2a1fe4507f585ac9065717b31f546e21_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a1fe4507f585ac9065717b31f546e21_JaffaCakes118
Size

474KB
MD5

2a1fe4507f585ac9065717b31f546e21
SHA1

6ddb189477dd6ba245fc2f2f3a53ef3022ed235d
SHA256

5d20962973d7e33eb7c8d0b0f3b87507b199e4f19ae70fbf442eec5f5b8e0ac7
SHA512

90d755e01fc58b774955b9ed296b2b0157d3fba33d36ffaeda0be336772095c6a1e079c9c90a88858d7b387fc195d50ab1eef75f97bbe4e9392c98e93ca4ade6
SSDEEP

12288:YYlMbyYcKahZcDB3N8VnUlq+84xJTztBbJB3E5efD:YYl0yYcfZgB3u+s2xJVBbJ15D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a1fe4507f585ac9065717b31f546e21_JaffaCakes118

Files

2a1fe4507f585ac9065717b31f546e21_JaffaCakes118
.exe windows:4 windows x86 arch:x86

20dbd7b05613c34708eb27dc70c132c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

AddFontResourceW
GetTextMetricsW
SelectObject
GetTextFaceW
GetTextExtentPoint32W
DeleteObject
EnumFontFamiliesExW
CreateFontW
RemoveFontResourceW
GetDeviceCaps
CreateFontIndirectW

ntdll

RtlUshortByteSwap
NtAllocateVirtualMemory
LdrGetDllHandle

kernel32

GetLocalTime
FileTimeToDosDateTime
OutputDebugStringW
ExpandEnvironmentStringsW
GetFileSize
FreeLibraryAndExitThread
FindClose
MapViewOfFile
IsValidCodePage
MoveFileW
DeleteFileW
FileTimeToLocalFileTime
InterlockedDecrement
QueryPerformanceCounter
lstrlenW
lstrcmpiA
GetUserDefaultLangID
GetPrivateProfileStringW
GetExitCodeProcess
FlushFileBuffers
SizeofResource
SetFileAttributesW
ExitThread
WideCharToMultiByte
DosDateTimeToFileTime
GetDiskFreeSpaceW
lstrcmpW
GetDiskFreeSpaceExW
LocalAlloc
ReadFile
DisableThreadLibraryCalls
GetExitCodeThread
CreateThread
SetUnhandledExceptionFilter
GetACP
LoadResource
SetEndOfFile
GetSystemInfo
MulDiv
GetTimeFormatW
GetVersionExW
GetNumberFormatW
WritePrivateProfileStringW
LockResource
GetFileTime
DebugBreak
TlsAlloc
GetSystemTimeAsFileTime
CreateDirectoryW
GetCurrentDirectoryW
InterlockedExchange
OutputDebugStringA
SetFileTime
GetProcAddress
InitializeCriticalSection
GetCurrentThreadId
CreateFileMappingW
EnterCriticalSection
GlobalReAlloc
UnmapViewOfFile
FindFirstFileW
FormatMessageW
DuplicateHandle
LocalFree
FindResourceExW
CloseHandle
VirtualFree
GetCurrentThread
GetEnvironmentVariableW
TerminateProcess
GetCurrentProcess
GetComputerNameW
FileTimeToSystemTime
UnhandledExceptionFilter
LoadLibraryExW
GetModuleHandleW
GetFileAttributesW
lstrcpynA
EnumResourceNamesW
ResetEvent
GlobalUnlock
WriteFile
WriteProfileStringW
GetSystemDefaultLangID
TlsSetValue
FreeEnvironmentStringsW
GetTempFileNameW
Sleep
LoadLibraryW
TlsFree
GetDateFormatW
WaitForSingleObject
ExpandEnvironmentStringsA
CreateFileW
GlobalLock
IsDebuggerPresent
SetEnvironmentVariableW
GetLocaleInfoW
GlobalFree
CreateEventW
GetShortPathNameW
MultiByteToWideChar
FreeLibrary
GetWindowsDirectoryW
CreateMutexW
EnumResourceLanguagesW
GetEnvironmentStringsW
SystemTimeToFileTime
GetProfileStringW
GlobalAlloc
GetSystemDirectoryW
LockFile
LocalFileTimeToFileTime
TerminateThread
GlobalMemoryStatus
GetTempPathW
FormatMessageA
GetUserDefaultLCID
SetLastError
GetOverlappedResult
CompareStringW
DeleteCriticalSection
SetFilePointer
MoveFileExW
OpenProcess
ExitProcess
GetModuleFileNameW
CreateProcessW
lstrlenA
TlsGetValue
SetErrorMode
GetCurrentProcessId
WaitForMultipleObjects
RaiseException
ReleaseMutex
GetVolumeInformationW
GetTickCount
GetModuleFileNameA
LeaveCriticalSection
lstrcpynW
GetFileType
FindNextFileW
GetDriveTypeW
ResumeThread
lstrcmpA
lstrcmpiW
InterlockedIncrement
UnlockFile
RemoveDirectoryW
GetLastError
VirtualAlloc
SetEvent
GetFileSizeEx
OpenMutexW

