28cc21978fe8fc1d4c2172f8a2b0f225_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

28cc21978fe8fc1d4c2172f8a2b0f225_JaffaCakes118
Size

380KB
MD5

28cc21978fe8fc1d4c2172f8a2b0f225
SHA1

77a19119ede229fac1e8c6a13f1532bad88ac2e5
SHA256

5314b2a45961cb319dcfdba2817390ba414f9ad32b26de530ec1cb49bd6cac56
SHA512

ef68febb71134c990102b36f5b7ac673e1803c841d16b6afede709cd95a12c75dc440a1394157b14b5d0c8278cf8ea497736066abff072377f678646b998ae69
SSDEEP

6144:Nc3YlH4jO6en/Nef6m9CK8tCd3Jwv89plhSiqbreBLNIq5MJ1mJRvQNtClXbfQbl:K3YB4jReMyeCK8tC9Jwk97pqX8o1eFkd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28cc21978fe8fc1d4c2172f8a2b0f225_JaffaCakes118

Files

28cc21978fe8fc1d4c2172f8a2b0f225_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2999f4000dfa5acabf77de9435f0d303

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
DnsHostnameToComputerNameA
GetOverlappedResult
LocalAlloc
ReplaceFileW
WaitNamedPipeW
DeleteFileW
VirtualFreeEx
InterlockedPopEntrySList
OpenMutexW
ConvertFiberToThread
GlobalHandle
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
LoadLibraryA
CreateSemaphoreW
GetLongPathNameW
GetDriveTypeW
GetConsoleCommandHistoryW
ReadFileScatter
WaitForMultipleObjectsEx
GetVolumeNameForVolumeMountPointW
WaitForSingleObjectEx
GetCompressedFileSizeA
VirtualFree
WriteTapemark
GetFileAttributesExA
GetStringTypeExA
VirtualAlloc
FindNextFileW
GetEnvironmentStringsW
ReadConsoleOutputW
CreateToolhelp32Snapshot
Heap32First
GetComPlusPackageInstallStatus
SetConsoleLocalEUDC
GetCurrentThread
LZCloseFile
GetEnvironmentStrings

ntmarta

AccProvGetOperationResults
AccProvRevokeAuditRights
AccRewriteSetNamedRights
AccProvHandleRevokeAuditRights
AccConvertAclToAccess
AccGetInheritanceSource
AccRewriteGetExplicitEntriesFromAcl
AccGetAccessForTrustee
AccProvGetAccessInfoPerObjectType
AccConvertAccessToSD
AccRewriteGetNamedRights
AccProvHandleSetAccessRights
EventNameFree
AccProvHandleGetTrusteesAccess
AccProvRevokeAccessRights
AccLookupAccountSid
AccConvertSDToAccess
AccProvHandleIsAccessAudited
AccProvGrantAccessRights
AccProvIsAccessAudited
AccConvertAccessToSecurityDescriptor
AccProvHandleGetAllRights
AccTreeResetNamedSecurityInfo
AccProvHandleRevokeAccessRights
AccFreeIndexArray
AccGetExplicitEntries
EventGuidToName
AccRewriteSetEntriesInAcl
AccSetEntriesInAList
AccProvGetTrusteesAccess
AccProvGetAllRights
AccProvHandleIsObjectAccessible
AccLookupAccountTrustee
AccRewriteSetHandleRights
AccProvIsObjectAccessible
AccLookupAccountName
AccProvGetCapabilities
AccProvHandleGetAccessInfoPerObjectType
AccRewriteGetHandleRights
AccProvSetAccessRights
AccProvHandleGrantAccessRights
AccProvCancelOperation

