3d765dd03d997fae12da0be8132d9717_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d765dd03d997fae12da0be8132d9717_JaffaCakes118
Size

377KB
MD5

3d765dd03d997fae12da0be8132d9717
SHA1

2e1d4f9711d262a4effb107835bda58165eefc47
SHA256

c0f0b7e4d341952b9adbec2c20723c4c891e0c583e35ad3707698632f5891727
SHA512

1d48e650883b1cb7b9651ac3b37ae0da7fa698da6fbbc7518ba1d2c4816fde3aa4774ea5a9065872f21dcbdebb97f1dce1227163d92367f027cd9f9def874d16
SSDEEP

6144:Nlg3Sn5Xnkq9+cOtTnKCZyH33NmCq4q5TQJz3RC01ZyAKg0JiKSWpU7zfwA8pK7K:NlN1nk25YRyH3dmCq1o3XN0JZpibUpxN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d765dd03d997fae12da0be8132d9717_JaffaCakes118

Files

3d765dd03d997fae12da0be8132d9717_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2cca14e69268a9b84032d4c7872f246a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
RegDeleteValueW
RegSaveKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
CryptAcquireContextW
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
CryptReleaseContext
RegCloseKey
RegQueryValueExW
EqualSid
RegQueryInfoKeyW
CloseServiceHandle
StartServiceW
GetUserNameW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
FreeSid
RegOpenKeyExA

gdi32

SelectObject
CreateFontIndirectW
GetObjectW
GetCurrentObject
DeleteObject

kernel32

HeapAlloc
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
DeleteFileW
GetVersion
HeapFree
GetLastError
GetProcAddress
LoadLibraryW
TlsGetValue
TlsSetValue
IsBadCodePtr
GetModuleHandleW
IsBadWritePtr
WideCharToMultiByte
GetACP
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
ResetEvent
LocalAlloc
LocalFree
CloseHandle
ReleaseMutex
GetCurrentThreadId
MultiByteToWideChar
IsBadStringPtrA
IsBadStringPtrW
DeleteCriticalSection
TlsFree
FreeLibrary
SetEvent
InitializeCriticalSection
CreateMutexW
TlsAlloc
GetProcessHeap
GetTickCount
Sleep
GetComputerNameW
GetCurrentProcessId
IsBadReadPtr
lstrlenW
lstrlenA
FreeLibraryAndExitThread
CreateThread
CreateEventW
lstrcmpiW
GetModuleFileNameW
OutputDebugStringW

rpcrt4

RpcStringFreeW
NdrClientCall2
I_RpcExceptionFilter
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoW

rtutils

TraceDeregisterW
TraceRegisterExW
TraceVprintfExA

shlwapi

ord217
ord346
StrChrW
StrToIntW
ord191
StrCmpIW
StrCmpW
StrCpyNW
StrCmpNW

user32

PostMessageW
DestroyWindow
DefWindowProcW
RegisterClassW
LoadStringW
GetUserObjectInformationW
GetThreadDesktop
GetSystemMetrics
IsWindow
wsprintfA
wsprintfW
SendMessageW
EnableWindow
GetDlgItem
SendDlgItemMessageW
EndDialog
GetClientRect
CheckRadioButton
SetWindowTextW
SetFocus
GetFocus
GetWindowTextW
SetWindowLongW
GetWindowLongW
DialogBoxParamW
GetParent
MessageBeep
SetForegroundWindow
EnumWindows
MessageBoxW
IsWindowEnabled
ShowWindow
GetKeyState
SetWindowPos
CreateWindowExW
KillTimer
SetTimer
GetWindowRect
CloseClipboard
CallWindowProcW
SetClipboardData
GetClipboardData
OpenClipboard
EnumChildWindows
SetDlgItemInt
GetDlgItemInt
WinHelpW
GetActiveWindow

winmm

waveInMessage
waveOutMessage
midiInMessage
midiOutMessage

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 341KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cca14e69268a9b84032d4c7872f246a

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

rpcrt4

rtutils

shlwapi

user32

winmm

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 5KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 8KB

.orpc Size: 341KB - Virtual size: 388KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 5KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 8KB

.orpc
Size: 341KB - Virtual size: 388KB

.rsrc
Size: 6KB - Virtual size: 6KB