3bcace442eafa3a53c5b4cda62d90fb6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bcace442eafa3a53c5b4cda62d90fb6_JaffaCakes118
Size

316KB
MD5

3bcace442eafa3a53c5b4cda62d90fb6
SHA1

0728bb7724060993071bb6e70eae87a644f43ffc
SHA256

f76b6612bd04363e5a30725a7cc62b4b45eee0956509e88eca7805162cde9f52
SHA512

d1b2a63181c752fd71f3fe588d349ae9f2fb66d1efad0a5bdce448e449b88504b4c9de1dd2840f40f89f1d422ee14e71cedcee302e53428d64ff4fe9ec06b0cd
SSDEEP

6144:0XrvBQi3uDIAvvk1bUuedPbcCt12vt9+x8krPsTrd:0XrvBQEkIAU1biQCt12vvpoi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bcace442eafa3a53c5b4cda62d90fb6_JaffaCakes118

Files

3bcace442eafa3a53c5b4cda62d90fb6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ac6684bb587c63ddc6811bfb475223e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Build\onlinetech\Build\Release\GameConsoleService.pdb

Imports

kernel32

WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
Process32NextW
OpenProcess
SetErrorMode
GetCommandLineW
Sleep
lstrcatW
LoadLibraryA
lstrlenA
GetCurrentProcessId
GetCurrentDirectoryW
DuplicateHandle
GetFullPathNameW
SetEndOfFile
GetLocaleInfoW
CreateFileW
FlushFileBuffers
SetStdHandle
GetOEMCP
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
CreateProcessW
QueryPerformanceCounter
TerminateProcess
SetLastError
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
RaiseException
GetModuleHandleW
lstrcpyW
LoadLibraryExW
MultiByteToWideChar
lstrcpynW
lstrcmpiW
LoadResource
SizeofResource
FindResourceW
GetModuleFileNameA
FreeLibrary
ResumeThread
GetTickCount
GetProcAddress
GetCurrentProcess
lstrlenW
WideCharToMultiByte
OutputDebugStringW
CreateThread
InterlockedExchange
SetEvent
LeaveCriticalSection
EnterCriticalSection
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeProcess
WaitForSingleObject
CloseHandle
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
IsBadWritePtr
VirtualFree
HeapCreate
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
RtlUnwind
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetProcessHeap
GetLastError
GetThreadLocale
GetVersionExW
GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA

user32

CharNextW
GetProcessWindowStation
GetThreadDesktop
MessageBoxW
DispatchMessageW
EnumWindowStationsW
OpenWindowStationW
SetProcessWindowStation
EnumDesktopsW
CloseWindowStation
OpenDesktopW
SetThreadDesktop
EnumDesktopWindows
GetWindowThreadProcessId
CharUpperW
wsprintfW
LoadStringW
PostThreadMessageW
GetMessageW
TranslateMessage

advapi32

DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
LookupPrivilegeValueW
DeleteService
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
ReportEventW
RegisterEventSourceW
CloseServiceHandle
ChangeServiceConfig2W
OpenServiceW
CreateServiceW
OpenSCManagerW
CreateProcessAsUserW
GetTokenInformation
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
LookupAccountSidW
CopySid
InitializeSid
GetSidLengthRequired
GetSidSubAuthority
IsValidSid
GetLengthSid
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeSecurity
CoResumeClassObjects
StringFromGUID2
CoSuspendClassObjects
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoRevokeClassObject
CoInitializeEx
CoRegisterClassObject

oleaut32

LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
LoadRegTypeLi
SysAllocStringLen
VariantInit
VariantClear
RegisterTypeLi
UnRegisterTypeLi
SysAllocString

shlwapi

PathQuoteSpacesW
PathFindExtensionW
PathAppendW
PathFileExistsW
PathUnquoteSpacesW

crypt32

CertNameToStrA
CryptMsgGetAndVerifySigner
CryptQueryObject
CertFreeCertificateContext
CryptMsgClose

wintrust

WinVerifyTrust

wtsapi32

WTSQueryUserToken

userenv

LoadUserProfileW
DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock

psapi

GetModuleFileNameExW

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac6684bb587c63ddc6811bfb475223e1

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

wintrust

wtsapi32

userenv

psapi

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 92KB - Virtual size: 92KB