39256dbda56b6586b3bb4188dbb719af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39256dbda56b6586b3bb4188dbb719af_JaffaCakes118
Size

873KB
MD5

39256dbda56b6586b3bb4188dbb719af
SHA1

e2816764f59a488c4f4de2f0ef7fdb5609cb5e0e
SHA256

16e005b84f2ae0eddeac9dbd8440c0a5d84997352c26bc6e77a7e45eb533b9d1
SHA512

b80e785b87af95b28fb54b7931c1677990e405cc49fc18d25b7bbdda409d1edc4a0703339cf9c04471f60965750c4ae5bd3c8c3780f9c4841c99c188df36d841
SSDEEP

24576:dcUYnmwcFb9DBnzxWp3ec2SlPrTmOLxcRO7:1qmwibh9zopLlPrTHFJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39256dbda56b6586b3bb4188dbb719af_JaffaCakes118

Files

39256dbda56b6586b3bb4188dbb719af_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6fc4c1887e16ddbd2752e22df8680303

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

olecli32

LeUpdate
MfQueryBounds
ErrSetData
OleCreateFromFile
PbCreate
ObjQuerySize
ErrUpdate
ErrObjectLong
LeActivate
LeRelease
PbCreateFromTemplate
DibSaveToStream
GenEqual
ErrObjectConvert
ErrActivate
OleSavedClientDoc
SetNetName
LeClone
LeClose
LeSetTargetDevice
OleSetData
ObjRename
ErrClose
LeDraw
OleRevertClientDoc
OleSetHostNames
LeSetData
OleExecute
GenDraw
OleCreateFromClip
DefLoadFromStream
GenGetData
ErrSetUpdateOptions
DibGetData
ErrQueryProtocol
LeQueryOutOfDate
ErrCopyFromLink
BmDraw
BmClone
OleQueryCreateFromClip
PbCreateInvisible
OleClone
OleCopyToClipboard
OleQueryType
OleQueryReleaseStatus

ntdll

RtlEnableEarlyCriticalSectionEventCreation
RtlIpv4AddressToStringW
_aullshr
ZwLockRegistryKey
RtlFirstFreeAce
RtlInitializeContext
RtlCutoverTimeToSystemTime
NtQueryMutant
ZwWriteRequestData
ZwEnumerateSystemEnvironmentValuesEx
ZwCreateFile
ZwQueryDirectoryFile
ZwOpenFile
NtConnectPort
RtlSecondsSince1970ToTime
NtInitializeRegistry
NtCreatePort
NtCurrentTeb
ZwCreateProfile
ZwCreateWaitablePort
RtlValidAcl
ZwQueueApcThread
_allshl
RtlVerifyVersionInfo
NtDeleteAtom
NtCreateFile
RtlSetGroupSecurityDescriptor
NtEnumerateKey
RtlExtendedLargeIntegerDivide
RtlCaptureStackBackTrace
ZwReleaseKeyedEvent
NtSaveKeyEx
_vsnprintf
RtlCancelTimer
NtRemoveProcessDebug
ZwExtendSection
NtResumeThread
NtImpersonateClientOfPort
ZwCreateMutant
NtSetEvent
RtlDeleteTimer
RtlUpcaseUnicodeStringToCountedOemString
ZwImpersonateThread
RtlSubAuthorityCountSid
ZwAccessCheckByTypeResultList
_itoa
_CIsin
RtlUnicodeStringToInteger
ZwReplyWaitReplyPort
RtlReleasePebLock
NtAccessCheckByTypeAndAuditAlarm
ZwShutdownSystem
ZwYieldExecution
RtlClearBits
iswalpha
RtlNewSecurityObjectWithMultipleInheritance
RtlSecondsSince1980ToTime
NtWaitLowEventPair
RtlpWaitForCriticalSection
NtSetInformationObject
RtlDeleteSecurityObject
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
LdrSetDllManifestProber
NtNotifyChangeKey
ZwQueryKey
RtlMoveMemory
PfxFindPrefix
CsrCaptureMessageBuffer
RtlSetSecurityObjectEx
ZwOpenEvent
NtWaitForMultipleObjects
ZwLockVirtualMemory
RtlRestoreLastWin32Error
_atoi64
NtSystemDebugControl
DbgUiWaitStateChange
RtlNtStatusToDosError
ZwSetBootEntryOrder
CsrCaptureTimeout
NtWriteVirtualMemory
ZwWaitForDebugEvent
RtlpNtQueryValueKey
RtlLargeIntegerAdd
NtFlushWriteBuffer
RtlAddAuditAccessAceEx
RtlpNtSetValueKey
RtlReleaseResource
towupper
RtlDestroyEnvironment
NtSetUuidSeed
_allmul
sscanf
ZwRemoveProcessDebug
ZwSetLdtEntries
_aulldiv
ZwTerminateThread
NtSetDebugFilterState
ZwSetIntervalProfile
RtlSetUserValueHeap
ZwQuerySystemInformation
ZwQuerySection
ZwMapUserPhysicalPagesScatter
isprint
NtAllocateLocallyUniqueId
RtlCopySid
RtlLocalTimeToSystemTime
RtlReleaseActivationContext
RtlGetCompressionWorkSpaceSize
RtlLengthSid
RtlAddAttributeActionToRXact
strspn
RtlQueryHeapInformation
iswspace
RtlSetBits
ZwQueryObject

