2df1aa1f3326a68b23f7db0ea46f37f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2df1aa1f3326a68b23f7db0ea46f37f5_JaffaCakes118
Size

78KB
MD5

2df1aa1f3326a68b23f7db0ea46f37f5
SHA1

635ba997cdd2273fcc00554195604c59b259c7ad
SHA256

f92b773dcada36ec0bd400f1c5063eb7626bc883c7ae19437cb950b3b9417dbb
SHA512

becb7ef0b4fbe6bbdebf4ec509b5807082e38875c6186dd1394e35a7c0d32abee3cd67c8366b94668adc5ea7df8675cd58c7b074bd8f9dc25a25bed2559e16ac
SSDEEP

1536:0d18NSE5Va4foeRQ2zuvIXZUIcMOLBXAXBl24qtu/zb9MGZEU4:0d18NSE584f322zRXiVLol2tu/zmGWU4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2df1aa1f3326a68b23f7db0ea46f37f5_JaffaCakes118

Files

2df1aa1f3326a68b23f7db0ea46f37f5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7e4ddef1256029a67eaf583f4b5beb1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
SetFilePointer
GetProcAddress
MultiByteToWideChar
ReadFile
InterlockedIncrement
ExitProcess
CreateThread
WriteFile
EnterCriticalSection
Sleep
WriteFile
DeleteCriticalSection
lstrcpyW
GetACP
InitializeCriticalSection
Sleep
GetModuleHandleW
VirtualProtect
HeapDestroy
GetCurrentThreadId
GetModuleHandleA
LoadLibraryA
InterlockedIncrement
SetUnhandledExceptionFilter
GetProcessHeap
SetFilePointer
ReadFile

advapi32

AdjustTokenPrivileges
SetServiceStatus
QueryServiceStatus
OpenSCManagerW
MakeSelfRelativeSD
AllocateAndInitializeSid
DeregisterEventSource
AllocateAndInitializeSid
OpenServiceW
GetTokenInformation
RegOpenKeyW
QueryServiceStatus
RegCreateKeyExW
RegEnumKeyExW
MakeSelfRelativeSD
GetAce
OpenThreadToken
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
ReportEventW
FreeSid
InitializeSecurityDescriptor
RegisterEventSourceW
RegisterServiceCtrlHandlerW
OpenServiceW
RegisterEventSourceW
RegDeleteValueA

user32

CharUpperW
GetClassNameW
ClientToScreen
GetActiveWindow
GetCursorPos
GetThreadDesktop
SetWindowTextA
RegisterWindowMessageW
EndDialog
AppendMenuW
IntersectRect
LoadAcceleratorsW
DestroyMenu
SetScrollPos
SendMessageW
SetProcessWindowStation
CheckDlgButton
SetProcessWindowStation
CreateWindowExW
GetThreadDesktop
IsWindowVisible
InvalidateRect
GetThreadDesktop
IsWindowEnabled

gdi32

SaveDC
DeleteDC
RealizePalette
SetTextColor
SelectObject
GetTextMetricsW
SetMapMode
DeleteObject
RestoreDC
GetStockObject
LineTo
DeleteObject
GetObjectW
Rectangle
GetTextExtentPoint32W
DeleteDC
DeleteObject
StretchBlt
Rectangle
DeleteObject
CreateRectRgn
SetTextAlign
SelectPalette
DeleteObject
SetBkColor
CreatePen
SetTextColor
SetTextColor
GetTextExtentPoint32W
GetTextExtentPointW

shell32

SHGetSpecialFolderLocation
ExtractIconExW
SHGetDesktopFolder
SHGetFileInfoW
DragQueryFileW
ShellAboutW
SHChangeNotify
SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteExW
SHGetPathFromIDListW
ExtractIconW
SHGetSpecialFolderLocation
SHChangeNotify
ShellExecuteExW
ShellExecuteExW
SHGetDesktopFolder
SHGetPathFromIDListW
CommandLineToArgvW
DragQueryFileW
DragFinish
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetFolderPathW

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e4ddef1256029a67eaf583f4b5beb1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

Sections

.text Size: 7KB - Virtual size: 8KB

.data Size: 65KB - Virtual size: 92KB

.rdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 8KB

.data
Size: 65KB - Virtual size: 92KB

.rdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB