456e4327e6e4a739c621ee92e731bf04_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

456e4327e6e4a739c621ee92e731bf04_JaffaCakes118
Size

866KB
MD5

456e4327e6e4a739c621ee92e731bf04
SHA1

4eeb787f6f2cfed562fbfc450a72cf1a81a50c45
SHA256

fa16acd968c68fdc170d73cf266b76d3ab1b7cd7fcc2345d47fcf36937ea4231
SHA512

b53ca8cb45eace217950aabc071637948a38f7a823421946925060fca0fd9c374a39eff8143da2678b06ea116c547eaa6055517f3773360271ddefa35dcb2def
SSDEEP

24576:Z1Cp5UWdOf+MP28qMXyvc7L1a8Xqi2akpxw:Z1CgWcf+MP2nMXyE7Lc8XqP/x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
456e4327e6e4a739c621ee92e731bf04_JaffaCakes118

Files

456e4327e6e4a739c621ee92e731bf04_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e2626f1f76039b4c7b45603a3ccf3948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AllocConsole
GetModuleFileNameW
VirtualAlloc
HeapCreate
GetTempFileNameA
FillConsoleOutputCharacterA
GetCommConfig
GetBinaryTypeW
DeleteTimerQueueEx
GetCurrentThread
WaitNamedPipeW
SetFirmwareEnvironmentVariableW
GetProfileIntW
SystemTimeToTzSpecificLocalTime
FlushFileBuffers
GetConsoleAliasesW
DebugSetProcessKillOnExit
ActivateActCtx
GetConsoleProcessList
GlobalAlloc
LoadLibraryA
SetConsoleKeyShortcuts
FindNextFileA
GetTickCount
InitializeSListHead
GetMailslotInfo
DeleteTimerQueue
GetConsoleCommandHistoryLengthW
TerminateJobObject
CreateTimerQueue
lstrcpyW
LZDone
GetSystemTimeAdjustment
CreateFileMappingA
GlobalSize
GetConsoleAliasW
GetSystemTime
GetCurrentThreadId
CreateHardLinkA
CreateEventW
GetEnvironmentStringsA
GetFileInformationByHandle
GetLocalTime
MapUserPhysicalPages
RegisterWaitForSingleObject
WriteConsoleOutputA

opengl32

glVertex2s
wglSwapMultipleBuffers
glGetBooleanv
glTexCoord3fv
glGetTexEnvfv
glEvalCoord1d
glVertex2iv
glEnableClientState
glVertex4s
glColorMask
wglCopyContext
glFeedbackBuffer
glRectiv
glColor4usv
glEvalCoord1fv
glEvalCoord1f
glTexCoord3s
glFogiv
glIndexMask
glRasterPos2f
glGetTexLevelParameterfv
glColor3s
glGetTexParameterfv
glNormal3d
glDepthFunc
glVertex3sv
glMap1f
glVertex3i
glTexCoord1dv
glPixelStorei
glClearStencil
glMap1d
glStencilMask
glGetPixelMapfv
glVertex3d
glGetPointerv
glRotated
glMatrixMode
wglGetProcAddress
glClearColor

regapi

RegWinStationQuerySecurityA
RegCdQueryA
RegPdCreateW
RegGetUserPolicy
RegWinStationEnumerateW
RegIsTServer
RegPdEnumerateA
RegDefaultUserConfigQueryA
RegUserConfigSet
RegWinStationDeleteW
RegCdDeleteA
RegPdCreateA
RegBuildNumberQuery
RegPdDeleteW
RegWinStationQueryValueW
RegGetTServerVersion
RegWdCreateA
RegDenyTSConnectionsPolicy
RegUserConfigQuery
RegCdDeleteW
RegWinStationAccessCheck
RegWdEnumerateA
RegCdEnumerateW
RegWinStationQueryW
RegWinStationDeleteA
RegConsoleShadowQueryA
RegWinStationQueryEx
RegUserConfigDelete

advapi32

CredReadDomainCredentialsW
FreeSid
WmiSetSingleItemW
StartServiceCtrlDispatcherA
SetNamedSecurityInfoExW
DestroyPrivateObjectSecurity
GetManagedApplications
MSChapSrvChangePassword2
LookupPrivilegeNameW
FreeInheritedFromArray
TraceEventInstance
GetSecurityDescriptorDacl
RegEnumKeyExW
GetOldestEventLogRecord
AllocateLocallyUniqueId
StartTraceW
InitiateSystemShutdownExW
ReadEncryptedFileRaw
BuildImpersonateExplicitAccessWithNameW
WmiQueryAllDataW
WmiDevInstToInstanceNameW
AddAuditAccessObjectAce
OpenTraceW
BuildSecurityDescriptorW
AccessCheckByTypeResultListAndAuditAlarmByHandleA
InitiateSystemShutdownW
A_SHAUpdate
EncryptionDisable
WmiFreeBuffer
CancelOverlappedAccess
CryptGetProvParam
LookupSecurityDescriptorPartsW
SystemFunction035
WmiQueryGuidInformation
RegSetValueExA
RegDeleteValueW

