26d927996631f118f74391c5b2b15f36_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

26d927996631f118f74391c5b2b15f36_JaffaCakes118
Size

340KB
MD5

26d927996631f118f74391c5b2b15f36
SHA1

8490a112ee91d80e4c45046792bfac657d708328
SHA256

5c1c0bd3fa9d7e5e202acf8ee1eea380890ef017966ede881502a34b8c490294
SHA512

259f0acf4446cd64a62965f8922b7910cedd729432210d1782ee052aafbf0fdc2062132c49e9c0913e0ef01ad18a62c6bf04bed52add13d22c47c6ee1a381805
SSDEEP

3072:S856+Aq4WBT5TjbyfQ5d2aW3BES3l+3p7z8p5+cyIqrKMjE3g2AJX5ex4uyj0bOJ:N56+Aq4WBTWySqXhpeEioU2U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26d927996631f118f74391c5b2b15f36_JaffaCakes118

Files

26d927996631f118f74391c5b2b15f36_JaffaCakes118
.exe windows:0 windows x86 arch:x86

2eaf7681cf60327cff49f2244e0aa8b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleOutputW
FormatMessageW
CloseHandle
GetLastError
GetCurrentProcess
GetCurrentThread
GetConsoleScreenBufferInfo
GetStdHandle
SetLastError
MultiByteToWideChar
WriteFile
WriteConsoleW
SetConsoleTextAttribute
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetFileInformationByHandle
CreateFileW
DeviceIoControl
GetCompressedFileSizeW
GetFileSizeEx
GetComputerNameW
WideCharToMultiByte
OpenProcess
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
ExitProcess
ExpandEnvironmentStringsW
GetCommandLineW
SetConsoleCtrlHandler
ReadFile
GetLargestConsoleWindowSize
GetModuleFileNameW
FreeLibrary
FileTimeToSystemTime
FileTimeToLocalFileTime
QueryDosDeviceW
ReadConsoleW
GetSystemTime
GetTickCount
SetConsoleActiveScreenBuffer
LocalFree
SystemTimeToFileTime
SetConsoleScreenBufferSize
CreateConsoleScreenBuffer
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

mfc42u

ord861
ord800
ord540
ord535
ord3658
ord823
ord538
ord2836
ord825
ord2910
ord858
ord5446
ord6390
ord2099
ord5436
ord6379
ord4199
ord5679
ord4273
ord6279
ord6278
ord5706
ord1863
ord5826
ord3722
ord542
ord802
ord5597
ord6563
ord3898
ord2036
ord5830
ord2440
ord537
ord2756
ord2755
ord2810
ord940
ord925
ord922
ord941
ord942
ord924
ord536
ord4197
ord927
ord4124
ord4272

msvcrt

malloc
wprintf
_getch
wcsstr
_wcsicmp
wcsncat
sprintf
wcschr
_wtoi
__RTDynamicCast
iswprint
printf
_c_exit
_exit
wcsncmp
swscanf
wcsrchr
towupper
_purecall
wcsncpy
wcscmp
fclose
_wfopen
_setmode
fread
fwrite
fseek
swprintf
free
__CxxFrameHandler
_CxxThrowException
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
wcscpy
wcslen
wcscat
_controlfp

msvcirt

??6ostream@@QAEAAV0@PBX@Z
?cout@@3Vostream_withassign@@A

msvcp60

?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
?open@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXPBDH@Z
??_D?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?close@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??1?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
?wcin@std@@3V?$basic_istream@GU?$char_traits@G@std@@@1@A
?getline@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGH@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?wcerr@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z

advapi32

SetSecurityDescriptorGroup
RegGetKeySecurity
GetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetAclInformation
GetAce
InitializeAcl
AddAce
RegConnectRegistryW
SetNamedSecurityInfoW
SetSecurityInfo
EnumServicesStatusW
OpenServiceW
RegSetKeySecurity
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
MakeSelfRelativeSD
GetSecurityDescriptorLength
SetKernelObjectSecurity
QueryUsersOnEncryptedFile
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
ConvertSecurityDescriptorToStringSecurityDescriptorW
EqualSid
LookupPrivilegeValueW
AdjustTokenPrivileges
PrivilegeCheck
LookupAccountSidW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorOwner
GetSecurityInfo
AddAccessAllowedAce
InitializeSid
GetKernelObjectSecurity
GetSecurityDescriptorControl
CopySid
GetLengthSid
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
AccessCheck
MapGenericMask
DeleteAce
FreeSid
EqualPrefixSid
AllocateAndInitializeSid
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
IsValidSid
LookupAccountNameW
ConvertSidToStringSidW
RegEnumKeyExW
RegQueryInfoKeyW
OpenSCManagerW
LogonUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

NetShareSetInfo
NetApiBufferFree
NetWkstaGetInfo
NetGetAnyDCName
NetServerGetInfo
NetUserModalsGet

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

winspool.drv

ClosePrinter
EnumPrintersW
GetPrinterW
OpenPrinterW
SetPrinterW

clusapi

CloseCluster
CloseClusterResource
ClusterCloseEnum
ClusterResourceControl
OpenClusterResource
ClusterEnum
ClusterOpenEnum
OpenCluster

ole32

CoInitialize
CoCreateInstanceEx

user32

wsprintfW

samlib

SamSetSecurityObject
SamLookupNamesInDomain
SamOpenUser
SamOpenAlias
SamOpenGroup
SamOpenDomain
SamCloseHandle
SamEnumerateGroupsInDomain
SamEnumerateUsersInDomain
SamEnumerateAliasesInDomain
SamFreeMemory
SamConnect
SamQuerySecurityObject

ntdll

RtlInitUnicodeString
RtlNtStatusToDosError

shell32

CommandLineToArgvW

Sections

.unpack
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2eaf7681cf60327cff49f2244e0aa8b4

Headers

File Characteristics

Imports

kernel32

mfc42u

msvcrt

msvcirt

msvcp60

advapi32

version

netapi32

mpr

winspool.drv

clusapi

ole32

user32

samlib

ntdll

shell32

Sections

.unpack Size: 340KB - Virtual size: 340KB

.unpack
Size: 340KB - Virtual size: 340KB