3d6a50297b19056da797bdaccf0b05a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d6a50297b19056da797bdaccf0b05a7_JaffaCakes118
Size

93KB
MD5

3d6a50297b19056da797bdaccf0b05a7
SHA1

903e499ed93343a431ac0006a37b422740b09119
SHA256

4e8e60ada1e7f5df874b690fb8e2d65f12187099bb9a323cbb661cdf781ccf22
SHA512

3fefd36eb84c733c5b342faad157b11b3e564d99b7c923527a441d7fdba58227355dd7a17d5dc742d00d54dca34ea726f14948e35c0937e30a941b971b92aa15
SSDEEP

1536:+gVm1dGSZL/V90RVEnP/9/wAaKRiqieLpbuhkZKcJjo7B5dQ35jfTgoRHrHpdIDq:+g3SFt/1gvQ35rTgI7I/nsFI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d6a50297b19056da797bdaccf0b05a7_JaffaCakes118

Files

3d6a50297b19056da797bdaccf0b05a7_JaffaCakes118
.exe windows:6 windows x86 arch:x86

9f06d1ff01f8d74c01d824c300c2e2f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ehRec.pdb

Imports

advapi32

LookupAccountSidW
GetTokenInformation
OpenThreadToken
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
InitializeAcl
GetLengthSid
IsValidSid
RegEnumKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
GetSecurityDescriptorDacl
CopySid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
OpenProcessToken
CreateWellKnownSid

kernel32

InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
CreateThread
CreateEventW
GetModuleFileNameW
ExitThread
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
RaiseException
OpenEventW
WaitForMultipleObjects
SetProcessShutdownParameters
RegisterApplicationRestart
ApplicationRecoveryFinished
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentVariableW
HeapSetInformation
GetLocalTime
OutputDebugStringW
OutputDebugStringA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
EncodeSystemPointer
InterlockedExchange
GetVersionExA
lstrlenW
GetCurrentThread
GetLastError
WaitForSingleObject
InterlockedDecrement
CloseHandle
SetEvent
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryExW

user32

PostThreadMessageW
GetMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
UnregisterClassA
CharNextW
DispatchMessageW

msvcrt

_unlock
_errno
__dllonexit
_lock
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_wcsnicmp
memset
_wcsicmp
_purecall
wcscat_s
wcsncpy_s
wcscpy_s
memcpy_s
free
malloc
_onexit
?terminate@@YAXXZ
_controlfp
fputws
fflush
realloc
_vsnwprintf
_wcmdln

ole32

CoResumeClassObjects
CoInitializeEx
CoUninitialize
StringFromGUID2
CoAddRefServerProcess
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoImpersonateClient
CoRevertToSelf
CoReleaseServerProcess
CoInitializeSecurity

oleaut32

SysFreeString
SafeArrayDestroy
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
VariantClear
VariantInit
SysStringLen

mscoree

CorBindToRuntimeEx

Exports

Exports

QueryUser
ehRecLock
ehRecUnLock

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ddhzzzz
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9f06d1ff01f8d74c01d824c300c2e2f0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

mscoree

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 29KB - Virtual size: 30KB

ddhzzzz Size: - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 55KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 29KB - Virtual size: 30KB

ddhzzzz
Size: - Virtual size: 4KB