3d9daeb1fc1d27f0f78f0af0de667d17_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d9daeb1fc1d27f0f78f0af0de667d17_JaffaCakes118
Size

155KB
MD5

3d9daeb1fc1d27f0f78f0af0de667d17
SHA1

bae875663843afa4ff22574b4f934748a3d25161
SHA256

258362a41d8f24a78a3aec6ff5e909b861ca9ddd18e79c69b42581bc7bf5a4ab
SHA512

c6d503497e724d5707ecdd162a9148de3034cb27705e462ee06fbfe31430943713997d6c74f9254eb4d094e4c531c2c9d25c59b1229339bfec2c73368b63a3ca
SSDEEP

3072:TRyJGkDHmUSWczZAs9SIUXZRam3ZFZuKknBtwY1pcUnUa0:d/ZZmXZRaUZ7HknnD3UB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d9daeb1fc1d27f0f78f0af0de667d17_JaffaCakes118

Files

3d9daeb1fc1d27f0f78f0af0de667d17_JaffaCakes118
.exe windows:0 windows x86 arch:x86

80c37f3e2427bf05582edb83d0ed2e1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegisterTraceGuidsW
StartTraceW
TraceEvent
LookupAccountSidA
LookupAccountSidW
OpenTraceW
ProcessTrace
CloseTrace
StopTraceW

kernel32

FindNextFileW
FindFirstFileW
SetThreadLocale
GetSystemDefaultLCID
GetConsoleOutputCP
GetThreadLocale
GetUserDefaultUILanguage
LocalFree
WriteConsoleW
GetFileType
FormatMessageW
GetModuleHandleW
ReadConsoleW
MultiByteToWideChar
ReadFile
SetConsoleMode
GetConsoleMode
CloseHandle
CreateFileW
SystemTimeToFileTime
FreeLibrary
DeleteFileW
LockResource
LoadResource
FindResourceW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
ExitProcess
GetLastError
GetModuleHandleA
GetACP
GetOEMCP
GetCPInfo
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
WideCharToMultiByte
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
RtlUnwind
InterlockedExchange
GetStringTypeA
GetStringTypeW
HeapReAlloc
SetFilePointer
GetLocaleInfoA
RaiseException
SetStdHandle
FlushFileBuffers
SetEndOfFile
Sleep
lstrlenA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
ExpandEnvironmentStringsW
GetStringTypeExW
GetLocaleInfoW
SetConsoleTextAttribute
GetStdHandle
GetConsoleScreenBufferInfo
GetProcessHeap
HeapAlloc
HeapFree
SetEvent
lstrlenW
GetLocalTime
VirtualAlloc

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

LoadStringW
CharToOemW
wsprintfW
CharLowerW
GetTabbedTextExtentW
DdeGetLastError
SendMessageW
ValidateRect
keybd_event
GetWindowPlacement
IsDialogMessage
LoadRemoteFonts
GetFocus
CreateMenu
WINNLSGetIMEHotkey
GetMenuItemID
SetLastErrorEx
DlgDirSelectComboBoxExA
UnregisterClassW
DestroyCaret
GetKBCodePage
AppendMenuA
TranslateAcceleratorA
CreateWindowExW
ArrangeIconicWindows
SetCursorPos
EnumDisplaySettingsA
RemovePropW
GrayStringW
SetProgmanWindow
SetCursor
DisableProcessWindowsGhosting
BlockInput
LockWindowUpdate
ReleaseDC
MonitorFromWindow
GetMessageA
EnableScrollBar
CreateMDIWindowW
UpdatePerUserSystemParameters
IsWindowEnabled
GetRawInputDeviceList
GetMenuBarInfo
DragDetect
SetCapture
MessageBoxIndirectA
PrintWindow
GetKeyboardLayoutNameW
GetKeyboardLayoutList
SetFocus
IsWindow
CreateSystemThreads
ShowCursor
BroadcastSystemMessageW
DdeImpersonateClient

rpcrt4

UuidCreate

ole32

CoCreateInstance
CoInitialize
CoSetProxyBlanket

ntdll

RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlFreeUnicodeString
RtlStringFromGUID
RtlEnterCriticalSection
RtlAnsiCharToUnicodeChar

msi

MsiEnumPatchesExA
MsiInstallProductA
MsiProvideComponentFromDescriptorA
MsiVerifyDiskSpace
MsiGetActiveDatabase
MsiSourceListAddSourceExW
MsiGetShortcutTargetA
MsiProcessMessage
MsiRemovePatchesA
MsiDeterminePatchSequenceW
MsiOpenPackageExW
MsiDecomposeDescriptorW
MsiEnumComponentsW
MsiSourceListForceResolutionW
MsiFormatRecordA
MsiLocateComponentA
MsiDatabaseImportW
MsiGetComponentPathA
MsiGetUserInfoA
MsiEnumRelatedProductsA
MsiApplyPatchA
MsiDatabaseGetPrimaryKeysA
MsiEnumProductsExA
MsiSourceListAddSourceW
MsiLoadStringA
MsiEnumComponentQualifiersW
MsiEnumPatchesA
MsiGetSummaryInformationA
MsiDeleteUserDataW
MsiIsProductElevatedW
MsiDatabaseImportA
MsiAdvertiseProductW
MsiDatabaseGenerateTransformA
MsiSetFeatureAttributesA
MsiConfigureProductA
MsiProcessAdvertiseScriptA

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 47KB

IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80c37f3e2427bf05582edb83d0ed2e1d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

version

user32

rpcrt4

ole32

ntdll

msi

Sections

.text Size: 19KB - Virtual size: 18KB

Size: 2KB - Virtual size: 32KB

.rdata Size: 6KB - Virtual size: 5KB

Size: 1KB - Virtual size: 33KB

Size: 2KB - Virtual size: 47KB

.data Size: 12KB - Virtual size: 185KB

Size: 3KB - Virtual size: 49KB

Size: 2KB - Virtual size: 29KB

Size: 2KB - Virtual size: 8KB

.rsrc Size: 96KB - Virtual size: 96KB

.reloc Size: 5KB - Virtual size: 8KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 185KB

.rsrc
Size: 96KB - Virtual size: 96KB

.reloc
Size: 5KB - Virtual size: 8KB