4c2041c4f1c05a2e596b92e35a329576_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c2041c4f1c05a2e596b92e35a329576_JaffaCakes118
Size

717KB
MD5

4c2041c4f1c05a2e596b92e35a329576
SHA1

65cb7742103c1142ad6b37f8d09f435e5e3e193f
SHA256

18aa0006224ace6e92734dc9def1996489c21b6ef06e10291b20c53ce349b857
SHA512

e9a651086b8a3ce6eb394c171e445a9f62d0dc2eff8b745f8b8a347d1f8c6c19fc63fcd62f3cdf9503ee6930620cf84494fbc6fe6c271fe0e25a669d32ea95ae
SSDEEP

6144:MUvt+10DHRVHQjHfyZqQMI33Os8ZD9SWb4HgLeqfY4+V2jXvwfSSSflGzA+ak:XvsOHaiqQfus28H0lp62jXofggZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c2041c4f1c05a2e596b92e35a329576_JaffaCakes118

Files

4c2041c4f1c05a2e596b92e35a329576_JaffaCakes118
.exe windows:6 windows x86 arch:x86

e83b6e5710c63e5ccd86e015adff8cd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\VS_Project\ePower50\bin\ePowerSvc.pdb

Imports

kernel32

LoadResource
FindResourceW
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalLock
GlobalReAlloc
GlobalUnlock
GlobalHandle
GlobalAlloc
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetProcAddress
GetModuleHandleW
FreeLibrary
GetCurrentThreadId
LockResource
MultiByteToWideChar
InterlockedIncrement
GetVersion
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
LoadLibraryW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
lstrlenA
GetThreadLocale
GlobalFlags
GetModuleHandleA
InterlockedExchange
CompareStringA
GetLocaleInfoW
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
CreateFileW
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
RaiseException
RtlUnwind
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
InterlockedCompareExchange
SizeofResource
SetLastError
GlobalFree
lstrlenW
GetModuleFileNameW
Sleep
GetCommandLineW
SetConsoleCtrlHandler
FormatMessageW
SetEvent
WaitForMultipleObjects
ResetEvent
CreateNamedPipeW
GetCurrentProcessId
CreateEventW
QueryFullProcessImageNameW
WriteFile
ReadFile
ConnectNamedPipe
CloseHandle
CreateToolhelp32Snapshot
DisconnectNamedPipe
WTSGetActiveConsoleSessionId
LocalFree
ProcessIdToSessionId
Process32NextW
GetSystemPowerStatus
OpenProcess
WideCharToMultiByte
InterlockedDecrement
GetLastError

user32

ClientToScreen
DestroyMenu
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
UnregisterClassA
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetPropW
SetWindowTextW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
GetKeyState
PeekMessageW
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
PostQuitMessage
LoadCursorW
LoadIconW
DefWindowProcW
CreateWindowExW
RemovePropW
RegisterWindowMessageW
PostMessageW
DispatchMessageW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
CallWindowProcW
SetPropW
IsWindow
GetWindowTextW
GetForegroundWindow
GetDlgCtrlID

advapi32

AdjustTokenPrivileges
SetServiceStatus
QueryServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
CloseServiceHandle
RegisterEventSourceW
ControlService
CreateServiceW
ReportEventW
RegisterServiceCtrlHandlerW
InitializeSecurityDescriptor
DuplicateTokenEx
OpenProcessToken
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
CreateProcessAsUserW
RegQueryValueExW
RegOpenKeyExW
SetTokenInformation
RegSetValueExW
RegCreateKeyExW

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize

oleaut32

VariantChangeType
SysFreeString
SysAllocString
VariantClear
VariantInit

powrprof

PowerReplaceDefaultPowerSchemes
PowerReadACValueIndex
PowerReadDCValueIndex
PowerSetActiveScheme
PowerWriteDCValueIndex
PowerWriteACValueIndex
PowerGetActiveScheme

dbghelp

MakeSureDirectoryPathExists

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

psapi

EnumProcesses
GetModuleBaseNameW
EnumProcessModules

powersettingcontrol

ReadPowerSettingValueIndex
WritePowerSettingValueIndex

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

DeleteObject
ExtTextOutW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
TextOutW
GetStockObject
DeleteDC
ScaleWindowExtEx
SaveDC
RestoreDC
SetMapMode
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
PtVisible
RectVisible
Escape

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e83b6e5710c63e5ccd86e015adff8cd5

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

powrprof

dbghelp

wtsapi32

userenv

psapi

powersettingcontrol

oleacc

gdi32

winspool.drv

Sections

.text Size: 204KB - Virtual size: 203KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 408KB - Virtual size: 405KB

.text
Size: 204KB - Virtual size: 203KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 408KB - Virtual size: 405KB