4513ee802207
SSDEEP

1536:nszuJl/rk+pNyZDVSovgsXPancwfrqEhGUDHKxLlEMNc:qwrk+pNyZDkJfrqM9860c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26283fe9735cc39b417a84f1bcb294fe_JaffaCakes118

Files

26283fe9735cc39b417a84f1bcb294fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5cfb42146489ae1c5893a8121bea88ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingToStringBindingW
RpcServerUnregisterIf
UuidFromStringW
CStdStubBuffer_DebugServerRelease
RpcStringBindingParseW
CStdStubBuffer_Connect
RpcRevertToSelf
RpcBindingVectorFree
UuidToStringW
RpcStringBindingComposeW
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
RpcStringFreeW
RpcServerRegisterIfEx
NdrOleAllocate
NdrStubCall2
RpcBindingFree
RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
RpcBindingFromStringBindingW
NdrDllUnregisterProxy
IUnknown_Release_Proxy
UuidToStringA
RpcStringFreeA
CStdStubBuffer_AddRef
RpcImpersonateClient
CStdStubBuffer_IsIIDSupported
NdrDllGetClassObject
NdrOleFree
RpcBindingSetAuthInfoW

gdi32

GetColorSpace

shell32

ShellExecuteW
SHBindToParent
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
ShellExecuteA
DragQueryFileA

kernel32

GetTickCount
ResumeThread
ResetEvent
HeapSize
CompareStringW
GetCurrentThreadId
QueryPerformanceCounter
GetProcessHeap
GetExitCodeProcess
CreateDirectoryW
CreateMutexW
DeleteFileW
GetModuleHandleA
OpenMutexA
GetCurrentProcess
WaitForSingleObject
CreateEventW
FindResourceW
InitializeCriticalSection
Sleep
GetFileType
GetVersionExA
ExitProcess
GetModuleHandleW
lstrcpynW
lstrcmpiW
GetCommandLineA
lstrlenA
GetLocalTime
CreateFileMappingW
GetLocaleInfoW
CreateFileMappingA
OpenEventA
HeapCreate
FindNextFileA
OpenEventW
GetACP
GetFileAttributesA
RaiseException
GetSystemTimeAsFileTime
VirtualAlloc

ntdll

NtQueryDirectoryFile
RtlCopyLuid
NtSetVolumeInformationFile
RtlAcquireResourceShared
RtlGUIDFromString
NtWriteFile
wcscmp
NtDuplicateObject
RtlInitializeResource
NtDeleteValueKey
NtQueryKey
RtlAppendUnicodeToString
RtlxAnsiStringToUnicodeSize
RtlNtStatusToDosError
NtAllocateLocallyUniqueId
memmove
wcsstr
NtSetInformationProcess
RtlAllocateAndInitializeSid
NtSetInformationFile
RtlImageNtHeader
NtQueryDirectoryObject
RtlReleaseResource
NtQueryValueKey
RtlInitializeGenericTable
NtQueryInformationProcess
NlsMbOemCodePageTag
RtlEqualSid
NtImpersonateAnonymousToken
NlsMbCodePageTag
NtQueryInformationToken
RtlCopyUnicodeString
NtRequestWaitReplyPort
RtlIntegerToUnicodeString
RtlInitString
_wcsicmp
RtlxUnicodeStringToOemSize
NtCreateKey
_alloca_probe
RtlQueryInformationAcl
RtlSetDaclSecurityDescriptor
_wcslwr
RtlFreeSid

shlwapi

SHRegGetBoolUSValueW
StrCmpIW
PathRemoveFileSpecA
StrCmpNIA
StrRChrW
UrlCanonicalizeW
PathFindFileNameA
UrlUnescapeW
StrStrW
PathRemoveExtensionW
StrCmpNW
PathFindExtensionW
StrCpyNW
PathIsUNCW
PathIsRelativeW
StrChrW
PathIsURLW
StrStrIA
SHSetValueW
SHDeleteValueW
StrStrIW
StrTrimW
PathIsDirectoryW
PathStripToRootA
PathCombineW
PathFileExistsW
StrCatW
PathAppendW
PathRemoveFileSpecW
PathCreateFromUrlW
wnsprintfW
PathStripToRootW
AssocQueryStringW
SHGetValueW
UrlIsW
StrToIntW
PathRemoveBlanksW
StrCmpNIW

version

GetFileVersionInfoSizeW
VerQueryValueW
VerLanguageNameA
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

advapi32

RegQueryValueExW
RegOpenKeyW
RegQueryValueA
RegEnumKeyW
GetUserNameW
RegSetValueW
GetSecurityDescriptorLength
RegEnumValueW
RegQueryInfoKeyW
GetSidSubAuthority
LockServiceDatabase
LookupPrivilegeValueW
UnlockServiceDatabase
RegEnumValueA
GetTraceLoggerHandle
CryptDestroyHash
CryptAcquireContextA
RegEnumKeyExA
UnregisterTraceGuids
OpenThreadToken
DuplicateTokenEx
RegFlushKey
ChangeServiceConfigW

user32

FindWindowW
SetCursor
GetCursorPos
DispatchMessageW
GetWindowDC
GetClientRect
CopyRect
RegisterClassW
GetAsyncKeyState
InvalidateRect
WinHelpW
CharPrevW
SetFocus
DispatchMessageA
LoadBitmapW
PostQuitMessage
EnumChildWindows
DestroyIcon
EndDialog
CallWindowProcW
SetWindowPos
PostMessageA
DestroyWindow
GetSysColor
LoadStringA
SendMessageA
GetSystemMenu
GetDC
GetMessagePos
GetPropA
CallNextHookEx
RegisterWindowMessageA
LoadCursorW
GetDlgCtrlID
GetSysColorBrush
UnregisterClassW
DialogBoxParamA
GetWindowTextA
GetActiveWindow
OffsetRect
GetSystemMetrics
CheckMenuItem
SetWindowTextA
CreateWindowExA
EnableMenuItem
GetSubMenu
GetWindow
GetFocus
GetWindowThreadProcessId

Sections

.code
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cfb42146489ae1c5893a8121bea88ba

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

gdi32

shell32

kernel32

ntdll

shlwapi

version

advapi32

user32

Sections

.code Size: 53KB - Virtual size: 52KB

PAGELK Size: 1KB - Virtual size: 1KB

.idata Size: 512B - Virtual size: 42KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 496B

.code
Size: 53KB - Virtual size: 52KB

PAGELK
Size: 1KB - Virtual size: 1KB

.idata
Size: 512B - Virtual size: 42KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 496B