3d31c1952006c2271470e6a4ce643c58_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d31c1952006c2271470e6a4ce643c58_JaffaCakes118
Size

81KB
MD5

3d31c1952006c2271470e6a4ce643c58
SHA1

5573af4dec184ff6c8a27e08b4a24bc25320b517
SHA256

83ade1201d37c2a3473ee961467229d601319c7bb73c1f31277c3a4b5933073b
SHA512

56f9c208f21c73ae7ff4eec6c3b3baea446bb30a71c96e00f102caf07b0205c3700d3406a382ae013b5827851f0a215e441c5ce5c4433716a6a254f524b8b88d
SSDEEP

1536:9GVDSZVBj6EE//SNyl32uULZ2RJ2YoDR/XQZXJLWhXCKdjqP:9GVDSzBGtUc2fZYJ2jAZLAXdm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d31c1952006c2271470e6a4ce643c58_JaffaCakes118

Files

3d31c1952006c2271470e6a4ce643c58_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ac759dba683ceef2f12fe4dbe9e0c765

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtAddAtom

user32

CallNextHookEx
SetWindowsHookExW
RegisterClipboardFormatW
PostMessageW
GetSystemMetrics
LoadIconW
DestroyWindow
CloseClipboard
GetWindowRect
MessageBeep
GetDlgItem
WinHelpW
IsWindow
EmptyClipboard
OpenClipboard
GetParent
GetClipboardData
SendMessageW
UnhookWindowsHookEx
DestroyIcon
ScreenToClient
EnableWindow
LoadBitmapW
LoadStringW
GetCursorPos
ShowWindow

kernel32

DeleteCriticalSection
LoadLibraryA
lstrcmpiW
GetTimeFormatW
GetComputerNameW
ExpandEnvironmentStringsW
InterlockedIncrement
lstrcmpW
SetThreadPriority
VirtualAlloc
LocalAlloc
LeaveCriticalSection
InterlockedDecrement
GetCommandLineW
LocalFree
EnterCriticalSection
GetTimeZoneInformation
UnhandledExceptionFilter
GetCurrentProcess
GetDateFormatW
WaitForSingleObject
CloseHandle
OutputDebugStringA
Sleep
lstrcpyW
GlobalFree
InitializeCriticalSection
SystemTimeToFileTime
FormatMessageW
lstrcpynW
GetTickCount
GetVersion
GetModuleFileNameW
TerminateProcess
GlobalUnlock
GetCurrentProcessId
CreateThread
ExitThread
GetModuleHandleW
GetProcAddress
CreateEventW
GetFileAttributesW
IsBadReadPtr
GetVersionExW
GlobalLock
GetLastError
GlobalAlloc
GetWindowsDirectoryW
GetCurrentThreadId
GetSystemTimeAsFileTime
LoadLibraryW
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
FreeLibrary
SetEvent
SetUnhandledExceptionFilter
SetLastError
GetModuleHandleA

ole32

CoTaskMemFree
CoUninitialize
ReleaseStgMedium
CreateStreamOnHGlobal
StringFromCLSID
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx

advapi32

InitializeSecurityDescriptor
MapGenericMask
RegSetValueExW
SetSecurityDescriptorGroup
CreatePrivateObjectSecurityEx
InitializeAcl
GetAce
AddAce
GetTokenInformation
SetPrivateObjectSecurity
RegEnumKeyExW
GetSecurityDescriptorDacl
GetSecurityDescriptorLength
FreeSid
RegDeleteKeyW
GetLengthSid
GetPrivateObjectSecurity
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
MakeSelfRelativeSD
DestroyPrivateObjectSecurity
OpenProcessToken
RegCreateKeyExW
AllocateAndInitializeSid
SetSecurityDescriptorOwner
RegCloseKey

msvcrt

free
_except_handler3
_wtoi
wcsncmp
wcscmp
wcslen
_wcsicmp
wcsncpy
__CxxFrameHandler
wcscpy
_onexit
malloc
_purecall
_beginthreadex
_initterm
_adjust_fdiv
_wcsdup
__dllonexit
__RTDynamicCast

dhcpcsvc

DhcpEnumClasses

gdi32

DeleteObject

ntmsapi

DeleteNtmsMedia
ReleaseNtmsCleanerSlot
GetNtmsMediaPoolNameW
GetNtmsRequestOrder
MountNtmsMedia
GetVolumesFromDriveW
ReserveNtmsCleanerSlot
EjectNtmsMedia
AddNtmsMediaType
CancelNtmsLibraryRequest
CancelNtmsOperatorRequest
SetNtmsDeviceChangeDetection
GetNtmsObjectSecurity
DeleteNtmsMediaPool
CloseNtmsNotification
InjectNtmsMedia
DeallocateNtmsMedia
InventoryNtmsLibrary
GetNtmsObjectInformationW
EnableNtmsObject
EjectNtmsCleaner
SetNtmsObjectSecurity
CloseNtmsSession
DismountNtmsDrive
MoveToNtmsMediaPool
SetNtmsRequestOrder
DeleteNtmsMediaType
OpenNtmsSessionW
DoEjectFromSADriveW
EnumerateNtmsObject
CreateNtmsMediaPoolW
DeleteNtmsLibrary
SetNtmsObjectInformationW
AccessNtmsLibraryDoor
DeleteNtmsRequests
DismountNtmsMedia
CleanNtmsDrive
OpenNtmsNotification
WaitForNtmsNotification
DisableNtmsObject
DeleteNtmsDrive
InjectNtmsCleaner
SatisfyNtmsOperatorRequest

Sections

.textbss
Size: - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac759dba683ceef2f12fe4dbe9e0c765

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

user32

kernel32

ole32

advapi32

msvcrt

dhcpcsvc

gdi32

ntmsapi

Sections

.textbss Size: - Virtual size: 656KB

.text Size: 512B - Virtual size: 420B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 24B

.idata Size: 77KB - Virtual size: 77KB

.data Size: 1024B - Virtual size: 748B

.textbss
Size: - Virtual size: 656KB

.text
Size: 512B - Virtual size: 420B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 24B

.idata
Size: 77KB - Virtual size: 77KB

.data
Size: 1024B - Virtual size: 748B