kernel32

WriteConsoleOutputAttribute
LoadLibraryA
GetProcAddress
LZRead
GetCurrentProcessId
CompareStringW
GetModuleHandleA
TransactNamedPipe
GetCommConfig
lstrcpynW
SetHandleInformation
GetDriveTypeA
EnumResourceLanguagesW
GetUserGeoID
EnumDateFormatsExW
OpenProfileUserMapping
GetConsoleHardwareState
OpenWaitableTimerW
SetCriticalSectionSpinCount
GetProcessId
GetACP
SetCurrentDirectoryA
EnumSystemCodePagesW
TermsrvAppInstallMode
SetCommConfig
SetSystemTimeAdjustment
SetFileAttributesA
DefineDosDeviceW
EnumDateFormatsExA
VirtualAlloc
GetFileAttributesExW
GetTickCount
IsProcessorFeaturePresent
FindFirstFileA
GetSystemDefaultLCID
CreateDirectoryExW
BaseInitAppcompatCacheSupport
VirtualAllocEx

wmi

OpenTraceA
WmiOpenBlock
WmiSetSingleItemA
WmiExecuteMethodA
WmiFileHandleToInstanceNameA
WmiNotificationRegistrationA
WmiDevInstToInstanceNameW
GetTraceEnableFlags
WmiMofEnumerateResourcesA
WmiFreeBuffer
GetTraceEnableLevel
StartTraceW
OpenTraceW
TraceEventInstance
WmiCloseBlock
WmiFileHandleToInstanceNameW
EnableTrace
WmiMofEnumerateResourcesW
RemoveTraceCallback
RegisterTraceGuidsA
QueryAllTracesA
WmiEnumerateGuids
WmiSetSingleInstanceA
GetTraceLoggerHandle
StartTraceA
WmiQueryAllDataW
ControlTraceA
WmiDevInstToInstanceNameA
WmiSetSingleItemW
QueryAllTracesW
WmiExecuteMethodW
UnregisterTraceGuids
ProcessTrace
CreateTraceInstanceId
WmiQuerySingleInstanceA
WmiQuerySingleInstanceW
RegisterTraceGuidsW
WmiQueryGuidInformation
TraceEvent
SetTraceCallback
CloseTrace

Sections

.text
Size: 541KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 322KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fc4c1887e16ddbd2752e22df8680303

Headers

DLL Characteristics

File Characteristics

Imports

olecli32

ntdll

kernel32

wmi

Sections

.text Size: 541KB - Virtual size: 541KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 322KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 541KB - Virtual size: 541KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 322KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B