2a98c899f87cec0ca45971e61915de32_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a98c899f87cec0ca45971e61915de32_JaffaCakes118
Size

172KB
MD5

2a98c899f87cec0ca45971e61915de32
SHA1

9f0ade58eb41e19af3ea1be57ad5db9d63ee0720
SHA256

b66145f588fd299ce8ac32ea9827186d4ef051b6ff0cb225c8a71558d400ee75
SHA512

97a4102bd820a2e67ff2773343d00bb0ea3035c6aacbab2d81b558ca6bc28b8d145812aa7be7b7361423587f867e8c9463ea839ac46c7aabbd47347be07a3779
SSDEEP

3072:9PC0Rw0wyP5b38T4mUakDiTPDMOmcUnf7d6b5eWMwC4vjyErQZ2J2TKcmKGGGtsF:9PC8vwm5b3Y4mUakWfmVnf74FjbyEpMZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a98c899f87cec0ca45971e61915de32_JaffaCakes118

Files

2a98c899f87cec0ca45971e61915de32_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b4b514f9999af74e80300b986708ff9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrIW
StrSpnA
PathRelativePathToA
PathRemoveExtensionA
SHDeleteOrphanKeyW
PathRelativePathToW
UrlApplySchemeW
SHStrDupW
SHRegCreateUSKeyA
PathIsFileSpecW
PathFindSuffixArrayW
SHDeleteOrphanKeyA
AssocQueryStringA
UrlEscapeW
UrlIsNoHistoryA
ChrCmpIW
StrStrNW
SHEnumKeyExW
PathCanonicalizeA
StrToInt64ExW
AssocCreate
SHRegQueryUSValueW
SHEnumValueA
StrIsIntlEqualW
ChrCmpIA

mpr

WNetGetConnectionW
WNetFormatNetworkNameA
WNetGetProviderNameA
I_MprSaveConn
WNetDisconnectDialog1W
WNetPropertyDialogW
WNetDisconnectDialog
WNetSetLastErrorW
WNetGetUniversalNameW
MultinetGetConnectionPerformanceW
WNetGetConnectionA
WNetAddConnection3A
WNetOpenEnumA
WNetGetUserA
WNetSetConnectionA
WNetGetProviderTypeA
WNetEnumResourceA
WNetGetUniversalNameA
WNetConnectionDialog1A
WNetPasswordChangeNotify
WNetLogonNotify
WNetCancelConnection2A
WNetGetProviderNameW
WNetCloseEnum
WNetSetLastErrorA
WNetGetProviderTypeW
WNetGetHomeDirectoryW
WNetClearConnections
WNetGetNetworkInformationW
WNetConnectionDialog1W
WNetSupportGlobalEnum
WNetGetNetworkInformationA
WNetDisconnectDialog2
WNetGetConnection3W

kernel32

GetProfileStringW
GetCurrentThreadId
GetEnvironmentStrings
BaseCheckAppcompatCache
CreateNamedPipeA
LoadLibraryA
LoadLibraryExW
GetModuleHandleW
UTRegister
VirtualAlloc
WritePrivateProfileStructW
CreateTimerQueue
SetFileValidData
CompareStringA
AddAtomW
GetLocaleInfoA
lstrlenA
LocalSize
WriteProfileStringW
RegisterWaitForInputIdle
GetThreadContext
RtlFillMemory
EnumSystemLanguageGroupsA
GetCalendarInfoA
WaitForMultipleObjects
DeleteFileA
RtlCaptureContext
MulDiv
ProcessIdToSessionId
LocalShrink
SetFileShortNameA
GetLocaleInfoW
LocalAlloc
SwitchToFiber
AddVectoredExceptionHandler
ReadFileScatter
LocalLock
BackupWrite
FreeResource
MoveFileWithProgressW
GetProfileSectionA
GetStringTypeExA
FindCloseChangeNotification
RemoveLocalAlternateComputerNameA
SetFirmwareEnvironmentVariableA

polstore

IPSecFreeMulNegPolData
IPSecCopyFilterSpec
IPSecEnumNegPolData
IPSecCopyPolicyData
IPSecFreeNFAData
IPSecGetISAKMPData
IPSecIsDomainPolicyAssigned
IPSecGetAssignedPolicyData
IPSecGetFilterData
IPSecDeleteNegPolData
IPSecCopyISAKMPData
IPSecFreePolicyData
IPSecCreateNegPolData
IPSecFreeNegPolData
IPSecDeleteFilterData
IPSecFreeMulFilterData
IPSecFreePolStr
IPSecSetISAKMPData
IPSecEnumNFAData
IPSecFreeMulNFAData
IPSecCopyNFAData
IPSecExportPolicies
IPSecDeleteISAKMPData
IPSecCreatePolicyData
IPSecFreeMulISAKMPData
IPSecEnumISAKMPData
IPSecCopyAuthMethod
IPSecFreeFilterData
IPSecImportPolicies
IPSecCreateISAKMPData
IPSecAllocPolStr
IPSecFreeFilterSpecs
IPSecDeletePolicyData
IPSecUnassignPolicy
IPSecCopyFilterData
IPSecSetFilterData

comctl32

DrawStatusText
ImageList_Create
GetMUILanguage
CreateUpDownControl
ImageList_GetIcon
FlatSB_GetScrollPos
ImageList_GetBkColor
FlatSB_ShowScrollBar
ImageList_ReplaceIcon
ImageList_GetFlags
ImageList_Write
PropertySheetW
ImageList_LoadImageW
ImageList_EndDrag
PropertySheetA
InitializeFlatSB
MenuHelp
ImageList_Draw
ImageList_GetIconSize
ImageList_GetDragImage
CreateMappedBitmap
CreateStatusWindowW
FlatSB_SetScrollPos
_TrackMouseEvent
ImageList_SetDragCursorImage
ImageList_DragEnter

clusapi

CloseCluster
RemoveClusterResourceDependency
CreateClusterNotifyPort
ClusterRegGetKeySecurity
GetClusterNetInterfaceKey
ClusterGroupCloseEnum
GetClusterNetworkState
PauseClusterNode
OnlineClusterGroup
SetClusterNetworkPriorityOrder
ClusterGetEnumCount
ClusterCloseEnum
OpenClusterGroup
OpenClusterNetwork
ClusterNetworkEnum
EvictClusterNodeEx
GetClusterFromGroup
OpenClusterNetInterface
FailClusterResource
ClusterNetworkGetEnumCount
ClusterRegDeleteValue
BackupClusterDatabase
ClusterRegOpenKey
DeleteClusterResource
SetClusterGroupNodeList
GetClusterGroupKey
CreateClusterResource
GetNodeClusterState
GetClusterNetworkKey
ClusterNodeCloseEnum
DeleteClusterGroup
GetClusterFromResource
ClusterRegSetKeySecurity
CloseClusterResource
RemoveClusterResourceNode
AddClusterResourceNode
GetClusterNodeKey
CreateClusterGroup
GetClusterNodeState
MoveClusterGroup
GetClusterNetworkId
CloseClusterGroup

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4b514f9999af74e80300b986708ff9b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

mpr

kernel32

polstore

comctl32

clusapi

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 84KB - Virtual size: 264KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 816B

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 84KB - Virtual size: 264KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 816B