493aed2ad03f03d8df4967f0b148b26c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

493aed2ad03f03d8df4967f0b148b26c_JaffaCakes118
Size

158KB
MD5

493aed2ad03f03d8df4967f0b148b26c
SHA1

3d401cb3f6bb4963d68f95629d750f47974eb10e
SHA256

a8e2327c7238651dc3490c5d5c25d9dcc41022b4108990ab3ba1f07bd7e41a60
SHA512

45ac13c38c4d953ed4bd8657ec6064edb5f0558e89c65c5ec9ecd50142de18541dbedb5f45ed5e9cc9a381688a0786cc1376950bdbcda3db96fa32bd4f362b53
SSDEEP

3072:Lt6TyGdM0gBXIX0k4GeZIETnMjHqZEuDMD8F8NRmi5zugjfGTctu8Xto:bGdKabjYnuHruIYF8m6qgjfru8o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
493aed2ad03f03d8df4967f0b148b26c_JaffaCakes118

Files

493aed2ad03f03d8df4967f0b148b26c_JaffaCakes118
.exe windows:2 windows x86 arch:x86

30002054f37cf310e6dc4e60df55eda2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__CxxFrameHandler
calloc
wcstok
_cexit
realloc
_initterm
exit
wcstod
?terminate@@YAXXZ
wcslen
__setusermatherr
free
fprintf
wcsstr
wcsncmp
__set_app_type
fflush
_wcsnicmp
_wcsicmp
wcstol
wcschr
_wtol
_controlfp
strtok
sprintf
_wgetcwd
__wgetmainargs
malloc
_XcptFilter
_exit
wcsncpy
__winitenv
_iob
_c_exit

advapi32

RegConnectRegistryW
LookupAccountSidW
GetTokenInformation
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
RegSetValueExW
RegQueryValueExW

kernel32

SetLastError
VirtualAlloc
TermsrvAppInstallMode
LocalFree
GetComputerNameW
TerminateProcess
SetConsoleIcon
WriteConsoleW
RtlCaptureContext
CompareStringW
IsProcessorFeaturePresent
LocalCompact
TransactNamedPipe
GetNamedPipeHandleStateA
lstrcat
HeapCompact
LoadResource
FlushInstructionCache
VirtualQuery
TerminateThread
IsDBCSLeadByteEx
EnumSystemLocalesW
GetFileTime
SetNamedPipeHandleState
GetComputerNameExW
FoldStringA
GetWindowsDirectoryW
DnsHostnameToComputerNameA
ConvertDefaultLocale
lstrcpyW
SetThreadPriority
FindFirstFileW
VirtualFree
WideCharToMultiByte
UnmapViewOfFile
lstrcmpW
GetConsoleInputExeNameA
GetLastError
ReadConsoleA
MultiByteToWideChar
AddConsoleAliasA
CloseHandle
SetVDMCurrentDirectories
GetLogicalDrives
VerifyVersionInfoW
BuildCommDCBAndTimeoutsA
FindNextVolumeW
DefineDosDeviceW
CreateHardLinkA
SetFileApisToANSI
ReadConsoleW
SetUnhandledExceptionFilter
GetComputerNameExA
GetTickCount
_lopen
FindActCtxSectionStringW
GetExpandedNameA
GetStartupInfoW
SetMessageWaitingIndicator
IsValidCodePage
MapViewOfFileEx
SetConsoleMode
SetFileShortNameA
CancelWaitableTimer
SetConsoleScreenBufferSize
GetDriveTypeW
GetCurrentProcessId
GetVolumeInformationW
GetConsoleMode
WaitForMultipleObjects
SystemTimeToFileTime
SetConsoleCursorPosition
ReleaseActCtx
CreateSemaphoreA
EnumTimeFormatsA
VerSetConditionMask
GlobalSize
DebugActiveProcess
UnhandledExceptionFilter
GetMailslotInfo
WaitNamedPipeA
GetSystemTimeAsFileTime
ReadFile
OpenProcess
FormatMessageW
CreateJobObjectA
GetCurrentProcess
FindFirstVolumeMountPointW
DeleteFiber
GetCommState
GetTimeFormatW
GetTempFileNameW
lstrcmpiW
lstrcpynW
DeleteVolumeMountPointW
BuildCommDCBAndTimeoutsW
lstrlenW
GetConsoleScreenBufferInfo
GetFileSize
SetFirmwareEnvironmentVariableW
FindFirstVolumeW
QueryPerformanceCounter
lstrcatW
FileTimeToSystemTime
GetSystemInfo
FreeLibrary
GetStdHandle
WritePrivateProfileSectionA

ntdll

RtlAllocateHeap
RtlInitAnsiString
NtQuerySystemInformation
RtlDestroyQueryDebugBuffer
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlFreeHeap

user32

wsprintfW
LoadStringW
CharUpperW

mpr

WNetCancelConnection2W
WNetGetLastErrorW
WNetAddConnection2W

netapi32

NetServerGetInfo
NetApiBufferFree
NetFileClose
NetFileEnum

secur32

GetUserNameExW

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
gethostbyaddr
inet_addr
gethostbyname

t2embed

TTEnableEmbeddingForFacename
TTIsEmbeddingEnabled

oleaut32

OaBuildVersion
VarBstrFromBool
VarI2FromUI2
VarR8Pow
VarDecFromUI8
CreateDispTypeInfo
VarCyNeg
VarUI1FromDec
VarI8FromI1
VarUI1FromI2
VarDateFromStr
VarBoolFromDisp
LPSAFEARRAY_Marshal
VarUI2FromI2
BSTR_UserFree
SysAllocString
VarR4FromI2
GetRecordInfoFromGuids
SafeArrayAllocDescriptor
VarSub
VarR4FromCy
VarBoolFromUI8
VarFormatNumber
VarUI4FromI4
DllCanUnloadNow
VarCyAdd
SafeArrayAllocData
VarUI8FromUI4
VarDecRound

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.haRW
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QvTjHW
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_MEM_READ

.sSV
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wfg
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nHYEKO
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZgbQP
Size: 2KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eams
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30002054f37cf310e6dc4e60df55eda2

Headers

File Characteristics

Imports

msvcrt

advapi32

kernel32

ntdll

user32

mpr

netapi32

secur32

ws2_32

t2embed

oleaut32

Sections

.text Size: 20KB - Virtual size: 19KB

.haRW Size: 1KB - Virtual size: 1KB

.QvTjHW Size: 2KB - Virtual size: 14KB

.sSV Size: 3KB - Virtual size: 14KB

.rdata Size: 6KB - Virtual size: 5KB

.wfg Size: 2KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 39KB

.nHYEKO Size: 1KB - Virtual size: 10KB

.ZgbQP Size: 2KB - Virtual size: 34KB

.eams Size: 3KB - Virtual size: 20KB

.rsrc Size: 107KB - Virtual size: 106KB

.text
Size: 20KB - Virtual size: 19KB

.haRW
Size: 1KB - Virtual size: 1KB

.QvTjHW
Size: 2KB - Virtual size: 14KB

.sSV
Size: 3KB - Virtual size: 14KB

.rdata
Size: 6KB - Virtual size: 5KB

.wfg
Size: 2KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 39KB

.nHYEKO
Size: 1KB - Virtual size: 10KB

.ZgbQP
Size: 2KB - Virtual size: 34KB

.eams
Size: 3KB - Virtual size: 20KB

.rsrc
Size: 107KB - Virtual size: 106KB