36c247b4532d4f4e9a505f0019d39f22_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

36c247b4532d4f4e9a505f0019d39f22_JaffaCakes118
Size

61KB
MD5

36c247b4532d4f4e9a505f0019d39f22
SHA1

fa42f6b1c9ea19ffe4b5b32fe6d441aba62efc5c
SHA256

ee8724c36b9ac68f61efa972850f66fb7db6cf29e7d4bea93b14a1f86f463b86
SHA512

022711f76a328cac9e834cb66ed0a809f42ba8e9a0ffe209c08bc439b86db9e6268b3f4a64c55aec499704f22bbc6700f71f009e00b3611bfdfa7c4db26f56b1
SSDEEP

768:ORVcg4gnL5aYV1LFAe+eYiaZeFHJBsdHKl1H9xllMGCa2SmJk1H9xllMGCy9+Vog:2cgnL5ac17ld57sdHKl1T23Jk1qooOG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36c247b4532d4f4e9a505f0019d39f22_JaffaCakes118

Files

36c247b4532d4f4e9a505f0019d39f22_JaffaCakes118
.exe windows:5 windows x86 arch:x86

990b860e2e0387137b2cef5724e5a054

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

RDPClip.pdb

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
wcslen
wcschr
wcscmp
strchr
_XcptFilter
_exit
_c_exit
rand
malloc
realloc
free
_except_handler3
_resetstkoflw
strrchr
wcsrchr
_strnicmp
_wcsnicmp
??2@YAPAXI@Z
wcsncpy
wcscpy
??3@YAXPAX@Z

advapi32

RegCreateKeyExA
IsValidSid
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
RegQueryValueExA
RegSetValueExA

kernel32

GetDiskFreeSpaceA
GetStartupInfoA
GetModuleHandleA
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
DeviceIoControl
HeapFree
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrlenA
lstrlenW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapAlloc
GetProcessHeap
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
WaitForSingleObject
CloseHandle
UnmapViewOfFile
GetLocalTime
GetProcAddress
GetModuleHandleW
InterlockedExchange
GetCurrentThreadId
GetCurrentProcessId
MapViewOfFile
CreateFileMappingW
LocalAlloc
GetLastError
GetCurrentProcess
ReleaseMutex
SetLastError
LocalFree
CreateMutexW
LoadLibraryExA
SetEvent
ResetEvent
InterlockedIncrement
GlobalFree
GlobalUnlock
GlobalLock
CreateDirectoryW
DeleteFileW
GetTempFileNameW
WideCharToMultiByte
GlobalAlloc
InterlockedDecrement
MultiByteToWideChar
WaitForMultipleObjects
GlobalSize
CreateThread
CreateEventW
ProcessIdToSessionId
GetOverlappedResult
WriteFile
ExitThread
ReadFile
GetTickCount
CancelIo
PulseEvent
OpenEventW
WaitForMultipleObjectsEx
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter

gdi32

DeleteMetaFile
DeleteObject
GetObjectW
GetPaletteEntries
CreatePalette
SetMetaFileBitsEx
CreateMetaFileW
PlayMetaFile
CloseMetaFile
GetMetaFileBitsEx
GetStockObject

user32

PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
CloseClipboard
EmptyClipboard
OpenClipboard
GetClipboardOwner
GetClipboardFormatNameW
EnumClipboardFormats
CountClipboardFormats
RegisterClipboardFormatW
GetClipboardViewer
DefWindowProcW
SetClipboardViewer
PostQuitMessage
DestroyWindow
ChangeClipboardChain
UnregisterClassW
RegisterWindowMessageW
CreateWindowExW
RegisterClassW
GetClipboardData
SendMessageW

shell32

SHFileOperationA
SHFileOperationW

winsta

WinStationQueryInformationW
WinStationVirtualOpen

wsock32

socket
WSAGetLastError
WSAStartup
WSACleanup
closesocket
getsockopt
ioctlsocket
sendto

ws2_32

WSACloseEvent
WSACreateEvent
WSAGetOverlappedResult
WSARecvFrom

msacm32

acmDriverOpen
acmStreamSize
acmStreamPrepareHeader
acmDriverClose
acmStreamClose
acmFormatSuggest
acmStreamOpen
acmFormatTagDetailsW
acmDriverEnum
acmStreamUnprepareHeader
acmStreamConvert

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

ole32

OleIsCurrentClipboard
CoGetMalloc
OleSetClipboard
OleInitialize

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

990b860e2e0387137b2cef5724e5a054

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

shell32

winsta

wsock32

ws2_32

msacm32

wtsapi32

ole32

Sections

.text Size: 56KB - Virtual size: 55KB

.data Size: 3KB - Virtual size: 72KB

.rsrc Size: 1024B - Virtual size: 1000B

.text
Size: 56KB - Virtual size: 55KB

.data
Size: 3KB - Virtual size: 72KB

.rsrc
Size: 1024B - Virtual size: 1000B