2f78cd55459a644952ed2a453f60650f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f78cd55459a644952ed2a453f60650f_JaffaCakes118
Size

267KB
MD5

2f78cd55459a644952ed2a453f60650f
SHA1

f3ec218645472be5c440830d774bd6ad163ce7d2
SHA256

c9e071a1023b155b4b488cba93f7f349e2e1433a45ca01a83367085b6fe6e3ac
SHA512

834cd4b532d592009c0d6e256a093999f2545d2d0898da13887f77925262b133684c922a427ac2cfe86805620e825877e20129265611d9191d7daaefe2e8b89e
SSDEEP

6144:+vg4XsGKhDFC6NZVITbRWn3I1uBVSGLQJtVtb3R:+vtsXhDFCeZVmR+3IgBVTUh93R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f78cd55459a644952ed2a453f60650f_JaffaCakes118

Files

2f78cd55459a644952ed2a453f60650f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2cca14e69268a9b84032d4c7872f246a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
RegDeleteValueW
RegSaveKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
CryptAcquireContextW
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
CryptReleaseContext
RegCloseKey
RegQueryValueExW
EqualSid
RegQueryInfoKeyW
CloseServiceHandle
StartServiceW
GetUserNameW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
FreeSid
RegOpenKeyExA

gdi32

SelectObject
CreateFontIndirectW
GetObjectW
GetCurrentObject
DeleteObject

kernel32

HeapAlloc
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
DeleteFileW
GetVersion
HeapFree
GetLastError
GetProcAddress
LoadLibraryW
TlsGetValue
TlsSetValue
IsBadCodePtr
GetModuleHandleW
IsBadWritePtr
WideCharToMultiByte
GetACP
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
ResetEvent
LocalAlloc
LocalFree
CloseHandle
ReleaseMutex
GetCurrentThreadId
MultiByteToWideChar
IsBadStringPtrA
IsBadStringPtrW
DeleteCriticalSection
TlsFree
FreeLibrary
SetEvent
InitializeCriticalSection
CreateMutexW
TlsAlloc
GetProcessHeap
GetTickCount
Sleep
GetComputerNameW
GetCurrentProcessId
IsBadReadPtr
lstrlenW
lstrlenA
FreeLibraryAndExitThread
CreateThread
CreateEventW
lstrcmpiW
GetModuleFileNameW
OutputDebugStringW

rpcrt4

RpcStringFreeW
NdrClientCall2
I_RpcExceptionFilter
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoW

rtutils

TraceDeregisterW
TraceRegisterExW
TraceVprintfExA

shlwapi

ord217
ord346
StrChrW
StrToIntW
ord191
StrCmpIW
StrCmpW
StrCpyNW
StrCmpNW

user32

PostMessageW
DestroyWindow
DefWindowProcW
RegisterClassW
LoadStringW
GetUserObjectInformationW
GetThreadDesktop
GetSystemMetrics
IsWindow
wsprintfA
wsprintfW
SendMessageW
EnableWindow
GetDlgItem
SendDlgItemMessageW
EndDialog
GetClientRect
CheckRadioButton
SetWindowTextW
SetFocus
GetFocus
GetWindowTextW
SetWindowLongW
GetWindowLongW
DialogBoxParamW
GetParent
MessageBeep
SetForegroundWindow
EnumWindows
MessageBoxW
IsWindowEnabled
ShowWindow
GetKeyState
SetWindowPos
CreateWindowExW
KillTimer
SetTimer
GetWindowRect
CloseClipboard
CallWindowProcW
SetClipboardData
GetClipboardData
OpenClipboard
EnumChildWindows
SetDlgItemInt
GetDlgItemInt
WinHelpW
GetActiveWindow

winmm

waveInMessage
waveOutMessage
midiInMessage
midiOutMessage

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 228KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cca14e69268a9b84032d4c7872f246a

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

rpcrt4

rtutils

shlwapi

user32

winmm

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 5KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 8KB

.orpc Size: 228KB - Virtual size: 496KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 5KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 8KB

.orpc
Size: 228KB - Virtual size: 496KB

.rsrc
Size: 9KB - Virtual size: 8KB