rpcrt4

NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrClientCall2
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
IUnknown_AddRef_Proxy
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
NdrOleAllocate
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
NdrDllGetClassObject
CStdStubBuffer_QueryInterface

advapi32

OpenThreadToken
AdjustTokenPrivileges
AddAccessAllowedAce
RegEnumKeyExA
SetThreadToken
GetSecurityDescriptorControl
PrivilegeCheck
RegEnumValueW
GetServiceDisplayNameW
OpenServiceW
SetFileSecurityW
DeleteService
CloseServiceHandle
AllocateAndInitializeSid
MakeSelfRelativeSD
InitializeAcl
GetSidSubAuthorityCount
MakeAbsoluteSD
AddAccessDeniedAce
ControlService
ChangeServiceConfigW
SetSecurityDescriptorGroup
RegQueryValueExW
RegQueryValueExA
OpenSCManagerW
QueryServiceStatus
GetFileSecurityW
GetUserNameW
RegDeleteValueW
RegEnumValueA
RegSetValueExW
GetSecurityDescriptorOwner
GetSidLengthRequired
RegFlushKey
RegSetKeySecurity
CopySid
RegEnumKeyW
RegConnectRegistryW
ReportEventW
RegCreateKeyExW
QueryServiceConfigW
GetSecurityDescriptorLength
IsValidSecurityDescriptor
RegEnumKeyExW
LookupPrivilegeValueW
FreeSid
OpenProcessToken
SetSecurityDescriptorDacl
RegDeleteKeyW
RegGetKeySecurity
DeregisterEventSource
RegSetValueExA
GetLengthSid
CreateServiceW
GetAce
GetSecurityDescriptorGroup
RegCloseKey
InitializeSecurityDescriptor
StartServiceW
RegOpenKeyExW
SetTokenInformation
EqualSid
ConvertSidToStringSidW
DuplicateToken
SetSecurityDescriptorOwner
GetTokenInformation
RegisterEventSourceW
EnumDependentServicesW
LookupAccountNameW
RegQueryInfoKeyW

user32

GetUserObjectInformationW
MoveWindow
DefWindowProcW
CharUpperBuffW
DestroyWindow
GetSystemMenu
SystemParametersInfoW
GetSystemMetrics
CharUpperW
PostThreadMessageW
RegisterWindowMessageW
CharNextW
TranslateMessage
SetWindowLongW
SetCursor
MapWindowPoints
EnableWindow
GetDC
CharPrevW
ReleaseDC
GetDlgItem
GetWindowTextW
IsDialogMessageW
EndDialog
GetProcessWindowStation
LoadCursorW
ExitWindowsEx
GetWindowTextLengthW
LoadIconW
SetForegroundWindow
IsCharLowerW
GetWindowRect
UnregisterClassW
GetFocus
MsgWaitForMultipleObjects
SetFocus
CopyRect
MessageBoxW
IsWindowEnabled
SetWindowTextW
PostMessageW
InvalidateRect
IsWindowVisible
PeekMessageW
CharPrevA
PostQuitMessage
CharLowerW
GetClientRect
LoadStringW
SendDlgItemMessageW
CreateDialogParamW
DispatchMessageW
CharNextA
SetDlgItemTextW
SendMessageW
GetWindow
DialogBoxParamW
GetActiveWindow
GetDlgItemTextW
GetWindowLongW
SendMessageTimeoutW
GetWindowThreadProcessId
SetWindowPos
SetUserObjectSecurity
ShowWindow
RegisterClassW
EnumWindows
CreateWindowExW
RemoveMenu
DrawTextW

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 91KB - Virtual size: 1000KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

20dbd7b05613c34708eb27dc70c132c2

Headers

File Characteristics

Imports

gdi32

ntdll

kernel32

rpcrt4

advapi32

user32

Sections

.text Size: 23KB - Virtual size: 23KB

.reloc Size: 512B - Virtual size: 24B

.rsrc Size: 284KB - Virtual size: 283KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 91KB - Virtual size: 1000KB

.text
Size: 23KB - Virtual size: 23KB

.reloc
Size: 512B - Virtual size: 24B

.rsrc
Size: 284KB - Virtual size: 283KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 91KB - Virtual size: 1000KB