352cc7cc0ae74e49062a78b11d798475_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

352cc7cc0ae74e49062a78b11d798475_JaffaCakes118
Size

274KB
MD5

352cc7cc0ae74e49062a78b11d798475
SHA1

8f1d9ff9f27bcc27a6574da5c9961dc1262adb86
SHA256

bf740a761de1085009b57f1ada6dbbe5cfbd3a4e4894573dafe23471d59cdd34
SHA512

5d4be4f5b6a3e818fd517d1e232a891fbb67ca6b0ece012eaf5ca7f652827a21e88290d2f67e8dc2a1388279c56d93214e0c313a86f7661f6a131a379fa595ae
SSDEEP

6144:VOFZG02PTN5JK+Q4f1YTxssfhKovXOiO4ao4Enmyip9R:ZjPB5JrQ0Wxs4Yov+fRUnmyip

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
352cc7cc0ae74e49062a78b11d798475_JaffaCakes118

Files

352cc7cc0ae74e49062a78b11d798475_JaffaCakes118
.exe windows:4 windows x86 arch:x86

89f1c3e87b039cc96afa341eb7ffc9c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitializeSecurity
CoSetProxyBlanket
StringFromGUID2
StringFromIID
CLSIDFromString
CoGetClassObject
CoGetCallContext
CoRegisterClassObject
CoTaskMemRealloc
CoDisconnectObject
CoTaskMemAlloc
CoCreateGuid
CoQueryProxyBlanket
CoUninitialize
StringFromCLSID
CoRevertToSelf
CoCreateInstance
CoTaskMemFree
CoImpersonateClient
CoInitializeEx
CoRevokeClassObject

user32

CharNextA
EnumWindows
IsWindowVisible
PostThreadMessageA
SetTimer
PeekMessageA
MessageBoxA
GetMessageA
wsprintfW
KillTimer
DispatchMessageA
CharUpperA
GetWindowThreadProcessId
GetWindowTextA
LoadStringA
wsprintfA

shlwapi

PathFindExtensionA

oleacc

LresultFromObject
AccessibleObjectFromPoint

kernel32

ReadFile
FindResourceExA
GetProfileStringA
CreateMutexA
VirtualAlloc
SetStdHandle
GetLastError
GetEnvironmentStringsW
GetEnvironmentStrings
lstrcatA
CreateFileMappingA
GetPrivateProfileSectionNamesA
SetUnhandledExceptionFilter
FormatMessageA
IsDBCSLeadByte
RtlUnwind
SetErrorMode
HeapCreate
MultiByteToWideChar
lstrcpynA
HeapFree
FindFirstFileA
GetFileType
InterlockedDecrement
HeapReAlloc
GetSystemDirectoryA
VirtualFree
ReadProcessMemory
CreateProcessW
GetPrivateProfileSectionA
GetProcessTimes
FlushFileBuffers
WriteFile
SetEvent
ExitProcess
CompareStringA
IsBadCodePtr
GetCurrentProcess
GetExitCodeProcess
SetHandleCount
HeapDestroy
GetTickCount
WriteProfileStringA
DuplicateHandle
GetCommandLineA
GetCurrentThreadId
InterlockedIncrement
FreeEnvironmentStringsA
GetStringTypeW
InterlockedExchange
GetFileAttributesA
SetLastError
GetPrivateProfileIntA
DeleteCriticalSection
SetEndOfFile
GetCurrentProcessId
OpenProcess
TlsGetValue
GetCurrentThread
GetProcAddress
lstrlenA
ReleaseMutex
IsBadWritePtr
GetPrivateProfileStringA
GetStdHandle
EnumSystemLanguageGroupsW
GetLocaleInfoA
GetModuleHandleA
InitializeCriticalSection
SetEnvironmentVariableA
WaitForSingleObject
LoadLibraryA
GetVersionExA
lstrlenW
InterlockedCompareExchange
CreateThread
EnterCriticalSection
RaiseException
lstrcpyA
SizeofResource
TlsSetValue
UnhandledExceptionFilter
LocalFree
FreeLibrary
LCMapStringW
LoadLibraryW
GetOEMCP
MapViewOfFile
GetSystemTimeAsFileTime
WritePrivateProfileStringA
LeaveCriticalSection
HeapAlloc
GetModuleFileNameA
LocalSize
GetThreadLocale
GetProcessHeap
GetStartupInfoA
GetSystemInfo
HeapSize
FindClose
LockResource
CreateFileA
LCMapStringA
CreateEventA
ResetWriteWatch
VirtualQuery
GetComputerNameA
GetACP
VirtualProtect
CreateDirectoryA
CreateProcessA
lstrcmpiA
TlsAlloc
UnmapViewOfFile
GetStringTypeA
GetModuleFileNameW
TerminateProcess
Sleep
SetFilePointer
TlsFree
CloseHandle
GetVersion
CompareStringW
LoadLibraryExA
QueryPerformanceCounter
LoadResource
FindResourceA
IsBadReadPtr
WideCharToMultiByte
GetModuleHandleW
FreeEnvironmentStringsW
GetCPInfo
LocalAlloc
TerminateThread
HeapFree

rpcrt4

RpcBindingFromStringBindingA
RpcBindingSetAuthInfoA
NdrClientCall
RpcStringBindingComposeA
RpcStringFreeA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

advapi32

InitializeAcl
GetSecurityDescriptorControl
RegCreateKeyExA
RegEnumKeyA
SetThreadToken
RegSetValueExA
GetUserNameA
GetAce
DeregisterEventSource
InitializeSid
OpenProcessToken
EqualSid
RegQueryInfoKeyA
GetSecurityDescriptorLength
DuplicateToken
CopySid
ControlService
RegConnectRegistryA
QueryServiceStatus
DuplicateTokenEx
RegCloseKey
IsValidSecurityDescriptor
RegQueryValueExW
CreateServiceA
AccessCheck
RegCreateKeyA
AddAccessDeniedAce
DeleteService
AdjustTokenPrivileges
GetSecurityDescriptorGroup
GetAclInformation
LookupAccountSidW
CloseServiceHandle
PrivilegeCheck
SetSecurityDescriptorOwner
AllocateAndInitializeSid
RegQueryValueExA
RegisterEventSourceA
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerA
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
LookupAccountNameA
ChangeServiceConfigA
OpenThreadToken
RegEnumValueA
RegDeleteValueA
SetSecurityDescriptorGroup
GetTokenInformation
OpenServiceA
OpenSCManagerA
ReportEventA
RegEnumKeyExA
RegOpenKeyExA
IsValidSid
RegDeleteKeyA
StartServiceCtrlDispatcherA
SetServiceStatus
MakeAbsoluteSD
FreeSid
AddAce
RegSetKeySecurity
MakeSelfRelativeSD
LookupAccountSidA
GetSecurityDescriptorDacl
GetSidSubAuthority
GetSidLengthRequired
AddAccessAllowedAce
GetSecurityDescriptorSacl
GetLengthSid
GetSecurityDescriptorOwner
LookupPrivilegeValueA
RegOpenKeyExW

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89f1c3e87b039cc96afa341eb7ffc9c3

Headers

File Characteristics

Imports

ole32

user32

shlwapi

oleacc

kernel32

rpcrt4

version

advapi32

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 7KB - Virtual size: 147KB

.data Size: 200KB - Virtual size: 199KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 7KB - Virtual size: 147KB

.data
Size: 200KB - Virtual size: 199KB

.rsrc
Size: 512B - Virtual size: 4KB