3f041d0879df5f0a9011c247388462ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f041d0879df5f0a9011c247388462ca_JaffaCakes118
Size

380KB
MD5

3f041d0879df5f0a9011c247388462ca
SHA1

9b879c2066061aba1cf2c1e9ec407780bef8ea75
SHA256

c936bcda2930341557ffff92fd68f0250903f2394d8ea7a0cdc265494d40a046
SHA512

612485485530d916d21b4cd167336802a446ae25c82310c6afc7fba880202c365ab307367b0848bbaf7ae0555d57d2c3e9e733568d3f075106948dd7f6ec396d
SSDEEP

6144:00JVN9Q7kRwSrJWrtEiOLAORtX2YX5LyvnMqqm1Qz376aBnj9:00JV/Q767lGEi+AORtmhnMqfi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f041d0879df5f0a9011c247388462ca_JaffaCakes118

Files

3f041d0879df5f0a9011c247388462ca_JaffaCakes118
.exe windows:6 windows x64 arch:x64

7dad21dfe390563a0d952e9f9e118b59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

InputPersonalization.pdb

Imports

kernel32

GetSystemTime
SystemTimeToFileTime
GetStringTypeW
CancelIo
GetOverlappedResult
ReadFile
WaitNamedPipeW
GetFileInformationByHandle
CreateFileMappingW
GetTempPathW
MoveFileExW
UnmapViewOfFile
MapViewOfFile
CreateDirectoryW
GetFileAttributesW
CompareFileTime
FindNextFileW
FindClose
FindFirstFileW
SetFileAttributesW
DeleteFileW
RegEnumValueW
SetThreadPriority
CreateFileW
WriteFile
RegDeleteKeyExW
WaitForMultipleObjects
RegQueryValueExW
RegGetValueW
RegNotifyChangeKeyValue
SetLastError
FlushInstructionCache
InitializeCriticalSectionAndSpinCount
LCMapStringW
LockResource
FormatMessageA
DelayLoadFailureHook
LoadLibraryExA
ExpandEnvironmentStringsW
CreateThread
CloseHandle
ReleaseMutex
GetCurrentThreadId
DeleteCriticalSection
HeapSetInformation
lstrcmpiW
CreateEventW
GetProcAddress
GetLastError
RaiseException
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
GetVersionExW
SizeofResource
Sleep
LoadLibraryW
InitializeCriticalSection
GetCurrentThread
GetModuleHandleW
SetEvent
WaitForSingleObject
GetCurrentProcess
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
SetPriorityClass
CreateMutexW
GetTempFileNameW
GetCommandLineW

user32

OffsetRect
IsRectEmpty
GetKeyboardLayoutList
DestroyWindow
PostQuitMessage
PeekMessageW
LoadCursorW
GetWindowLongPtrW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
UnregisterPowerSettingNotification
CharNextW
TranslateMessage
CharUpperW
GetSystemMetrics
PostThreadMessageW
DispatchMessageW
PostMessageW
RegisterPowerSettingNotification
SetWindowLongPtrW
SendMessageW
CallWindowProcW
DefWindowProcW
UnregisterClassA
GetMessageW
MsgWaitForMultipleObjects

msvcrt

_commode
__setusermatherr
_amsg_exit
_initterm
?terminate@@YAXXZ
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
__C_specific_handler
memset
_callnewh
wcscpy_s
wcscat_s
_fmode
_purecall
_resetstkoflw
malloc
calloc
free
wcsncpy_s
_wcsicmp
memmove_s
_unlock
__dllonexit
_lock
_onexit
realloc
_errno
??1type_info@@UEAA@XZ
memcmp
memcpy_s
__set_app_type
_CxxThrowException
__CxxFrameHandler3
___lc_codepage_func
___lc_handle_func
setlocale
__uncaught_exception
__crtLCMapStringA
__pctype_func
isupper
memcpy
islower
abort
_wcmdln
swprintf_s
_vsnwprintf
wcstoul
_wtoi
wcstol
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
_itow
wcschr
_itow_s
_ui64tow_s
_i64tow_s
_wcstoi64
_wtoi64
wcspbrk
_wcsnicmp
_wfopen
fread
_wstat64
fclose
wcsrchr
iswspace
sprintf_s
memchr
localeconv
strcspn

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetSystemTimeAsFileTime
GetTickCount

imm32

ImmDisableTextFrameService
ImmDisableIME

ole32

CoInitializeSecurity
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
StringFromGUID2
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoInitialize
CoRegisterClassObject
CLSIDFromString
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
StringFromCLSID

oleaut32

SafeArrayDestroy
SafeArrayCreateVector
VarBstrCat
VarBstrFromI8
VarBstrCmp
SafeArrayUnaccessData
SafeArrayAccessData
SysStringByteLen
VariantInit
SysAllocStringByteLen
VariantClear
SysAllocStringLen
SysFreeString
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString

shlwapi

PathAppendW
PathAddBackslashW
PathStripPathW
SHCreateStreamOnFileW

rpcrt4

UuidCreateSequential
UuidHash

xmllite

CreateXmlReader

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

Sections

.text
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dad21dfe390563a0d952e9f9e118b59

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

ntdll

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

imm32

ole32

oleaut32

shlwapi

rpcrt4

xmllite

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-memory-l1-1-0

Sections

.text Size: 295KB - Virtual size: 294KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 57KB - Virtual size: 56KB

�� Size: 2KB - Virtual size: 2KB

.text
Size: 295KB - Virtual size: 294KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 57KB - Virtual size: 56KB

��
Size: 2KB - Virtual size: 2KB