3c40119e85483ec3db45a9237a82d912_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3c40119e85483ec3db45a9237a82d912_JaffaCakes118
Size

372KB
MD5

3c40119e85483ec3db45a9237a82d912
SHA1

693e078dae4dae050f84083d8ea102a78c512eff
SHA256

e5fe8d803e32841b5bce663a15ed3ed830e9b4946db36ecb2401f54d40e22e10
SHA512

db39cbac5bf3296815afbcecb51a8ca55ccee507f5e3aa25d317c24a509f9ef0d0ac71e788c7045041271cec451dfec0a2806072afe37ddd35917d2fe0bcafd5
SSDEEP

6144:HDeUVJuo0tl4V01HJ1w9XwfwIz7LE8DO11bEVUNNaLR5qlcbz:FuFl4V01p1w9X/WUQO1tEVnR5qA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c40119e85483ec3db45a9237a82d912_JaffaCakes118

Files

3c40119e85483ec3db45a9237a82d912_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f7e80b12e14587fc3c198bdef27ceee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\VS70Builds\3077\vsbuilt\retail\Bin\i386\opt\mdm.pdb

Imports

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoDisconnectObject
CoUninitialize
CoRevertToSelf
CoInitializeSecurity
CoCreateGuid
CLSIDFromString
CoGetClassObject
CoGetCallContext
StringFromIID
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoImpersonateClient
CoQueryProxyBlanket
StringFromCLSID
CoTaskMemFree

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCat
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

rpcrt4

RpcStringFreeA
RpcBindingFromStringBindingA
RpcStringBindingComposeA
NdrClientCall
RpcBindingSetAuthInfoA

shlwapi

PathFindExtensionA

advapi32

RegOpenKeyExW
QueryServiceStatus
LookupAccountSidA
PrivilegeCheck
IsValidSecurityDescriptor
DuplicateTokenEx
AddAce
GetSecurityDescriptorLength
GetUserNameA
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
MakeAbsoluteSD
SetSecurityDescriptorDacl
MakeSelfRelativeSD
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
AllocateAndInitializeSid
FreeSid
RegConnectRegistryA
RegSetKeySecurity
LookupAccountNameA
GetAclInformation
GetAce
DuplicateToken
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
AccessCheck
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
EqualSid
GetSecurityDescriptorControl
GetLengthSid
CopySid
IsValidSid
LookupAccountSidW
RegCreateKeyA
RegEnumValueA
RegQueryValueExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
ControlService
DeleteService
SetThreadToken
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegEnumKeyA
SetServiceStatus
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
GetTokenInformation
OpenThreadToken
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CloseServiceHandle
ChangeServiceConfigA
OpenServiceA
CreateServiceA
OpenSCManagerA
RegQueryValueExW

kernel32

HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
IsBadWritePtr
HeapSize
GetOEMCP
GetCPInfo
HeapReAlloc
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetEndOfFile
GetProcessHeap
GetSystemTimeAsFileTime
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersion
lstrcmpiA
lstrlenW
lstrlenA
CloseHandle
OpenProcess
CompareStringA
CompareStringW
HeapAlloc
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetModuleHandleA
WaitForSingleObject
CreateEventA
SetEvent
TerminateThread
CreateThread
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetComputerNameA
LocalFree
GetCurrentProcess
GetCurrentThread
lstrcpynA
lstrcpyA
GetModuleFileNameA
lstrcatA
IsDBCSLeadByte
FormatMessageA
GetFileAttributesA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
SetUnhandledExceptionFilter
GetCommandLineA
GetCurrentProcessId
SetErrorMode
GetProcessTimes
GetPrivateProfileStringA
TerminateProcess
GetPrivateProfileSectionA
GetPrivateProfileIntA
CreateFileA
GetProfileStringA
CreateDirectoryA
WritePrivateProfileStringA
WriteProfileStringA
GetPrivateProfileSectionNamesA
GetTickCount
LocalAlloc
LockResource
CreateProcessA
InterlockedCompareExchange
SetEnvironmentVariableA
GetSystemDirectoryA
Sleep
GetModuleHandleW
LocalSize
ReadFile
SetFilePointer
SetLastError
ReadProcessMemory
FindClose
FindFirstFileA
FindResourceExA
UnmapViewOfFile
DuplicateHandle
GetModuleFileNameW
MapViewOfFile
CreateFileMappingA
CreateMutexA
ReleaseMutex
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
ExitProcess
QueryPerformanceCounter

user32

wsprintfA
wsprintfW
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
DispatchMessageA
MessageBoxA
LoadStringA
CharNextA
PeekMessageA
SetTimer
GetMessageA
KillTimer
PostThreadMessageA
CharUpperA

Sections

.text
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f7e80b12e14587fc3c198bdef27ceee

Headers

File Characteristics

PDB Paths

Imports

ole32

oleaut32

version

rpcrt4

shlwapi

advapi32

kernel32

user32

Sections

.text Size: 300KB - Virtual size: 297KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 12KB - Virtual size: 10KB

.rmnet Size: 44KB - Virtual size: 44KB

.text
Size: 300KB - Virtual size: 297KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 12KB - Virtual size: 10KB

.rmnet
Size: 44KB - Virtual size: 44KB