gdi32

CreateDIBSection
PolyBezierTo
AnyLinkedFonts
GetEnhMetaFilePaletteEntries
FONTOBJ_pQueryGlyphAttrs
EngDeletePath
CopyMetaFileW
EngMarkBandingSurface
CombineTransform
CreatePatternBrush
GetGlyphOutlineWow
GdiConvertRegion
GetSystemPaletteEntries
RoundRect
EngAssociateSurface
CreateBitmapIndirect
GetGlyphOutlineW
EngGetDriverName
GetStockObject
DdEntry4
GdiEntry8
GdiComment
FontIsLinked
CreateICW
GdiConvertBitmapV5
DdEntry29
CreatePen
GdiGradientFill
GetGraphicsMode
GetGlyphIndicesA
PathToRegion
BRUSHOBJ_pvAllocRbrush
GetStretchBltMode
GdiStartDocEMF
GdiValidateHandle
StretchDIBits
CloseMetaFile
GetDCPenColor
XLATEOBJ_iXlate
SetStretchBltMode
EngCheckAbort
DdEntry9
GdiCreateLocalEnhMetaFile
GdiEntry9

d3d8thk

OsThunkDdGetMoCompBuffInfo
OsThunkDdCreateMoComp
OsThunkDdDeleteDirectDrawObject
OsThunkD3dContextCreate
OsThunkDdRenderMoComp
OsThunkDdGetFlipStatus
OsThunkDdGetScanLine
OsThunkDdGetBltStatus
OsThunkDdAttachSurface
OsThunkDdUnlock
OsThunkDdGetInternalMoCompInfo
OsThunkDdGetDC
OsThunkDdDestroyD3DBuffer
OsThunkDdGetDxHandle
OsThunkDdLock
OsThunkDdCreateDirectDrawObject
OsThunkDdCanCreateD3DBuffer
OsThunkDdSetGammaRamp
OsThunkDdCreateSurfaceObject
OsThunkDdGetDriverState
OsThunkDdCreateSurface
OsThunkDdSetColorKey
OsThunkDdCreateSurfaceEx
OsThunkDdUnattachSurface
OsThunkDdQueryDirectDrawObject
OsThunkDdGetDriverInfo
OsThunkDdResetVisrgn
OsThunkDdBlt
OsThunkDdQueryMoCompStatus
OsThunkDdDestroyMoComp
OsThunkDdLockD3D
OsThunkDdEndMoCompFrame
OsThunkD3dContextDestroyAll
OsThunkDdCanCreateSurface
OsThunkDdGetMoCompFormats
OsThunkD3dContextDestroy

oleaut32

UnRegisterTypeLib
VarI2FromR8
VarI1FromStr
VarSub
VarR8FromR4
BSTR_UserUnmarshal
VarUI1FromCy
VarR8FromCy
VarCyFromDisp
VarUI4FromR4
OleLoadPicturePath
VarBstrFromI1
SafeArrayAccessData
DispGetIDsOfNames
LPSAFEARRAY_UserFree
VarUI4FromStr
VarR4CmpR8
SafeArrayGetLBound
VarI8FromDec
VarDateFromUI8
VarR8FromUI4
VarCyFromStr
VarCyFromI2
VarI2FromR4
ClearCustData
VarI8FromUI1
VarUI1FromI1
VarI2FromI4
VarI2FromCy

Sections

.text
Size: 213KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 454KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2626f1f76039b4c7b45603a3ccf3948

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

opengl32

regapi

advapi32

gdi32

d3d8thk

oleaut32

Sections

.text Size: 213KB - Virtual size: 216KB

.rdata Size: 196KB - Virtual size: 200KB

.data Size: 512B - Virtual size: 1.9MB

.rsrc Size: 454KB - Virtual size: 456KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 213KB - Virtual size: 216KB

.rdata
Size: 196KB - Virtual size: 200KB

.data
Size: 512B - Virtual size: 1.9MB

.rsrc
Size: 454KB - Virtual size: 456KB

.reloc
Size: 1024B - Virtual size: 4KB