2a32e2bf3f58e551bdb6b75e3cfbed9c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2a32e2bf3f58e551bdb6b75e3cfbed9c_JaffaCakes118
Size

401KB
MD5

2a32e2bf3f58e551bdb6b75e3cfbed9c
SHA1

b9b8c049b86be303af21eb5d447cd83823dbe8f0
SHA256

143fb8d2059aaffee3d9d185326aa6ec3ab6cdcf0f4252fa7426f6ec0ca9b106
SHA512

c415160b68a1c5ae0e39caff2c5521eb3a2e65c09f1d17602f63435f5b101e362100b3e5f3d39322019283451c35e97a0edc45d7198c7a351fb4d9b4667748bd
SSDEEP

6144:aaZuJtMarECWXMRAhy+AVYLLhJwGS3wUnLpSpYkL724vuY5:qtMQFY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a32e2bf3f58e551bdb6b75e3cfbed9c_JaffaCakes118

Files

2a32e2bf3f58e551bdb6b75e3cfbed9c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0146b3e90c4fba92fe9d8927655eff19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rstrui.pdb

Imports

shlwapi

SHDeleteValueW
SHGetValueW
StrCpyNW
PathGetArgsW
StrCmpIW
ChrCmpIW
StrToIntW
StrCmpNIW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW

advapi32

FreeSid
SetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CloseServiceHandle
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyW
DeregisterEventSource
RegisterEventSourceW
RegQueryValueExW
OpenServiceW
OpenSCManagerW
QueryServiceConfigW
QueryServiceStatus
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
ReportEventW
RegQueryValueExA
RegOpenKeyExA

kernel32

GetCommandLineW
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetLocaleInfoW
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceExW
GetVersionExW
FormatMessageW
CreateEventW
ResetEvent
SetEvent
WaitForSingleObject
lstrcmpiA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryA
VirtualFree
VirtualAlloc
WriteFile
CreateProcessW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
ExpandEnvironmentStringsW
lstrcpynW
GetFileAttributesW
UnmapViewOfFile
CloseHandle
ReadFile
SetLastError
GetCurrentThreadId
GetCurrentProcess
RaiseException
InterlockedExchange
GetStartupInfoW
GetModuleHandleA
RemoveDirectoryW
LocalAlloc
GetComputerNameW
GetVolumeNameForVolumeMountPointW
FindFirstFileW
FindNextFileW
FindClose
lstrcmpW
MoveFileW
DeleteFileW
SetFileAttributesW
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
GetShortPathNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrlenA
GetWindowsDirectoryW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
HeapCreate
GetSystemInfo
GetModuleFileNameW
lstrcatW
HeapDestroy
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrcpyW
lstrlenW
MultiByteToWideChar
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapReAlloc
GetSystemDirectoryW

gdi32

CreateRectRgnIndirect
CreateMetaFileW
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateDCW
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
GetDeviceCaps

user32

InvalidateRect
EndPaint
GetClientRect
BeginPaint
IsChild
GetFocus
SetFocus
ShowWindow
GetParent
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
CreateWindowExW
SetWindowPos
SendMessageW
MapWindowPoints
SystemParametersInfoW
GetWindowRect
GetWindow
LoadStringW
GetDesktopWindow
AdjustWindowRectEx
GetSystemMetrics
LoadImageW
MessageBoxW
ExitWindowsEx
SetForegroundWindow
FindWindowW
SetCursor
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
wvsprintfW
GetKeyState
IsWindow
CallWindowProcW
GetWindowLongW
SetWindowLongW
UnionRect
CharNextW
DestroyWindow
DefWindowProcW
ReleaseDC
GetDC
PtInRect
DestroyAcceleratorTable

srrstr

ord5
ord2
ord10
ord3
ord6

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoUninitialize
OleRegEnumVerbs
OleRegGetUserType
CoRegisterClassObject
OleRegGetMiscStatus
CreateDataAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream
CreateOleAdviseHolder
CoRevokeClassObject
CoTaskMemFree

oleaut32

DispCallFunc
VariantInit
VariantTimeToSystemTime
SysAllocString
SysFreeString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
OleCreatePropertyFrame
SystemTimeToVariantTime

msvcrt

realloc
_ftol
wcscmp
wcsstr
free
_wtoi
strtol
_wcsnicmp
_except_handler3
malloc
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
wcschr
_controlfp
_onexit
__dllonexit
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_wtol
wcsncmp
__CxxFrameHandler

winsta

WinStationFreeMemory
WinStationIsHelpAssistantSession
WinStationEnumerateW
WinStationOpenServerW
WinStationCloseServer

Exports

Exports

??0CCounter@@QAE@XZ
??1CCounter@@QAE@XZ
??4CCounter@@QAEAAV0@ABV0@@Z
?Down@CCounter@@QAEKXZ
?GetCount@CCounter@@QAEJXZ
?Init@CCounter@@QAEKXZ
?Up@CCounter@@QAEXXZ
?WaitForZero@CCounter@@QAEKXZ

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 283KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qwjmvtj
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0146b3e90c4fba92fe9d8927655eff19

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

advapi32

kernel32

gdi32

user32

srrstr

ole32

oleaut32

msvcrt

winsta

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 283KB - Virtual size: 284KB

qwjmvtj Size: - Virtual size: 4KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 283KB - Virtual size: 284KB

qwjmvtj
Size: - Virtual size: 4KB