27fcf6f507fda2e72dd54fc627f79e37_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

27fcf6f507fda2e72dd54fc627f79e37_JaffaCakes118
Size

488KB
MD5

27fcf6f507fda2e72dd54fc627f79e37
SHA1

8234af82ded7979b843bc3ac2abd5b8c36fa5bac
SHA256

e0885c94e24bc683e18b6b04a07fb042efbe263170541a5d90cf8f20fe5e832e
SHA512

f25d801ed236dc3d3879af667b7a3058d8baee0a45bac2ba0aad6c80bbc7e3359a63a860cf1ce19547f93cfc751a772c2b4574e0e54f7f924e63b21d52b6b1a4
SSDEEP

12288:W9tTbLysKNy0j/+F5wvuztiBdp2sYY2jMMnMMMMM1f:W9RbLyry0jGcdTYhMMnMMMMMR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27fcf6f507fda2e72dd54fc627f79e37_JaffaCakes118

Files

27fcf6f507fda2e72dd54fc627f79e37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

37244ffbc23a472c99f665b1b7ee9b4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
LeaveCriticalSection
GetProcAddress
InterlockedDecrement
SystemTimeToTzSpecificLocalTime
WaitForSingleObject
LocalAlloc
FileTimeToSystemTime
GetModuleHandleW
DisableThreadLibraryCalls
GetTickCount
FormatMessageW
QueryPerformanceCounter
GetStartupInfoA
GetACP
TerminateProcess
InitializeCriticalSection
lstrlenW
FileTimeToLocalFileTime
LocalFree
UnhandledExceptionFilter
GetCurrentProcessId
SystemTimeToFileTime
GetCurrentProcess
GetCurrentThreadId
LocalFileTimeToFileTime
CreateSemaphoreW
SetLastError
GetComputerNameW
LoadLibraryW
InterlockedIncrement
ReleaseSemaphore
GetSystemTime
GetSystemTimeAsFileTime
FileTimeToDosDateTime
CloseHandle
SetUnhandledExceptionFilter
DeleteCriticalSection
FreeLibrary
DosDateTimeToFileTime

ole32

CoTaskMemFree
StringFromGUID2
CreatePointerMoniker
CoCreateInstance
StringFromCLSID
CLSIDFromString
IIDFromString

rpcrt4

RpcStringFreeW

mpr

WNetCancelConnection2W
WNetAddConnection2W

user32

LoadStringW
wsprintfW

netapi32

NetLocalGroupSetInfo
NetLocalGroupDel
NetApiBufferFree
NetUserModalsSet
NetLocalGroupAdd
NetServerGetInfo
NetGetDCName
NetLocalGroupAddMembers
NetGroupAddUser
NetLocalGroupGetInfo
NetGroupEnum
NetUseGetInfo
NetUserGetLocalGroups
NetGroupDelUser
NetGroupDel
NetSessionGetInfo
NetShareSetInfo
NetGroupGetUsers
NetFileGetInfo
NetQueryDisplayInformation
NetSessionDel
NetShareGetInfo
NetShareAdd
NetGroupSetInfo
NetUserModalsGet
NetLocalGroupEnum
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
NetLocalGroupDelMembers
NetShareDel
NetGetAnyDCName
NetWkstaUserGetInfo
NetWkstaGetInfo
NetServerEnum
NetLocalGroupGetMembers
NetUserGetInfo
NetUserSetInfo
NetUserAdd
NetUserDel
NetUserGetGroups
NetGroupGetInfo
NetGroupAdd
NetSessionEnum
NetUserChangePassword
NetShareEnum
NetServerSetInfo

oleaut32

VariantCopy

msvcrt

_initterm
_itow
wcslen
wcscpy
_CxxThrowException
wcscat
_ftol
_purecall
_ltow
wcscmp
__dllonexit
wcschr
_wtol
_wcsnicmp
wcsrchr
malloc
_wcsicmp
_except_handler3
_adjust_fdiv
_onexit
free

ntdll

NtAllocateVirtualMemory
RtlRunDecodeUnicodeString
RtlAdjustPrivilege
RtlAddAccessAllowedAceEx
RtlTimeToSecondsSince1970

advapi32

RegOpenKeyExW
UnlockServiceDatabase
RegEnumKeyExW
QueryServiceStatus
SystemFunction041
LockServiceDatabase
RegQueryValueExW
DeleteService
GetSidSubAuthorityCount
ChangeServiceConfigW
OpenServiceW
GetSidSubAuthority
CreateServiceW
SystemFunction040
GetLengthSid
GetSidIdentifierAuthority
StartServiceW
QueryServiceConfigW
RegConnectRegistryW
EnumServicesStatusW
OpenSCManagerW
RegCloseKey
ControlService
CloseServiceHandle
LookupAccountNameW
GetUserNameW

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 976KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37244ffbc23a472c99f665b1b7ee9b4f

Headers

File Characteristics

Imports

kernel32

ole32

rpcrt4

mpr

user32

netapi32

oleaut32

msvcrt

ntdll

advapi32

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 9KB - Virtual size: 976KB

.idata Size: 4KB - Virtual size: 4KB

.rdata Size: 411KB - Virtual size: 411KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 9KB - Virtual size: 976KB

.idata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 411KB - Virtual size: 411KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 512B - Virtual size: 56B