2de7168cd9a599ffb4cb964824dfb149_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2de7168cd9a599ffb4cb964824dfb149_JaffaCakes118
Size

273KB
MD5

2de7168cd9a599ffb4cb964824dfb149
SHA1

ec14ae0ea57f54a9c9dfa66a6d84fd678235a3fa
SHA256

462d5fdb5600a9ff0a35c659ab36a3720c9908ff9e14ba04b03423d81512b237
SHA512

6114eada39bc74c421df12b10f871df58a5249082b9d09818700044da63ffc5b1e52fec582e10ab37ebaca8b8be59b8882fa4cf91256b3e4d24935d99673f2a7
SSDEEP

6144:1aOFoNDRLCR3lwAxFgwsKlLKU/2r9bcK9Cay76+8DW9re5fqJXXNhym0m:cVUvntlOG2r9vCam8GcyXaa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2de7168cd9a599ffb4cb964824dfb149_JaffaCakes118

Files

2de7168cd9a599ffb4cb964824dfb149_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42bff49df196bcf79987cc2ba6d69ae9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
RegCreateKeyA
RegQueryValueExW
RegDeleteValueA
SetSecurityDescriptorDacl
DeregisterEventSource
AdjustTokenPrivileges
RegEnumKeyW
RegQueryInfoKeyA
RegSetValueA
OpenProcessToken
RegDeleteKeyA
RegEnumValueA
RegSetValueExW
RegQueryValueExA
RegCreateKeyW
InitializeSecurityDescriptor
RegisterEventSourceA
RegOpenKeyA
RegDeleteValueW
RegOpenKeyW
RegEnumValueW
ReportEventA
RegOpenKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyW
RegSetValueExA
RegEnumKeyA

samlib

SamConnect
SamLookupNamesInDomain
SamConnectWithCreds

user32

GetCursor
keybd_event
DestroyMenu
GetSubMenu
RegisterClipboardFormatA
GetKeyState
AppendMenuA
ModifyMenuA
SetWindowTextA
GetMenuItemCount
GetClassInfoA
SetMenu
GetQueueStatus
SetForegroundWindow
EnumThreadWindows
CharLowerA
SetWindowContextHelpId
DdeClientTransaction
DdeInitializeA
IsWindowEnabled
LoadImageA
CharNextA
SetParent
AttachThreadInput
ShowCaret
DeleteMenu
IsClipboardFormatAvailable
DrawMenuBar
LoadCursorA
DdeCreateDataHandle
ShowScrollBar
GetParent
OffsetRect
DdeConnect
SetPropA

ws2_32

WSAConnect
setsockopt

ddraw

DirectDrawEnumerateA

kernel32

GlobalAddAtomA
SetHandleCount
GlobalDeleteAtom
ExitThread
LoadResource
ExitProcess
GetSystemDirectoryA
GetStartupInfoA
SetEvent
GetStringTypeA
WriteFile
FindFirstFileA
TlsGetValue
GetProfileStringA
MultiByteToWideChar
FreeLibrary
GetExitCodeProcess
lstrlenA
GetSystemDefaultLCID
RtlUnwind
lstrcmpA
GetCurrentProcessId
FormatMessageA
ResumeThread
SetFileTime
GetUserDefaultLangID
CreateDirectoryA
FormatMessageW
VirtualFree
TlsSetValue
EnterCriticalSection
MulDiv
lstrcmpiW
GetWindowsDirectoryA
CreateEventA
GetModuleFileNameW
SizeofResource
DeleteCriticalSection
lstrcpynA
HeapReAlloc
GetTimeZoneInformation
CreateFileA
VirtualProtect
InitializeCriticalSection
SetStdHandle
SetLastError
LockFile
LockResource
CreateThread
GetLocaleInfoA
GetModuleHandleA
FreeEnvironmentStringsA
FreeResource
GetACP
GetFileTime
GetCurrentDirectoryA
_lread
CompareStringA
GetFileType
HeapAlloc
GetEnvironmentStringsW
HeapSize
UnhandledExceptionFilter
LeaveCriticalSection
GetVersionExA
LoadLibraryExA
TlsAlloc
GetStringTypeExA
GetDateFormatA
WideCharToMultiByte
GetModuleFileNameA
CreateProcessA
MoveFileA
Sleep
GetSystemInfo
RemoveDirectoryA
InterlockedDecrement
IsDBCSLeadByte
GetFileAttributesA
SetFileAttributesA
GetTempPathA
GetLastError
GlobalHandle
GlobalAlloc
lstrcatA
SetCurrentDirectoryA
FlushInstructionCache
GetCurrentThreadId
_llseek
GetStdHandle
GlobalLock
GlobalFree
GetTempFileNameA
FileTimeToLocalFileTime
GlobalReAlloc
SetErrorMode
GetFullPathNameA
FindResourceA
SetEndOfFile
VirtualAlloc
lstrcpyA
HeapCreate
GetTickCount
lstrcmpiA
DeleteFileA
GetStringTypeW
ReleaseSemaphore
GetCurrentProcess
GetShortPathNameA
GlobalSize
GetCPInfo
CreateSemaphoreA
WaitForSingleObject
SetLocalTime
FreeEnvironmentStringsW
CompareStringW
GetSystemTime
GetDriveTypeA
GetSystemDefaultLangID
UnlockFile
ResetEvent
VirtualQuery
RaiseException
_lclose
_lwrite
TerminateProcess
LoadLibraryA
LCMapStringA
GetUserDefaultLCID
DuplicateHandle
WinExec
GetEnvironmentStrings
FindClose
OpenProcess
FlushFileBuffers
CreateProcessW
ReadFile
FindNextFileA
TlsFree
GetLocalTime
GetProcAddress
GetVolumeInformationA
FileTimeToSystemTime
HeapDestroy
GlobalUnlock
LCMapStringW
GetOEMCP
SetEnvironmentVariableA
CloseHandle
IsBadCodePtr
SystemTimeToFileTime
GetVersion
InterlockedIncrement
HeapFree
SetFilePointer
GetCommandLineA
SearchPathA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42bff49df196bcf79987cc2ba6d69ae9

Headers

File Characteristics

Imports

advapi32

samlib

user32

ws2_32

ddraw

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 155KB - Virtual size: 1024KB

.rsrc Size: 131KB - Virtual size: 131KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 155KB - Virtual size: 1024KB

.rsrc
Size: 131KB - Virtual size: 131KB