3f3da17553873bb09a5b1b193a91f517_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3f3da17553873bb09a5b1b193a91f517_JaffaCakes118
Size

241KB
MD5

3f3da17553873bb09a5b1b193a91f517
SHA1

8ec4addf696b4109f36787985922aea4eda17eef
SHA256

6a256787667b39ea5741290a8021cecc90838ba750cceb6d9c827bb8b24699d4
SHA512

17261ba629f0ab70536323d1436caa95b38857ab81af9e15fdfe0e9ffb035ead6b14e2838f304dffbf3ab82ee48a998caa8c27b9576cd13fa7a662aa0d59a70c
SSDEEP

3072:H91Bmv0RPoOSOfIYw+fTYzRR3kWOvrxyM9IFzEb9QqGcXq3wVdes1Lyv4NMQ9obo:Zmv4rAYxLY99kNVyqVbNVdes1LquvGbo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f3da17553873bb09a5b1b193a91f517_JaffaCakes118

Files

3f3da17553873bb09a5b1b193a91f517_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a7c6e15714f08d82424b4ee25d042092

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsnicmp
wcschr
_wcsicmp
wcscpy
_wcsupr
wcslen
wcspbrk
memmove
wcstoul
_snwprintf
wcsrchr
??3@YAXPAX@Z
_itow
_ultow
wcscat
qsort
_wcslwr
wcsspn
towlower
_vsnwprintf
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
_except_handler3
__CxxFrameHandler
??2@YAPAXI@Z
wcsstr
wcsncpy

msvcp60

?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIIG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPAGII@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z

advapi32

RegCreateKeyExW
RegDeleteValueW
EqualSid
RegConnectRegistryW
RegDeleteKeyW
GetOldestEventLogRecord
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
IsValidSid
ClearEventLogW
ReadEventLogW
OpenBackupEventLogA
OpenEventLogW
GetNumberOfEventLogRecords
CloseEventLog
BackupEventLogW
ConvertStringSidToSidW
LookupAccountSidW
GetLengthSid
RegQueryValueExW

kernel32

GetLocalTime
GetTimeZoneInformation
GetProcessHeap
HeapAlloc
HeapFree
GetWindowsDirectoryW
WideCharToMultiByte
DisableThreadLibraryCalls
IsBadReadPtr
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetLocaleInfoW
IsBadStringPtrW
LocalAlloc
GlobalAlloc
GlobalLock
CloseHandle
GlobalFree
LoadLibraryA
lstrcpynW
GetSystemWindowsDirectoryW
FileTimeToSystemTime
lstrcatW
GetTimeFormatW
GetDateFormatW
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetDriveTypeW
SetUnhandledExceptionFilter
CreateThread
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetUserDefaultLCID
GlobalUnlock
GetComputerNameW
GetCommandLineW
DeleteFileW
GetFileAttributesExW
WriteFile
GetFileSize
DeleteCriticalSection
InterlockedIncrement
MultiByteToWideChar
GetLastError
InterlockedDecrement
LocalFree
GetModuleHandleA
GetModuleHandleW
GetProcAddress
lstrcmpiW
lstrcmpW
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
FreeLibrary
FormatMessageW
ExpandEnvironmentStringsW
lstrcpyW
lstrlenW
CreateFileW

user32

EnableWindow
CloseClipboard
SetClipboardData
IsDlgButtonChecked
EmptyClipboard
OpenClipboard
ShowWindow
SetDlgItemTextW
SetFocus
ReleaseDC
GetDC
SetWindowPos
CheckRadioButton
PostMessageW
DestroyWindow
GetWindowLongW
CreateDialogParamW
DialogBoxParamW
EndDialog
GetClientRect
CharLowerBuffW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
GetWindow
IsCharAlphaW
GetWindowTextLengthW
SetDlgItemInt
GetDlgItemInt
LoadStringW
RegisterClassW
CreateWindowExW
DefWindowProcW
WinHelpW
FindWindowExW
EnumThreadWindows
IsWindowEnabled
SetWindowLongW
GetDlgItem
RegisterClipboardFormatW
wsprintfW
GetSystemMetrics
LoadCursorW
SetCursor
GetParent
GetDlgItemTextW
SendMessageW
LoadBitmapW
LoadImageW
LoadIconW
GetSysColor
MessageBoxW
SetForegroundWindow
DestroyIcon
GetWindowTextW
CheckDlgButton
SetWindowTextW
GetWindowRect
GetClassNameW

gdi32

CreateFontIndirectW
GetMapMode
SetMapMode
GetTextMetricsW
DeleteObject
GetObjectW

ole32

CoUninitialize
IIDFromString
CoInitialize
CreateStreamOnHGlobal
RegisterDragDrop
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance
CoGetInterfaceAndReleaseStream

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrDllGetClassObject
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs

shlwapi

PathCombineW
wnsprintfW
PathRemoveBlanksW

shell32

ShellExecuteW
CommandLineToArgvW

ntdsapi

DsFreeSchemaGuidMapW
DsCrackNamesW
DsMapSchemaGuidsW
DsFreeNameResultW
DsBindW
DsUnBindW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

activeds

ord9
ord20
ord15

mpr

WNetGetUniversalNameW

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aquw
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AUAA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AUAF
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AEAF
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DEAF
Size: 101KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7c6e15714f08d82424b4ee25d042092

Headers

File Characteristics

Imports

msvcrt

msvcp60

advapi32

kernel32

user32

gdi32

ole32

rpcrt4

shlwapi

shell32

ntdsapi

version

activeds

mpr

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 9KB - Virtual size: 12KB

.data Size: 2KB - Virtual size: 4KB

.aquw Size: 101KB - Virtual size: 104KB

.AUAA Size: 512B - Virtual size: 4KB

.AUAF Size: 512B - Virtual size: 4KB

.AEAF Size: 512B - Virtual size: 4KB

.DEAF Size: 101KB - Virtual size: 388KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 9KB - Virtual size: 12KB

.data
Size: 2KB - Virtual size: 4KB

.aquw
Size: 101KB - Virtual size: 104KB

.AUAA
Size: 512B - Virtual size: 4KB

.AUAF
Size: 512B - Virtual size: 4KB

.AEAF
Size: 512B - Virtual size: 4KB

.DEAF
Size: 101KB - Virtual size: 388KB

.rsrc
Size: 16KB - Virtual size: 16KB