3dde941a83174c7c97718724c7b75256_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3dde941a83174c7c97718724c7b75256_JaffaCakes118
Size

50KB
MD5

3dde941a83174c7c97718724c7b75256
SHA1

47cc166eb26137fea54642707e95a891ccf0ee25
SHA256

2e8facb9ce5aa7b01c9c8e35c5e5e7b7936415d6286434066250df00726b8b65
SHA512

8872f5b42f9387582216441f0b358cd0b482c57ba456787cc10055217169e81f8a44d447e927474dbed52fc01ff87522aecab93183829de13aaebc688fb0e6b3
SSDEEP

1536:vK8DOzrg+J+paDpDv9cQnQeVeqOFJ1uXLs/:ST7os9cQnQMXLK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dde941a83174c7c97718724c7b75256_JaffaCakes118

Files

3dde941a83174c7c97718724c7b75256_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1c7e6ba4324231127797ec6b28f3957c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winsta

LogonIdFromWinStationNameA
_NWLogonSetAdmin
ServerLicensingGetPolicyInformationA
WinStationShadow
_WinStationUpdateUserConfig
_WinStationBreakPoint
WinStationGetTermSrvCountersValue
WinStationBroadcastSystemMessage
_WinStationUpdateSettings
_WinStationNotifyNewSession
WinStationServerPing
WinStationQueryInformationW
WinStationEnumerateLicenses
ServerLicensingOpenA
WinStationQueryLicense
_WinStationCallback
LogonIdFromWinStationNameW
ServerLicensingSetPolicy
WinStationIsHelpAssistantSession
_WinStationReInitializeSecurity
ServerLicensingFreePolicyInformation
WinStationVirtualOpen
WinStationRenameA
WinStationConnectA
WinStationSendMessageA
_WinStationNotifyDisconnectPipe
WinStationCheckLoopBack
WinStationRemoveLicense
ServerLicensingOpenW
ServerLicensingDeactivateCurrentPolicy
_WinStationFUSCanRemoteUserDisconnect
_WinStationReadRegistry
WinStationRenameW
WinStationNtsdDebug
WinStationSendWindowMessage
WinStationReset
ServerLicensingGetAvailablePolicyIds
WinStationQueryInformationA
ServerQueryInetConnectorInformationW
WinStationGetProcessSid
WinStationGetAllProcesses
_WinStationNotifyLogoff
_WinStationNotifyLogon
WinStationSetPoolCount

kernel32

GetCurrentDirectoryA
IsValidLanguageGroup
GetExitCodeProcess
lstrcmpiA
CreateHardLinkW
GetNumaAvailableMemoryNode
FreeResource
DeleteFileA
SwitchToFiber
GetProcessWorkingSetSize
QueryDepthSList
MoveFileExA
GetVDMCurrentDirectories
AddRefActCtx
GetConsoleCommandHistoryLengthA
GetLogicalDriveStringsA
OutputDebugStringW
GetProfileSectionA
GetCommState
GetPrivateProfileStringW
EnumSystemGeoID
HeapFree
WriteConsoleW
FormatMessageW
GetEnvironmentStringsA
_lclose
GetCommandLineW
SetThreadPriority
CreateMailslotW
FreeEnvironmentStringsA
AddConsoleAliasA
GetTapeParameters
SetComputerNameExA
GetSystemPowerStatus
SetThreadAffinityMask
TryEnterCriticalSection
CreateFileMappingA
SetFileTime
GlobalDeleteAtom
HeapCreate
GetComputerNameA
MoveFileWithProgressA
CancelDeviceWakeupRequest
GlobalGetAtomNameA
DeleteVolumeMountPointA
GetProfileIntW
EnumCalendarInfoW
HeapSetInformation
GetCurrentConsoleFont
GetCurrentThreadId
LoadLibraryA
lstrcmpiW
SuspendThread
ReleaseMutex
WaitNamedPipeW
GetProcessTimes
CancelWaitableTimer
SetFilePointer
GetFileAttributesA
GlobalAlloc
GetCurrentThread
ClearCommBreak
AddAtomW
VirtualAlloc
Process32NextW
SetErrorMode
GetDiskFreeSpaceExA

