4a49fb4579bc8729013b5bc1d494a7b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a49fb4579bc8729013b5bc1d494a7b4_JaffaCakes118
Size

156KB
MD5

4a49fb4579bc8729013b5bc1d494a7b4
SHA1

0ba6dba7a832a43684c8d13ec98d962700a19f8d
SHA256

c1ff17ab604d75906bf47f666632f273978a67d1f25991aecad67ae839471d6c
SHA512

66f5468f69877f0f0aa91847f2cf2596394d21d2d9fab5d5baa7b105939ed94ba72d1c845ad587922515af313abbd81e074aeae170b371a9a6aed8e2dd1f3206
SSDEEP

3072:CDEnwHGudU9X2S7qb3/rOdviLhuUL74o2lkNl99vdk//vj+sOABOWcntZipr5TUx:PSTdkX2BHNTNv5dknvj+sZBDcnR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a49fb4579bc8729013b5bc1d494a7b4_JaffaCakes118

Files

4a49fb4579bc8729013b5bc1d494a7b4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b0ffc5e2e9a0254e2e6a51c50115e00c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEndOfFile
GetFileSize
SetFilePointer
CreateFileW
GetFileTime
DeleteCriticalSection
WriteFile
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
InterlockedCompareExchange
DisableThreadLibraryCalls
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcpyA
lstrcpyW
lstrcmpiA
CompareStringA
GlobalAlloc
MapViewOfFile
lstrlenW
CreateFileMappingW
lstrcmpW
OutputDebugStringA
SetLastError
GetTickCount
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
CreateEventA
SetEvent
WaitForSingleObject
GetProcessHeap
lstrlenA
HeapAlloc
HeapFree
HeapReAlloc
WideCharToMultiByte
VirtualAlloc
ReadFile
lstrcmpiW
InterlockedExchange
Sleep
GetProcAddress
EnterCriticalSection
LoadLibraryW
MultiByteToWideChar
GetLastError
LeaveCriticalSection
GetCurrentThread
GetCurrentProcess
CloseHandle
GlobalFree
GetCommandLineA
VirtualProtect
GetSystemTimeAsFileTime

user32

wsprintfW
wsprintfA

advapi32

AllocateAndInitializeSid
LsaQueryInformationPolicy
LsaNtStatusToWinError
LsaOpenPolicy
LsaRetrievePrivateData
LsaFreeMemory
RegCloseKey
TraceMessage
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
CryptDestroyKey
SetSecurityDescriptorDacl
AddAccessDeniedAceEx
AddAccessAllowedAce
EqualSid
GetAce
InitializeAcl
GetSecurityDescriptorDacl
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
CopySid
GetLengthSid
AddAuditAccessAce
MakeSelfRelativeSD
SetSecurityDescriptorSacl
SetSecurityDescriptorGroup
GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
AddAccessDeniedAce
SetSecurityDescriptorControl
FreeSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
CryptExportKey
ControlService
CloseServiceHandle
QueryServiceStatus

rpcrt4

NdrCStdStubBuffer_Release

msvcr71

sprintf
__dllonexit
__CppXcptFilter
_XcptFilter
_except_handler3
_CxxThrowException
free
wcslen
wcscmp
malloc
memmove
strchr
_onexit
_strnicmp
atol
atoi
memset
memcpy
__CxxFrameHandler
_adjust_fdiv
_initterm

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0ffc5e2e9a0254e2e6a51c50115e00c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

rpcrt4

msvcr71

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 36KB - Virtual size: 68KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 36KB - Virtual size: 68KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB