47d315e754a4ae187061752d325f9318_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

47d315e754a4ae187061752d325f9318_JaffaCakes118
Size

411KB
MD5

47d315e754a4ae187061752d325f9318
SHA1

c1c8cb0415f37910b7e142640712757727b5fb89
SHA256

a5b7292ffe1ffc4d867b28688410a5dae4683d1116718ee5a2d9929fe9a6e92d
SHA512

656a9dcfd738ef9303f7ebdb3f9e703b4ec4152e4b9021080b79d01d80c412434bde863d33edf99b91e91311582bed10e0e69e5fd7767c3d2f2f243ff813741e
SSDEEP

12288:OffJsX8XbMJg7x5VHDvJ+dZXArJK8jfv8jK/wu7xqn:afJtbMAzJ+dZXArJK8jfv8jK/Xxq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47d315e754a4ae187061752d325f9318_JaffaCakes118

Files

47d315e754a4ae187061752d325f9318_JaffaCakes118
.exe .vbs windows:5 windows x86 arch:x86 polyglot

3aeb068d4d47988850726048c1eeb13b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

FreeSid
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegSetKeySecurity
SetSecurityDescriptorOwner
RegSetValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
QueryServiceStatus
CloseServiceHandle
ControlService
StartServiceA
OpenServiceA
OpenSCManagerA
RegOpenKeyExW
RegQueryValueExW
InitiateSystemShutdownA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
GetTokenInformation
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
RegLoadKeyA
RegUnLoadKeyA
AdjustTokenPrivileges
GetLengthSid
CopySid
AddAce
GetAclInformation
SetFileSecurityW
RegQueryInfoKeyA
RegSaveKeyA
RegFlushKey
EnumDependentServicesA
InitializeAcl
AddAccessAllowedAce
SetFileSecurityA
GetFileSecurityA
GetServiceDisplayNameA
RegOpenKeyA
RegDeleteValueA

comctl32

PropertySheetW

crypt32

CertOpenStore
CertAddCertificateContextToStore
CertCloseStore
CertFreeCertificateContext
CertSetCertificateContextProperty
CryptEncodeObject
CertCreateCertificateContext

gdi32

BitBlt
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateCompatibleDC
GetDIBits
SelectObject
StretchBlt

kernel32

GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
CompareFileTime
OpenProcess
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
OpenEventA
lstrcmpA
GetFullPathNameW
LoadLibraryW
FindFirstFileW
lstrcmpiW
FindNextFileW
MapViewOfFileEx
MoveFileExA
GetStartupInfoA
CreateProcessA
GetExitCodeProcess
CreateFileW
FormatMessageA
GetFileTime
FlushViewOfFile
SetLastError
SetEndOfFile
GetExitCodeThread
ExitThread
SetErrorMode
GetCurrentThread
InterlockedDecrement
ReleaseSemaphore
GetComputerNameA
GetCompressedFileSizeA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetCurrentProcess
GetTempPathA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
FreeResource
lstrlenA
GetSystemInfo
SetEnvironmentVariableA
TerminateThread
FlushFileBuffers
ExpandEnvironmentStringsA
CloseHandle
UnmapViewOfFile
ExitProcess
GetTempFileNameA
MoveFileA
GetFullPathNameA
GetWindowsDirectoryW
GetVolumeInformationW
CreateMutexA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
FileTimeToDosDateTime
GetFileAttributesA
CreateDirectoryA
GetModuleHandleA
FormatMessageW
GetSystemDirectoryW
LoadLibraryA
GetLastError
GetProcAddress
GetWindowsDirectoryA
DeleteFileA
CreateSemaphoreA
FreeLibrary
ReadFile
CreateEventA
CreateThread
SetThreadPriority
WaitForSingleObject
SetEvent
RemoveDirectoryA
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
DeviceIoControl
GetFileAttributesExA
WideCharToMultiByte
SetFilePointer
VirtualFree
WriteFile
GetPrivateProfileStringA
CopyFileA
GetSystemDirectoryA
SetCurrentDirectoryA
GetModuleFileNameA
VirtualAlloc
InitializeCriticalSection
SetFileAttributesA
GetVersionExA
lstrcmpiA
LocalAlloc
LocalFree
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
GetTickCount
Sleep
GetThreadLocale
GetLocaleInfoA
GetDriveTypeA
MultiByteToWideChar
FindClose
FindNextFileA
FindFirstFileA
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
GetSystemTime
VirtualProtect
FlushInstructionCache
GetSystemTimeAsFileTime

