33159bea24c7217d7ec7913097cd3ef0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33159bea24c7217d7ec7913097cd3ef0_JaffaCakes118
Size

168KB
MD5

33159bea24c7217d7ec7913097cd3ef0
SHA1

8cdd2925f5e2f86e91b0c703e6f59aee912eb682
SHA256

6fcc1ef51fb715f714c40cbbc82024ae6724e0589bbf1cc15f23108cc81f67a7
SHA512

bef15625b97a2e86371dadb096134f93fe707243dbf88805ac3bb746589741c809844c0d70be2b4721068bbe3c3e080c960176ee41e01038819ae72c323beda7
SSDEEP

3072:Oa5qivvGpGMmVYbOePnpGYxDIncKe6fggdvE4izZrpk87:35qiTVYbOePnBIchKggdvEZdq87

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33159bea24c7217d7ec7913097cd3ef0_JaffaCakes118

Files

33159bea24c7217d7ec7913097cd3ef0_JaffaCakes118
.exe windows:3 windows x86 arch:x86

3eaf9a256ac50cf9a0f0e61046af60fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

MapGenericMask
RegOpenKeyExW
LsaOpenPolicy
GetTraceEnableLevel
RegEnumKeyExW
RegisterEventSourceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaNtStatusToWinError
RegDeleteValueW
AccessCheck
GetTraceLoggerHandle
ReportEventW
RegQueryValueExW
GetTokenInformation
RegCloseKey
LookupPrivilegeValueW
LsaClose
LsaStorePrivateData
AdjustTokenPrivileges
UnregisterTraceGuids
RegisterTraceGuidsW
OpenThreadToken
RevertToSelf
RegQueryInfoKeyW
RegSetValueExW
OpenProcessToken
RegDeleteKeyW
TraceMessage
SetThreadToken
GetTraceEnableFlags
RegCreateKeyExW

kernel32

DeleteTimerQueueEx
GetFileTime
RtlCaptureStackBackTrace
InterlockedIncrement
GetLocaleInfoA
DnsHostnameToComputerNameA
GetProfileSectionA
FormatMessageW
FindFirstFileW
GetLastError
GetThreadLocale
HeapFree
RequestWakeupLatency
LCMapStringA
InterlockedDecrement
WriteConsoleA
GetVersionExW
QueueUserWorkItem
RegisterWaitForInputIdle
VDMOperationStarted
UnregisterWaitEx
EnumCalendarInfoA
OutputDebugStringW
EnterCriticalSection
RaiseException
SetErrorMode
ClearCommBreak
GetCurrentProcessId
GlobalUnlock
TlsAlloc
IsBadReadPtr
GlobalAlloc
CallNamedPipeW
lstrcpyW
ConvertDefaultLocale
CreateEventW
CreateTimerQueueTimer
GetFileType
GetEnvironmentStringsW
InterlockedCompareExchange
FreeEnvironmentStringsA
GetTickCount
IsBadWritePtr
SetFilePointerEx
ResetEvent
GetCommandLineA
DeleteFileW
HeapCreate
ReadConsoleOutputCharacterA
GetStringTypeW
ReleaseSemaphore
CreateDirectoryW
GetLocaleInfoW
SetClientTimeZoneInformation
CreateFileW
GetCurrentProcess
DebugBreak
SetUnhandledExceptionFilter
GetWindowsDirectoryW
GetCommandLineW
ConvertThreadToFiber
lstrcmpiW
FlushFileBuffers
lstrlenW
WinExec
EnumResourceLanguagesA
lstrcatW
MapViewOfFileEx
MultiByteToWideChar
GetStdHandle
ExitProcess
EnumDateFormatsA
WaitForMultipleObjects
RtlZeroMemory
ReadFile
UnmapViewOfFile
SetFilePointer
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryDepthSList
WaitForSingleObject
LCMapStringW
MapViewOfFile
FindResourceW
MoveFileExW
ClearCommError
FoldStringA
SetHandleInformation
SizeofResource
AllocConsole
IsValidCodePage
lstrlenA
BuildCommDCBA
TlsSetValue
FindVolumeMountPointClose
FreeEnvironmentStringsW
FindResourceExA
IsDebuggerPresent
GetUserDefaultLCID
QueryPerformanceCounter
Sleep
HeapSize
CreateFileMappingA
IsValidLocale
GetStringTypeA
WriteConsoleInputW
FindNextFileW
LoadResource
HeapAlloc
EnumResourceLanguagesW
CreateSemaphoreW
WritePrivateProfileStructW
VirtualQuery
RestoreLastError
RegisterWowExec
ResetWriteWatch
lstrcpynW
InitializeCriticalSectionAndSpinCount
SetEndOfFile
RtlCaptureStackBackTrace
GetOEMCP
LocalAlloc
GetACP
EnumSystemLocalesA
GetStartupInfoA
CopyFileW
WideCharToMultiByte
HeapDestroy
VirtualFree
IsBadCodePtr
CloseHandle
OutputDebugStringA
GetPrivateProfileIntW
VirtualAlloc
DeleteCriticalSection
CreateTimerQueue
DeleteTimerQueueTimer
ExitProcess
SetEvent
GetThreadContext
FreeLibrary
LocalFree
GetCPInfo
GetVersionExA
lstrcmpA
GetVersion
WideCharToMultiByte
GetSystemInfo
DeleteTimerQueueTimer
TerminateProcess
RtlUnwind
HeapSetInformation
HeapReAlloc
GetOverlappedResult
InterlockedExchange
RegisterWaitForSingleObject
CompareFileTime
FindNextFileW
GetStartupInfoW
SetLastError
ReleaseSemaphore
GetCurrentThread
FlushConsoleInputBuffer
SetStdHandle
GetStdHandle
HeapFree
GetEnvironmentStringsW
lstrcpyn
FindFirstFileW
OutputDebugStringA
LeaveCriticalSection
SetHandleCount

