33158e05bf2f90b3d2abab56e93cb823_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33158e05bf2f90b3d2abab56e93cb823_JaffaCakes118
Size

69KB
MD5

33158e05bf2f90b3d2abab56e93cb823
SHA1

0b865aaa6a2768cc6971d6a64c9f8c0b8b77add2
SHA256

628fd48dd3e6f3a00f8c69f9e45d0360082200faba10b0c224af3d3aafcb8ff0
SHA512

96e907aa0a9ccfa92a241a88d7d0d15006cdea2b8a6678898f82eeceff673aef2f3892cd7f8825f7157ed02671dab8bc974f1281889502cd17d97abd455a6ccb
SSDEEP

1536:DGF+YDehBL+0bW5QIiL7Qsxslj/YOPZVrABMx1snEs1q+9nj:DC+YDcBFltOlUOBVrABMbsEsY+9nj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33158e05bf2f90b3d2abab56e93cb823_JaffaCakes118

Files

33158e05bf2f90b3d2abab56e93cb823_JaffaCakes118
.exe windows:4 windows x86 arch:x86

478722db7959dab597d4840fab93410c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateProcessAsUserA
ObjectPrivilegeAuditAlarmA
CryptImportKey
LookupPrivilegeDisplayNameA
SetNamedSecurityInfoA
CryptDeriveKey
AddAuditAccessAce
BuildTrusteeWithSidA
SetNamedSecurityInfoExA
RegQueryValueW
RegSetValueA
RegNotifyChangeKeyValue
ObjectDeleteAuditAlarmA
BackupEventLogA
SetEntriesInAccessListW
GetSecurityDescriptorGroup
GetMultipleTrusteeOperationW
RegReplaceKeyW
CryptEnumProvidersA
SetPrivateObjectSecurity
AccessCheckAndAuditAlarmW
GetAuditedPermissionsFromAclW
RegEnumValueW
RegCreateKeyExW
QueryServiceConfigW
QueryServiceStatus
GetCurrentHwProfileW
RegGetKeySecurity
GetSecurityInfo
RegQueryValueExA
IsValidAcl
NotifyChangeEventLog
AddAccessDeniedAce
EqualSid
CryptEnumProviderTypesW
DeregisterEventSource
OpenEventLogW

kernel32

GetPrivateProfileIntW
ExpandEnvironmentStringsW
SetComputerNameW
IsBadCodePtr
SetConsoleActiveScreenBuffer
WaitForMultipleObjectsEx
OpenFileMappingA
VirtualQueryEx
GlobalAlloc
SetCalendarInfoA
IsSystemResumeAutomatic
GlobalFindAtomW
GetCalendarInfoA
EnumDateFormatsExW
GetDefaultCommConfigW
GetCommConfig
SetThreadContext
ReadConsoleOutputA
IsBadHugeReadPtr
PostQueuedCompletionStatus
GetLargestConsoleWindowSize
GetPriorityClass
EnumCalendarInfoA
SetComputerNameA
CompareStringA
GetAtomNameA
FormatMessageW
TlsSetValue
CancelIo
LocalFileTimeToFileTime
GetFileInformationByHandle
SetConsoleTextAttribute
WaitForSingleObject
VirtualAlloc
WideCharToMultiByte
WriteFileGather
FlushConsoleInputBuffer
GetWindowsDirectoryW
ReadFileScatter
GetDiskFreeSpaceW
lstrcpyn
LockFile
GetCurrentDirectoryA
IsBadStringPtrA
GetTimeZoneInformation
OutputDebugStringA
GetSystemInfo
SetTapePosition
GetDiskFreeSpaceExW
GetModuleFileNameW
ReleaseSemaphore
EnumSystemCodePagesW
CopyFileExA
FatalAppExitW
ReadDirectoryChangesW
GetTempFileNameA
SetCommMask
Heap32First
VirtualProtect
MulDiv

ole32

StgOpenStorageEx
CoMarshalInterThreadInterfaceInStream
StgOpenStorage
CreateGenericComposite
CoIsHandlerConnected
CreateAntiMoniker
IsEqualGUID
MkParseDisplayName
ReadClassStg
WriteOleStg
OleQueryCreateFromData
CoIsOle1Class
CoUnloadingWOW
CoAddRefServerProcess
CoInitializeEx
CoQueryReleaseObject
MonikerRelativePathTo
CoDisconnectObject
CoMarshalHresult
PropVariantCopy
OleDuplicateData
OleTranslateAccelerator
ReadFmtUserTypeStg
OleCreateEx
CoFreeLibrary
CoBuildVersion
UtGetDvtd32Info
SetConvertStg
CreateDataAdviseHolder
CoGetInstanceFromIStorage
CreateObjrefMoniker
CoGetMalloc
CoGetCurrentProcess

shlwapi

StrCmpNIW
SHOpenRegStreamA
PathIsDirectoryA
StrTrimW
SHGetThreadRef
StrFormatByteSize64A
StrIsIntlEqualA
PathIsUNCServerShareW
StrPBrkA
SHOpenRegStream2A
PathRemoveArgsA
PathIsRelativeA
SHStrDupA
SHOpenRegStreamW
StrChrIA
SHCreateShellPalette
PathUnmakeSystemFolderA
IntlStrEqWorkerW
PathBuildRootW
StrRChrA
StrRetToBufW
PathIsUNCServerW
PathSearchAndQualifyW
StrRChrIW
PathRemoveBackslashW
PathFindNextComponentA
PathCompactPathExA
StrSpnA
PathIsContentTypeW
UrlGetLocationA
SHRegQueryInfoUSKeyW
PathRemoveArgsW
SHCreateStreamOnFileA
AssocQueryStringA

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

478722db7959dab597d4840fab93410c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

shlwapi

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: - Virtual size: 16KB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: - Virtual size: 16KB