mpr

WNetGetUniversalNameA
WNetGetUserA

msvcrt

calloc
malloc
getenv
_strdup
_wcsdup
_errno
_open
_read
_write
_close
_lseek
remove
_tempnam
rename
free
strcspn
wcsrchr
wcscmp
wcsncat
wcsncpy
_wcslwr
isdigit
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
ctime

ntdll

mbstowcs
sprintf
strrchr
_stricmp
strchr
_chkstk
strncpy
_snprintf
_strcmpi
_strlwr
_itoa
wcscpy
swprintf
wcslen
_strnicmp
RtlTimeToTimeFields
NtQuerySystemTime
memchr
_allmul
strtoul
_strupr
RtlUnicodeStringToAnsiString
strncmp
_alldiv
memmove
vsprintf
strncat
wcscat
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
atoi
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtShutdownSystem
NtQueryInformationProcess
RtlCharToInteger
_aulldiv
RtlUnwind
strstr

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString

psapi

GetModuleFileNameExA

setupapi

SetupCopyErrorA
SetupPromptForDiskA
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDriverInfoList
SetupCloseFileQueue
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiSetSelectedDriverA
SetupDiCallClassInstaller
SetupDiGetDriverInfoDetailA
SetupGetSourceFileLocationW
SetupGetInfInformationA
SetupQueryInfOriginalFileInformationA
SetupInitDefaultQueueCallbackEx
SetupIterateCabinetA
SetupDecompressOrCopyFileA
SetupOpenFileQueue
SetupCommitFileQueueA
SetupInstallFromInfSectionA
SetupGetSourceFileLocationA
SetupGetSourceInfoA
SetupQueueCopyA
SetupDefaultQueueCallbackW
SetupDefaultQueueCallbackA
SetupGetTargetPathA
SetupInstallFilesFromInfSectionA
SetupGetIntField
SetupScanFileQueueA
SetupOpenInfFileA
SetupCloseInfFile
SetupSetDirectoryIdA
SetupInitializeFileLogA
SetupQueryFileLogA
SetupTerminateFileLog
SetupGetLineCountA
SetupGetLineByIndexA
SetupGetStringFieldA
SetupFindFirstLineA
SetupGetLineTextA
SetupGetFieldCount
SetupFindNextLine

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetSpecialFolderPathA
SHGetPathFromIDListA

shlwapi

StrStrIA

user32

SetFocus
GetDesktopWindow
DialogBoxParamA
EndDialog
SetWindowTextA
SetForegroundWindow
SystemParametersInfoA
GetDC
ReleaseDC
CheckDlgButton
IsDlgButtonChecked
LoadBitmapA
SetDlgItemTextW
PostMessageA
EnumChildWindows
GetWindowTextA
GetWindowLongA
SetWindowLongA
RedrawWindow
SetWindowTextW
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetDlgItem
EnableWindow
SetDlgItemTextA
SendMessageA
DestroyWindow
MessageBoxW
wvsprintfA
wvsprintfW
PostQuitMessage
LoadStringW
MessageBoxA
LoadStringA

userenv

ord121
ord138

version

VerQueryValueA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW

winspool.drv

GetPrinterDriverDirectoryA

wintrust

WinVerifyTrust

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3aeb068d4d47988850726048c1eeb13b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

crypt32

gdi32

kernel32

mpr

msvcrt

ntdll

ole32

oleaut32

psapi

setupapi

shell32

shlwapi

user32

userenv

version

winspool.drv

wintrust

Sections

.text Size: 312KB - Virtual size: 312KB

.data Size: 7KB - Virtual size: 178KB

.rsrc Size: 90KB - Virtual size: 109KB

.text
Size: 312KB - Virtual size: 312KB

.data
Size: 7KB - Virtual size: 178KB

.rsrc
Size: 90KB - Virtual size: 109KB