user32

DispatchMessageW
LoadStringW
PostThreadMessageW
GetMessageW
CharNextW
TranslateMessage

oleaut32

SysAllocString
RegisterTypeLi
VarUI4FromStr
SysAllocStringLen
VariantCopy
LoadTypeLi
GetErrorInfo
VariantInit
UnRegisterTypeLi
SysFreeString
SetErrorInfo
VariantClear

ole32

CoCreateInstance
IIDFromString
CoRevertToSelf
CoTaskMemFree
CoImpersonateClient
CoGetObjectContext
CoRegisterClassObject
CoTaskMemAlloc
CoResumeClassObjects
CreateStreamOnHGlobal
CoUninitialize
CoRevokeClassObject
CoSuspendClassObjects
CoInitializeEx
StringFromGUID2
CoTaskMemRealloc
CoCreateGuid

winspool.drv

WritePrinter
SeekPrinter
AddPrinterW
StartPagePrinter
DocumentPropertiesW
AddPrinterDriverExW
OpenPrinterW
ReadPrinter
XcvDataW
GetPrintProcessorDirectoryW
StartDocPrinterW
GetPrinterDataW
SetJobW
AddPrintProcessorW
EndDocPrinter
GetPrinterDriverDirectoryW
ClosePrinter
EndPagePrinter

ntdll

_snprintf
sprintf
memcmp
memset
strcpy
_snwprintf

psapi

GetModuleInformation
EnumProcessModules
GetModuleFileNameExW

setupapi

SetupCopyOEMInfW

msls31

LsFindNextBreakSubline
LsDestroySubline
LsSetDoc
LsdnFinishDelete
LsdnFinishDeleteAll
LsDestroyLine
LsFetchAppendToCurrentSubline
LsQueryLineCpPpoint
LsdnResolvePrevTab
LsdnGetFormatDepth
LsdnGetCurTabInfo
LsCreateLine
LsQueryPointPcpSubline
LsFetchAppendToCurrentSublineResume

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.W
Size: 2KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.IOhMr
Size: 3KB - Virtual size: 18KB

IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PakyAz
Size: 3KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RH
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sL
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VFweN
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tHw
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3eaf9a256ac50cf9a0f0e61046af60fa

Headers

File Characteristics

Imports

advapi32

kernel32

user32

oleaut32

ole32

winspool.drv

ntdll

psapi

setupapi

msls31

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 7KB

.W Size: 2KB - Virtual size: 34KB

.IOhMr Size: 3KB - Virtual size: 18KB

.data Size: 7KB - Virtual size: 23KB

.PakyAz Size: 3KB - Virtual size: 35KB

.RH Size: 2KB - Virtual size: 28KB

.sL Size: 2KB - Virtual size: 11KB

.VFweN Size: 2KB - Virtual size: 16KB

.tHw Size: 1KB - Virtual size: 11KB

.rsrc Size: 118KB - Virtual size: 117KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 7KB

.W
Size: 2KB - Virtual size: 34KB

.IOhMr
Size: 3KB - Virtual size: 18KB

.data
Size: 7KB - Virtual size: 23KB

.PakyAz
Size: 3KB - Virtual size: 35KB

.RH
Size: 2KB - Virtual size: 28KB

.sL
Size: 2KB - Virtual size: 11KB

.VFweN
Size: 2KB - Virtual size: 16KB

.tHw
Size: 1KB - Virtual size: 11KB

.rsrc
Size: 118KB - Virtual size: 117KB