oleaut32

VarI4FromUI4
DispGetParam
VarCat
VarNumFromParseNum
RegisterTypeLib
GetRecordInfoFromGuids
VarR8FromUI1
VarDateFromR4
SysFreeString
VarBoolFromR4
QueryPathOfRegTypeLib
VarFormatDateTime
VarI8FromStr
SafeArrayGetElement
VarDecFromI1
VarDecFromR8
VarR8FromI2
VarUI1FromDisp
VarR8FromI1
VarI2FromBool
VarDateFromI1
DispCallFunc
BSTR_UserUnmarshal
VarImp
VarI8FromUI4
SafeArrayGetUBound
VarUI2FromI8
VarAdd
VariantTimeToSystemTime
VarCyFromR4
VarI2FromDate
SafeArraySetRecordInfo
VarUI2FromDec
SafeArrayCreateVector

gdi32

UpdateColors
DeleteObject
EngDeleteSurface
Polygon
SetPixelV
SetVirtualResolution
EnumFontFamiliesExA
GetFontAssocStatus
IntersectClipRect
PATHOBJ_vEnumStart
GetBoundsRect
CreatePen
SetEnhMetaFileBits
CreateMetaFileA
SetStretchBltMode
EnumICMProfilesW
SetPixel
RemoveFontResourceA
GdiGetLocalFont
AbortPath
GdiCreateLocalEnhMetaFile
GdiGetBatchLimit
GdiFixUpHandle
ResetDCW
DdEntry5
GetTextFaceAliasW
PolyTextOutW
CopyMetaFileA
SetICMProfileW
GdiRealizationInfo
PolyPolyline
AddFontResourceExA
GdiDeleteLocalDC
EngLineTo
EngGetCurrentCodePage
SetViewportOrgEx
CreatePalette
GetTextExtentPointA
OffsetWindowOrgEx
SetGraphicsMode
AddFontResourceTracking
GdiArtificialDecrementDriver
GetLogColorSpaceA
GetViewportOrgEx

ntdll

ZwReplaceKey
NtWaitForKeyedEvent
NtCreateDirectoryObject
RtlSubAuthorityCountSid
ZwSetSystemEnvironmentValue
RtlDuplicateUnicodeString
RtlSetTimeZoneInformation
LdrUnlockLoaderLock
sqrt
NtWriteVirtualMemory
NtQueueApcThread
RtlEqualDomainName
NtUnlockVirtualMemory
ZwCallbackReturn
strcat
NtCreateEvent
RtlDosSearchPath_Ustr
RtlAddAuditAccessAce
RtlAddVectoredExceptionHandler
RtlCopyLuidAndAttributesArray
ZwSetThreadExecutionState
RtlTraceDatabaseFind
RtlpNtEnumerateSubKey
_vsnwprintf
ZwQueryAttributesFile
RtlFindMostSignificantBit
RtlCreateSystemVolumeInformationFolder
RtlInitializeSid
RtlDoesFileExists_U
_chkstk
ZwOpenProcessToken
RtlRegisterSecureMemoryCacheCallback
NtSetValueKey
_wcsupr
NtReadFileScatter
RtlGetNtGlobalFlags
ZwQuerySection
RtlUpcaseUnicodeStringToOemString
RtlCopySidAndAttributesArray

Sections

.text
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c7e6ba4324231127797ec6b28f3957c

Headers

DLL Characteristics

File Characteristics

Imports

winsta

kernel32

oleaut32

gdi32

ntdll

Sections

.text Size: 37KB - Virtual size: 40KB

.rdata Size: 7KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 37KB - Virtual size: 40KB

.rdata
Size: 7KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB