46eb9071bde0ea48370a13da78b67dd9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46eb9071bde0ea48370a13da78b67dd9_JaffaCakes118
Size

249KB
MD5

46eb9071bde0ea48370a13da78b67dd9
SHA1

55e441c875e8212bc67ae438074341c7192bf3b1
SHA256

281a4a770946316223e37691f55debfc5b1983d5694d4c691d1642b6a8e27a73
SHA512

04bc082a040bd80a0e8624dc6d385397cf222ff35c6cb274f882a2b3098ed49d30450c19e8e830771f3db99043655e50e803819dca6d66c3a920e94fa5610fa5
SSDEEP

3072:3m4p2yOpcuErj/tGVthFbfqjnoIyRW8EKqzwbgFUXd+3Vl+uETG62HI6qavnfWYk:24pJWmHWxGnj8u8sUt4+knHEY1cY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46eb9071bde0ea48370a13da78b67dd9_JaffaCakes118

Files

46eb9071bde0ea48370a13da78b67dd9_JaffaCakes118
.exe windows:3 windows x86 arch:x86

771856c67dda119e04fd320b224e18e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

pdh

PdhGetDefaultPerfObjectHA
PdhEnumMachinesHA
PdhListLogFileHeaderW
PdhGetDefaultPerfCounterHA
PdhComputeCounterStatistics
PdhAdd009CounterW
PdhBrowseCountersW
PdhParseCounterPathA
PdhEnumObjectItemsHW
PdhValidatePathA
PdhVbOpenLog
PdhLookupPerfNameByIndexW
PdhOpenQueryA
PdhBrowseCountersHA
PdhVbGetCounterPathElements
PdhTranslate009CounterW
PdhReadRawLogRecord
PdhIsRealTimeQuery
PdhEnumObjectItemsW
PdhCloseQuery
PdhSetCounterScaleFactor
PdhCreateSQLTablesA
PdhGetLogFileSize
PdhExpandWildCardPathHW
PdhExpandWildCardPathA
PdhUpdateLogA
PdhConnectMachineA
PdhGetRawCounterArrayW
PdhAdd009CounterA
PdhGetDefaultPerfCounterHW
PdhOpenQuery
PdhGetDataSourceTimeRangeW
PdhVerifySQLDBA
PdhVbGetLogFileSize
PdhOpenLogW
PdhCalculateCounterFromRawValue
PdhEnumObjectsHW
PdhEnumObjectItemsHA
PdhGetLogFileTypeA
PdhGetLogSetGUID
PdhEnumMachinesA
PdhSetDefaultRealTimeDataSource
PdhTranslateLocaleCounterW
PdhGetCounterTimeBase
PdhExpandCounterPathA
PdhGetDefaultPerfCounterW
PdhOpenLogA
PdhLookupPerfIndexByNameA
PdhSelectDataSourceA
PdhEnumObjectsA
PdhLookupPerfIndexByNameW
PdhVerifySQLDBW
PdhEnumLogSetNamesW
PdhCollectQueryData
PdhGetDefaultPerfCounterA
PdhEnumMachinesW
PdhBindInputDataSourceW
PdhVbGetCounterPathFromList

ole32

CoInitializeSecurity
CoCreateInstance

user32

ShowWindow
GetDlgItemTextW
SetForegroundWindow
PostMessageW
SetWindowsHookExW
LoadStringW
SendMessageW
EnableWindow
GetKeyState
CallNextHookEx
GetWindowRect
DestroyWindow
DialogBoxParamW
GetDlgItem
LoadStringA
SetDlgItemTextW
UpdateWindow
ReleaseDC
GetFocus
KillTimer
PostQuitMessage
GetWindowLongW
SetTimer
IsDialogMessageW

rtm

MgmGroupEnumerationEnd
RtmIgnoreChangedDests
RtmIsMarkedForChangeNotification
RtmReleaseChangedDests
RtmDeregisterClient
MgmTakeInterfaceOwnership
RtmInvokeMethod
RtmDeleteRouteList
MgmDeInitialize
RtmGetChangeStatus
RtmBlockMethods
RtmGetEntityMethods
BestMatchInTable
RtmRegisterClient
RtmGetRegisteredEntities
RtmReleaseDests
RtmGetMostSpecificDestination
RtmReleaseRouteInfo
RtmReadAddressFamilyConfig
MgmGetFirstMfe
RtmFindNextHop
MgmGetNextMfeStats
NextMatchInTable
MgmGroupEnumerationStart
RtmBlockDeleteRoutes
RtmGetDestInfo
InsertIntoTable
RtmGetInstances
RtmGetEnumDests
RtmGetNextHopInfo
MgmAddGroupMembershipEntry
MgmDeleteGroupMembershipEntry
RtmGetExactMatchDestination
RtmLockRoute
RtmDeleteRouteToDest
RtmGetLessSpecificDestination
RtmReleaseEntityInfo
RtmCreateDestEnum
RtmBlockSetRouteEnable
RtmHoldDestination
RtmGetListEnumRoutes
DestroyTable
RtmGetEntityInfo
RtmGetNextHopPointer
RtmEnumerateGetNextRoute
RtmCreateRouteEnum
RtmDeleteRouteTable

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegFlushKey
RegDeleteValueW
RegEnumKeyW
RegCreateKeyExW

kernel32

WideCharToMultiByte
UnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
TlsSetValue
CreateThread
GlobalAlloc
LeaveCriticalSection
GetLastError
LoadLibraryW
ExitThread
FlushFileBuffers
IsBadReadPtr
GetTickCount
TlsAlloc
ReadFile
VirtualAlloc
FreeEnvironmentStringsW
CreateFileW
lstrlenA
VirtualProtect
InterlockedExchange
GetTickCount
GetCurrentThreadId
HeapFree
TlsGetValue
GetEnvironmentStrings
HeapReAlloc
LocalFree
WaitForMultipleObjects
GetFullPathNameW
GetFileType
lstrcpyW
GetStringTypeA
GetModuleFileNameA
VirtualAlloc
SetEvent
QueryPerformanceCounter
GetEnvironmentStringsW
MultiByteToWideChar
CompareFileTime
IsBadWritePtr
CloseHandle
HeapSize
GetProcessHeap
GetLocaleInfoA
GetCommandLineW
LoadLibraryA
VirtualFree
IsBadCodePtr

comctl32

ImageList_ReplaceIcon
ord17

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

771856c67dda119e04fd320b224e18e7

Headers

DLL Characteristics

File Characteristics

Imports

pdh

ole32

user32

rtm

advapi32

kernel32

comctl32

Sections

.text Size: 181KB - Virtual size: 181KB

.data Size: 51KB - Virtual size: 50KB

.rsrc Size: 16KB - Virtual size: 592KB

.text
Size: 181KB - Virtual size: 181KB

.data
Size: 51KB - Virtual size: 50KB

.rsrc
Size: 16KB - Virtual size: 592KB