4b0c7960b3f0284d09b54ed0bc11dfa5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b0c7960b3f0284d09b54ed0bc11dfa5_JaffaCakes118
Size

54KB
MD5

4b0c7960b3f0284d09b54ed0bc11dfa5
SHA1

4d5276fded2e0dd6757db5bbd7cd1f12d1350eef
SHA256

58ad7355426ac910ee8a3c222b1350c47b0050505397ca6c261fa017579f4e57
SHA512

dd91896774e8d4e6bbaaba3d2bc30527fc8d4375f1990504e18ecb005d73d1d3d6b938765280f4fd41f08f49e2ed78d5d59979149cb454146d037601353a971d
SSDEEP

1536:cvdp7KLDfzpgdRtp7UywIFbw9vVpiVWmI8i4:cvdp7KLPpUfp7UpIFk99pOhID

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b0c7960b3f0284d09b54ed0bc11dfa5_JaffaCakes118

Files

4b0c7960b3f0284d09b54ed0bc11dfa5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1c05fd3bddd06f78ebb6d2c6012886a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

iisrstas.pdb

Imports

msvcrt

__set_app_type
_except_handler3
swprintf
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_c_exit
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
wcscmp
_wcsicmp
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
_strcmpi
_purecall
malloc
iswctype
_wtol
free
_controlfp
realloc

atl

ord32
ord20
ord17
ord23
ord21
ord16

advapi32

MakeSelfRelativeSD
FreeSid
GetSecurityDescriptorLength
MakeAbsoluteSD
AllocateAndInitializeSid
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorDacl
EqualSid
DeleteAce
AddAccessAllowedAce
InitializeAcl
AddAccessDeniedAce
GetAclInformation
GetAce
AddAce
LookupAccountNameW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
InitializeSecurityDescriptor
RegSetValueExW
RegCreateKeyExW
InitiateSystemShutdownW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ControlService
CloseServiceHandle
EnumDependentServicesW
OpenServiceW
LookupAccountSidW
GetTokenInformation
QueryServiceStatus
StartServiceW
QueryServiceConfigW
OpenSCManagerW

kernel32

GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
GetVersionExW
LocalAlloc
LocalFree
GetTickCount
GetCurrentProcessId
GetCommandLineW
GetModuleHandleW
GetCurrentThreadId
CreateEventW
CreateThread
SetEvent
InterlockedDecrement
InterlockedIncrement
GetLastError
GetCurrentProcess
CloseHandle
OpenProcess
Sleep
TerminateProcess
WaitForSingleObject
lstrcmpiW
lstrlenW
lstrcpyW
ReadProcessMemory
InitializeCriticalSection
DeleteCriticalSection

user32

wsprintfW
GetMessageW
DispatchMessageW
CharNextW
PostThreadMessageW
wsprintfA
EnumWindows
GetWindowThreadProcessId
GetWindowTextW
PostMessageW

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

LoadRegTypeLi
SetErrorInfo

ntdll

NtQueryInformationProcess

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c05fd3bddd06f78ebb6d2c6012886a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

advapi32

kernel32

user32

ole32

oleaut32

ntdll

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 280B

.rsrc Size: 32KB - Virtual size: 36KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 280B

.rsrc
Size: 32KB - Virtual size: 36KB