3eb7a92a651fc3b5e7968e55afcf4667_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3eb7a92a651fc3b5e7968e55afcf4667_JaffaCakes118
Size

76KB
MD5

3eb7a92a651fc3b5e7968e55afcf4667
SHA1

8ab224898715f3d301d8fc787fae3404198a489a
SHA256

d2a1c429b0d86d57abc9d19d32a658d6098747cc5b7a93c9bb08728bfc29578a
SHA512

7e6d6b6388b2b89019ec17dd9389e519eeaea695e47d799390ccd80e44b7dc17dd8061e7332b3403f73b435dee028f6b93082d8010e9e79cee8b48cb32888411
SSDEEP

768:eSBZRiJPpAQ+jSBzZclkWajGabebThfgcP3fM63XxrYjbnSSpnm8iGCKsh:eKvQ+jS4mfjpbtGEaEfnSKmMCK4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3eb7a92a651fc3b5e7968e55afcf4667_JaffaCakes118

Files

3eb7a92a651fc3b5e7968e55afcf4667_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cc64762ad71cd72471e26e77b92f2bdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

shrpubw.pdb

Imports

kernel32

GetStartupInfoW
GetModuleHandleA
GetTickCount
GetComputerNameExW
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
lstrcmpiW
FormatMessageW
GetProcAddress
GlobalAlloc
LocalAlloc
CreateDirectoryW
GetFileAttributesW
lstrcpyW
GetComputerNameW
LoadLibraryW
GetLastError
FreeLibrary
LoadLibraryA
LocalFree

mfc42u

ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord800
ord815
ord2606
ord540
ord561
ord825
ord823
ord1165
ord2820
ord861
ord858
ord4272
ord4124
ord6279
ord6278
ord538
ord6564
ord6484
ord2613
ord6593
ord768
ord5155
ord5154
ord4899
ord4736
ord4942
ord4352
ord5261
ord4371
ord4848
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5283
ord3793
ord4829
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord4253
ord5977
ord3087
ord2859
ord1662
ord3826
ord6481
ord4704
ord5949
ord2634
ord3092
ord4970
ord6211
ord1771
ord942
ord940
ord5706
ord5156
ord5852
ord4155
ord941
ord536
ord2933
ord1775
ord4197
ord2810
ord2755
ord4269
ord6371
ord1569
ord4480
ord2644
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord3825
ord2971

msvcrt

wcscmp
iswspace
wcslen
__CxxFrameHandler
_c_exit
_exit
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
towupper
memmove
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
_XcptFilter
wcschr
wcsrchr
_wcsnicmp

advapi32

AddAccessAllowedAce
MakeSelfRelativeSD
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorLength
LookupAccountNameW
AllocateAndInitializeSid
MapGenericMask
RegOpenKeyExA
FreeSid
RegCloseKey
RegQueryValueExA

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject

user32

GetParent
EnableWindow
RegisterClipboardFormatW
LoadStringW
MessageBoxW
PostMessageW
GetActiveWindow
SendMessageW
ReleaseDC
GetDC
SystemParametersInfoW
LoadImageW

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ord17

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

netapi32

NetApiBufferFree
I_NetPathType
NetServerDiskEnum
I_NetNameValidate
NetShareGetInfo
NetShareAdd
NetShareEnum
NetServerGetInfo

aclui

ord1

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc
SHChangeNotify
ord190
ord155
ord152
ord17
ord18
SHBrowseForFolderW
ord16

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cc64762ad71cd72471e26e77b92f2bdb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

mfc42u

msvcrt

advapi32

gdi32

user32

comctl32

ole32

netapi32

aclui

shell32

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 1024B - Virtual size: 992B

.rsrc Size: 42KB - Virtual size: 66KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 1024B - Virtual size: 992B

.rsrc
Size: 42KB - Virtual size: 66KB