5a3116781ca4061493b827d7ae949408_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5a3116781ca4061493b827d7ae949408_JaffaCakes118
Size

699KB
MD5

5a3116781ca4061493b827d7ae949408
SHA1

e2420aee2764940dd6448c5bd3c64963ef1f2a18
SHA256

a7cc80458467be3eaa69712f962cbc5ea282748bbdac2fd04ad4809fcf1c0f3c
SHA512

36e2c998964a86c5476c587ba0aa41cb33795cd24fd6afecc8e0687f738c4b0dd9539b11d832fd47c8111c5b53b6a1d90b984b7d55bb82a5abf69d52cf44fd57
SSDEEP

12288:iexG1+O4PaUKPhdLXHI7XHgZQKhJgeCmMD2jXb:iXtQaN/LXoLHgZpJEOjXb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a3116781ca4061493b827d7ae949408_JaffaCakes118

Files

5a3116781ca4061493b827d7ae949408_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1058eb7e5f6805c8a8d7e3c80889a395

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\wxp\x86\ship\0\msosync.pdb

Imports

msvcr90

wcsrchr
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
memcpy_s
_wcsicmp
wcscpy_s
free
_vsnprintf
_vscwprintf
_wcsnicmp
_CIsqrt
vswprintf_s
memmove
strncpy_s
_vsnwprintf_s
_snwprintf_s
wcsncat_s
_vsnprintf_s
bsearch
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
wcstoul
wcsstr
wcschr
memcpy
_CxxThrowException
__CxxFrameHandler3
malloc
swprintf_s
wcsnlen
wcscat_s
memset
wcsncpy_s

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

secur32

GetUserNameExW

kernel32

InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualAlloc
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapUnlock
HeapLock
TlsSetValue
GetVersionExA
GetModuleHandleExW
RtlCaptureStackBackTrace
WaitForSingleObject
ReleaseMutex
GetLocalTime
WriteFile
EnterCriticalSection
LeaveCriticalSection
SetFileAttributesW
DeleteFileW
CopyFileW
ReadFile
SetEvent
GlobalFree
UnmapViewOfFile
OpenProcess
GlobalAlloc
WaitForMultipleObjects
CreateProcessA
MapViewOfFile
CreateFileMappingA
CreateMutexA
CreateEventA
DuplicateHandle
GetSystemDefaultLCID
GetSystemDefaultLangID
IsValidLocale
GetUserDefaultLangID
VirtualFree
TlsGetValue
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsFree
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
ExpandEnvironmentStringsW
GetProcessTimes
OpenMutexA
CreateSemaphoreA
GetShortPathNameA
GetModuleFileNameA
GetSystemDirectoryW
GetTimeZoneInformation
GetDiskFreeSpaceExW
IsWow64Process
GetSystemInfo
GetUserDefaultLCID
LocalFree
GetProcessHeap
IsDBCSLeadByte
LockResource
LoadResource
FindResourceA
GetStringTypeExW
SystemTimeToFileTime
GetSystemTime
WideCharToMultiByte
IsValidCodePage
CompareStringW
MultiByteToWideChar
GetTempPathW
GetShortPathNameW
GetLongPathNameW
CreateDirectoryW
GetFileType
LoadLibraryExW
GetCurrentThread
GlobalMemoryStatus
ReleaseSemaphore
IsProcessorFeaturePresent
EnumUILanguagesW
EnumSystemLocalesW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
VirtualProtect
GetUserDefaultUILanguage
MulDiv
GetLocaleInfoW
GetNumberFormatW
GetTickCount
CreateEventW
SetUnhandledExceptionFilter
FreeLibrary
OutputDebugStringA
SetLastError
GetLastError
GetModuleFileNameW
CreateProcessW
CloseHandle
GetVersionExW
RaiseException
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
WaitForSingleObjectEx
CreateFileMappingW
OpenFileMappingW
OpenThread
LocalAlloc

advapi32

RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegOpenCurrentUser
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsA
TraceEvent
RegQueryInfoKeyA
RegDeleteValueA
RegEnumValueA
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW
RegEnumValueW
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
CopySid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ConvertSidToStringSidA
CreateWellKnownSid
IsValidSid
EqualSid
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
SHAppBarMessage
Shell_NotifyIconW
SHGetDesktopFolder

user32

GetKeyboardLayoutList
BeginPaint
EndPaint
SetActiveWindow
FillRect
DrawIconEx
CreateIconIndirect
SetWindowPos
GetDlgItem
GetDC
DrawTextExW
ReleaseDC
GetWindowRect
EnumDisplayMonitors
MsgWaitForMultipleObjectsEx
PeekMessageW
GetKeyboardLayout
IsDialogMessageW
TranslateMessage
DispatchMessageW
ShowWindow
UpdateWindow
LoadIconW
LoadCursorW
SendMessageW
GetMonitorInfoA
SystemParametersInfoA
GetMenuCheckMarkDimensions
GetIconInfo
GetWindowLongW
SetWindowLongW
FindWindowW
LoadImageW
RegisterWindowMessageW
MessageBoxW
SetForegroundWindow
AllowSetForegroundWindow
SetTimer
GetCursorInfo
GetSysColor
UnregisterClassW
RegisterClassExW
GetMessageW
CreateWindowExW
GetSystemMetrics
SystemParametersInfoW
GetMonitorInfoW
MonitorFromRect
DefWindowProcW
KillTimer
GetDoubleClickTime
DestroyIcon
CreatePopupMenu
AppendMenuW
SetMenuDefaultItem
GetCursorPos
TrackPopupMenuEx
DestroyMenu
DestroyWindow
PostQuitMessage

gdi32

CreateDCA
CreateFontW
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
CreateBitmap
SelectObject
DeleteObject
GetStockObject
DeleteDC
CreateDCW
GetDeviceCaps

shlwapi

StrRetToBufW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString

rpcrt4

UuidCreate

uxtheme

DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeColor

Exports

Exports

_GetAllocCounters@0

Sections

.text
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1058eb7e5f6805c8a8d7e3c80889a395

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

version

secur32

kernel32

advapi32

shell32

user32

gdi32

shlwapi

ole32

oleaut32

rpcrt4

uxtheme

Exports

Exports

Sections

.text Size: 381KB - Virtual size: 381KB

.data Size: 200KB - Virtual size: 239KB

.rsrc Size: 100KB - Virtual size: 100KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 381KB - Virtual size: 381KB

.data
Size: 200KB - Virtual size: 239KB

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 16KB - Virtual size: 16KB