3da780530939209fb2e704aea5e80afc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3da780530939209fb2e704aea5e80afc_JaffaCakes118
Size

264KB
MD5

3da780530939209fb2e704aea5e80afc
SHA1

7e4c79c9359c7a1d717019242ce2acc343e18ccc
SHA256

e9da97c987ec067921ff06ac144e7999673980472f94833265d91d9d9bdfc024
SHA512

cd6031c4ca8461d1abc5ac4333375103aa0269b030e432b87414bb14f8a5fc454320888b956d87947bd346c226184de3be8bf0735ae1a1dd4a128ce681fbe137
SSDEEP

6144:gp2DYIGT/V/3q6l0jmpBzFi2N18nZdxUBpAXJ3I:g2xGTtqU0kzF1N18Z6pA9I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3da780530939209fb2e704aea5e80afc_JaffaCakes118

Files

3da780530939209fb2e704aea5e80afc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

178f4fefd422687c5f22c580eeb2a527

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

QueryPerformanceCounter
LocalFree
ReadFile
HeapSize
TlsFree
CompareFileTime
lstrcpyW
SetEndOfFile
IsBadCodePtr
TerminateProcess
MultiByteToWideChar
HeapReAlloc
lstrlenA
SetLastError
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetWindowsDirectoryW
GetCommandLineW
HeapCreate
CreateFileW
GetProcAddress
ExitThread
WaitForMultipleObjects
GetModuleHandleA
GlobalAlloc
GetCommandLineA
FlushFileBuffers
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteFile
GetLastError
VirtualFree
GetStringTypeW
GetStartupInfoW
GetACP
WideCharToMultiByte
VirtualAlloc
HeapDestroy
CloseHandle
CreateEventW
GetFileAttributesW
WaitForSingleObject
Sleep
SetStdHandle
CloseHandle
FreeLibrary
EnterCriticalSection
GetTickCount

user32

SetWindowPos
LoadIconW
DestroyWindow
SendMessageW
GetFocus
CheckDlgButton
LoadStringA
SetWindowsHookExW
DispatchMessageW
GetKeyState
CallNextHookEx
PostMessageW
MessageBoxA
SetWindowTextW
UnhookWindowsHookEx
KillTimer
DialogBoxParamW
TranslateMessage
SetFocus
GetDesktopWindow
CheckRadioButton
wsprintfA
GetWindowLongW
LoadStringW
MsgWaitForMultipleObjects
GetDlgItemTextW
ShowWindow

pdh

PdhBindInputDataSourceW
PdhUpdateLogFileCatalog
PdhGetLogFileTypeW
PdhEnumObjectItemsHA
PdhExpandCounterPathA
PdhOpenQuery
PdhTranslateLocaleCounterW
PdhEnumObjectItemsHW
PdhSelectDataSourceA
PdhExpandWildCardPathHW
PdhConnectMachineW
PdhBrowseCountersW
PdhVbIsGoodStatus
PdhListLogFileHeaderA
PdhCollectQueryData
PdhParseInstanceNameA
PdhParseCounterPathW
PdhCloseQuery
PdhEnumObjectsW
PdhCalculateCounterFromRawValue
PdhGetFormattedCounterValue
PdhGetDataSourceTimeRangeH
PdhSetCounterScaleFactor
PdhRemoveCounter
PdhListLogFileHeaderW
PdhVbOpenQuery
PdhVbGetOneCounterPath
PdhMakeCounterPathA
PdhEnumMachinesHW
PdhSelectDataSourceW
PdhVbCreateCounterPathList
PdhExpandCounterPathW
PdhParseInstanceNameW
PdhGetRawCounterArrayW
PdhUpdateLogW
PdhVbGetCounterPathFromList
PdhGetLogSetGUID
PdhOpenQueryW
PdhEnumObjectItemsW
PdhValidatePathA
PdhGetRawCounterValue
PdhGetFormattedCounterArrayA
PdhSetDefaultRealTimeDataSource
PdhEnumMachinesW
PdhGetFormattedCounterArrayW
PdhGetDefaultPerfCounterW
PdhAddCounterA
PdhFormatFromRawValue
PdhCollectQueryDataEx
PdhRelogW

advapi32

RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegQueryValueExW
RegDeleteKeyW

comctl32

ord17

ole32

CoUninitialize
CoCreateInstance

rtm

MgmGetFirstMfeStats
RtmGetListEnumRoutes
RtmGetEnumNextHops
RtmReadAddressFamilyConfig
RtmGetRoutePointer
MgmGroupEnumerationStart
RtmDeregisterClient
RtmGetInstanceInfo
RtmGetEnumDests
RtmLockDestination
RtmGetNextHopPointer
MgmTakeInterfaceOwnership
RtmWriteInstanceConfig
RtmGetChangeStatus
BestMatchInTable
RtmDeleteRouteToDest
RtmDequeueRouteChangeMessage
RtmGetEntityInfo
RtmReadInstanceConfig
RtmGetExactMatchDestination
RtmIgnoreChangedDests
RtmIsBestRoute
RtmGetRouteAge
RtmReleaseNextHopInfo
RtmCreateRouteEnum
RtmReleaseEntityInfo
RtmDeleteRoute
RtmGetNextHopInfo
RtmLockNextHop
RtmReleaseEntities
RtmGetNetworkCount
RtmLockRoute
RtmCloseEnumerationHandle
RtmGetFirstRoute
RtmUpdateAndUnlockRoute
InsertIntoTable
MgmGroupEnumerationEnd
MgmRegisterMProtocol
RtmReferenceHandles
NextMatchInTable
RtmFindNextHop
RtmGetMostSpecificDestination
RtmGetExactMatchRoute
MgmReleaseInterfaceOwnership
MgmGetMfeStats
RtmDereferenceHandles
RtmRegisterClient
RtmAddRouteToDest
RtmGetAddressFamilyInfo
RtmGetInstances
RtmCreateNextHopEnum

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

178f4fefd422687c5f22c580eeb2a527

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

pdh

advapi32

comctl32

ole32

rtm

Sections

.text Size: 202KB - Virtual size: 202KB

.data Size: 27KB - Virtual size: 27KB

.rsrc Size: 33KB - Virtual size: 568KB

.text
Size: 202KB - Virtual size: 202KB

.data
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 33KB - Virtual size: 568KB