ntdll

NlsMbCodePageTag
ZwUnloadKeyEx
tolower
NtQueueApcThread
RtlNewSecurityGrantedAccess
NtQuerySystemEnvironmentValueEx
NtAdjustGroupsToken
ZwCreateProfile
NtAccessCheck
RtlDosSearchPath_U
ZwExtendSection
ZwQueryIoCompletion
RtlFindClearRuns
_itow
ZwCreateEventPair
NtAddBootEntry
RtlDeleteAtomFromAtomTable
RtlEnumerateGenericTableAvl
RtlOemToUnicodeN
RtlAbortRXact
NtOpenTimer
RtlDeleteTimer
_memccpy
RtlAssert
RtlAppendStringToString
ZwAddBootEntry
ZwSystemDebugControl
NtOpenProcess
NtQueryMutant
RtlRegisterWait
ZwCancelTimer
NtCreateJobSet
wcschr
_ltoa
ZwCreateKeyedEvent
RtlSetDaclSecurityDescriptor
NtSetSystemEnvironmentValueEx
RtlInt64ToUnicodeString
ZwQueryIntervalProfile
NtQueryEvent
RtlCompactHeap
ZwReadRequestData
__iscsymf
ZwDebugContinue
RtlEqualLuid
RtlInitNlsTables
RtlEqualSid
ZwDeleteFile
NtFindAtom
RtlDelete
NtEnumerateKey
NtFlushVirtualMemory
DbgUiConvertStateChangeStructure
ZwFreeUserPhysicalPages
NtPowerInformation
isprint
RtlEnumerateGenericTableLikeADirectory
RtlAddAccessAllowedObjectAce
ZwOpenIoCompletion
_aullrem
NtQueryEaFile
RtlGUIDFromString
RtlInitializeGenericTable
NtQueryIntervalProfile
RtlCaptureContext
ZwCreatePagingFile
RtlOemStringToUnicodeSize
ZwCreateJobObject

comdlg32

Ssync_ANSI_UNICODE_Struct_For_WOW
PrintDlgExA
LoadAlterBitmap
ReplaceTextW
GetFileTitleW
PrintDlgA
GetFileTitleA
WantArrows
PrintDlgW
GetOpenFileNameA
GetSaveFileNameW
FindTextA
FindTextW
ChooseColorA
ChooseColorW
CommDlgExtendedError
ReplaceTextA
dwOKSubclass
dwLBSubclass
GetOpenFileNameW
PrintDlgExW
ChooseFontA
GetSaveFileNameA
PageSetupDlgA
ChooseFontW

user32

RegisterSystemThread
RegisterShellHookWindow
UnregisterClassA
MonitorFromWindow
CreateSystemThreads
DdeSetQualityOfService
GetLastInputInfo
SwapMouseButton
BringWindowToTop
IMPGetIMEA
FreeDDElParam
LoadStringA
CharLowerA
PrivateExtractIconExA
UnhookWindowsHookEx
EmptyClipboard
IsDlgButtonChecked
LoadRemoteFonts
BroadcastSystemMessageExW
PostMessageW
MapDialogRect
DrawTextExA
GetKeyboardState
DisableProcessWindowsGhosting
DrawFocusRect
SetWindowLongW
GetQueueStatus
DdeQueryStringA
IMPSetIMEW
GetNextDlgTabItem
GetWindowDC
SystemParametersInfoA
CopyImage
SetWindowTextA
SetMessageQueue
CharUpperA
DeviceEventWorker
DdeDisconnectList
DdeGetLastError
GetMenuInfo
CreateDialogIndirectParamA
CreateCaret
CharNextW
CharLowerW
GetWindowContextHelpId
UserRealizePalette
SetWindowsHookA
MessageBoxTimeoutW
UnlockWindowStation
LoadLocalFonts
CascadeChildWindows
CharToOemBuffW
IsZoomed
GetOpenClipboardWindow
DrawStateW
DdeAbandonTransaction
RegisterTasklist
keybd_event
DdeAccessData
RedrawWindow
GetMenuItemCount
GetTabbedTextExtentW
ShowOwnedPopups
SendMessageTimeoutW
MsgWaitForMultipleObjectsEx
IsGUIThread
RegisterClipboardFormatW
DdeQueryNextServer
ScrollChildren
SetWindowTextW
CallNextHookEx
GetProcessWindowStation
OemToCharBuffA
GetAncestor
GetScrollPos
UserLpkTabbedTextOut

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2999f4000dfa5acabf77de9435f0d303

Headers

File Characteristics

Imports

kernel32

ntmarta

ntdll

comdlg32

user32

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 512B - Virtual size: 597KB

.rsrc Size: 177KB - Virtual size: 177KB

.reloc Size: 1KB - Virtual size: 29KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 512B - Virtual size: 597KB

.rsrc
Size: 177KB - Virtual size: 177KB

.reloc
Size: 1KB - Virtual size: 29KB