38252e7f5acb8e6f9043950209199a26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38252e7f5acb8e6f9043950209199a26_JaffaCakes118
Size

154KB
MD5

38252e7f5acb8e6f9043950209199a26
SHA1

2c804daa2d5be529c03c0d551f6c36ab98f740e8
SHA256

e03b4223741e423f34fdea21d542d26c97fb77031403a80f58e2d21859384c8f
SHA512

eb45400a3e9ec9d184e31f5edbe2e144f77cc0824a8cdbc75bacdb497f63383418e3ee5abd3a8e62fdc2629f9fa4e90cd672b5430c07c8cd22375fbdb4d5c832
SSDEEP

3072:ifa6HngXZBfh7KcTLt2EJyizNmd9qdIRfq1ukNbogKRH2EvJPvfR:ifaSng5muRwyNErRfq1ukNmRH2ExPvfR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38252e7f5acb8e6f9043950209199a26_JaffaCakes118

Files

38252e7f5acb8e6f9043950209199a26_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7b4b0ba1c351b9d343e1e96ccf5d5580

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcat
IsBadReadPtr
SetCriticalSectionSpinCount
UnlockFileEx
LoadLibraryA
ConvertDefaultLocale
HeapLock
ExpandEnvironmentStringsW
LocalFlags
GetConsoleAliasExesA
GetStringTypeExA
CreateDirectoryExW
ProcessIdToSessionId
GetFileAttributesExW
CancelIo
RegisterWaitForSingleObjectEx
DeactivateActCtx
GetEnvironmentStringsA
WriteFileGather
SearchPathW
CreateMutexW
ChangeTimerQueueTimer
FindFirstFileA
EnumUILanguagesA
HeapCompact
LoadResource
OpenProfileUserMapping
LocalReAlloc
SetUserGeoID
GetCommandLineW
SetTermsrvAppInstallMode
DosDateTimeToFileTime
GetCurrencyFormatA
GetNumaProcessorNode
VirtualAlloc
GetNumaAvailableMemoryNode
DeleteFileA
SetComputerNameA
GetExpandedNameA
SetLastError
OpenSemaphoreW
SetEvent
GetCurrentThread
LZOpenFileW
GetComPlusPackageInstallStatus
GlobalAlloc
UnregisterWait
CreateJobSet
FindNextFileA
GetNumaNodeProcessorMask
GetModuleHandleExW
HeapWalk
_lcreat
IsBadWritePtr
GetProfileSectionW
FreeLibrary
HeapUnlock
GetGeoInfoW
FindFirstChangeNotificationW
GetComputerNameA
QueueUserAPC
Toolhelp32ReadProcessMemory
GetHandleContext
GetBinaryType
CreateTapePartition
GetLogicalDriveStringsW
OpenWaitableTimerA
SetFileShortNameW
ResetEvent
CreateActCtxW
EnumCalendarInfoW

advapi32

CryptHashSessionKey
CryptSetKeyParam
ElfDeregisterEventSource
CreateProcessAsUserW
SaferSetPolicyInformation
QueryServiceConfigW
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
WmiQueryAllDataMultipleA
CreatePrivateObjectSecurityEx
BuildExplicitAccessWithNameA
EqualPrefixSid
LsaCreateSecret
BackupEventLogW
RegLoadKeyW
AccessCheckAndAuditAlarmW
CreatePrivateObjectSecurity
GetEffectiveRightsFromAclA
MSChapSrvChangePassword
RegUnLoadKeyA
SetSecurityDescriptorControl
CloseCodeAuthzLevel
WmiQuerySingleInstanceA
CredDeleteA
CredMarshalCredentialW
CredGetTargetInfoA
BuildExplicitAccessWithNameW
ObjectOpenAuditAlarmA
SetEntriesInAccessListA
LsaEnumeratePrivileges
MD4Init
AddAccessDeniedAceEx
ChangeServiceConfigA
WmiQueryGuidInformation
AccessCheckByTypeResultListAndAuditAlarmA
RegConnectRegistryA
FlushTraceA
IsValidAcl
WmiQuerySingleInstanceW
ControlTraceW
CryptGetProvParam
EnumDependentServicesW
RegEnumValueA
SystemFunction006

oleaut32

CreateStdDispatch
VarUI8FromI1
VarCyFromStr
VarR8FromUI1
BSTR_UserUnmarshal
LPSAFEARRAY_UserUnmarshal
VarUI4FromDec
VarUI4FromUI2
VarUI2FromI8
VarBstrFromDec
VarI4FromUI1
VarDateFromUdate
GetAltMonthNames
GetErrorInfo
VarDecFromI2
VarDecNeg
VarBstrFromBool
QueryPathOfRegTypeLib
VarDecFromDate
VarI8FromR4
GetVarConversionLocaleSetting
VarCyMulI4
VarI2FromI4
SafeArrayAllocDescriptor
VarR8Round
SafeArrayLock
VarUI4FromR8
VarI8FromDisp
VarPow
VectorFromBstr
VarR4FromI1
BSTR_UserFree
VarR4FromR8
VarI4FromI1
CreateDispTypeInfo
VarDecAdd
BSTR_UserSize
VarDecFromI1
LPSAFEARRAY_Marshal
VarUI4FromUI1
VarUI4FromI1

duser

GetStdColorPenF
DUserDeleteGadget
DUserCastClass
PeekMessageExW
GetGadgetFocus
IsInsideContext
DUserGetGutsData
UnregisterGadgetMessageString
GetGadgetStyle
DUserRegisterSuper
UnregisterGadgetProperty
SetGadgetOrder
RegisterGadgetProperty
InitGadgets
SetGadgetStyle
DUserSendMethod
GetStdColorI
GetStdColorF
GetGadgetCenterPoint
ForwardGadgetMessage
DUserFindClass
CreateGadget
CreateAction
PeekMessageExA
GetGadgetSize
GetMessageExA
GetMessageExW
GetGadget
SetActionTimeslice

rasman

RasDeviceConnect
RasStartRasAutoIfRequired
RasGetDialParams
RasRpcDisconnect
RasRpcDeleteEntry
RasInitialize
RasEnumLanNets
RasPortEnumProtocols
RasFreeBuffer
RasRpcPortGetInfo
RasDeviceEnum
RasCompressionGetInfo
RasGetCalledIdInfo
RasSecurityDialogGetInfo
RasSetKey
RasPortClearStatistics
RasRegisterPnPHandler
RasPortReceiveEx
RasGetDeviceName
RasPortRetrieveUserData
RasRpcPortEnum
RasGetConnectInfo
RasReferenceCustomCount
RasRpcGetUserPreferences
IsRasmanProcess

ir50_qcx

CompressFramesInfo
CompressQuery
AllocInstanceData
SetScalability
DllMain
CompressBegin
CompressEnd
FreeInstanceData
Compress
SetCPUID

Sections

.text
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b4b0ba1c351b9d343e1e96ccf5d5580

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

oleaut32

duser

rasman

ir50_qcx

Sections

.text Size: 58KB - Virtual size: 60KB

.rdata Size: 62KB - Virtual size: 64KB

.data Size: 512B - Virtual size: 192KB

.rsrc Size: 35KB - Virtual size: 36KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 58KB - Virtual size: 60KB

.rdata
Size: 62KB - Virtual size: 64KB

.data
Size: 512B - Virtual size: 192KB

.rsrc
Size: 35KB - Virtual size: 36KB

.reloc
Size: 1024B - Virtual size: 4KB