5e62cf0057f2b72734a6b4fefff6598f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e62cf0057f2b72734a6b4fefff6598f_JaffaCakes118
Size

262KB
MD5

5e62cf0057f2b72734a6b4fefff6598f
SHA1

5607ff2a714579d85ca06f5288265b747a20c22b
SHA256

e6abc5cf73dca5b818216921cbd42acd4c965df567fc36d9190fc9c2dfc426c8
SHA512

895c690256121c4a65591cf9df5396c306780a12081935955eac61f8b22f3175b31a850b4f114f38652ad849ccaddc3ccb1e038c53f58f4d5e823f43a7ea3cc4
SSDEEP

6144:bWvqYDS18mTCH75i02vCsiPopU7KF3hDVaSFww/EI:bWSkhmTOH2asiPopRwws

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e62cf0057f2b72734a6b4fefff6598f_JaffaCakes118

Files

5e62cf0057f2b72734a6b4fefff6598f_JaffaCakes118
.exe windows:9 windows x86 arch:x86

fbf3a4fd25e069eed24cbf6dc61ea42c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

SetWindowTextW
IsWindowEnabled
CheckDlgButton
CreateDialogParamW
UnhookWindowsHookEx
GetDlgItemTextW
wsprintfA
DestroyWindow
SetForegroundWindow
MessageBoxA
EnableWindow
GetDlgItemInt
DialogBoxParamW
TranslateMessage
GetClientRect
IsDialogMessageW
KillTimer
AdjustWindowRectEx
MessageBoxW
SetDlgItemTextW
GetDesktopWindow

ole32

CoInitializeSecurity
CoInitialize
CoCreateInstance

pdh

PdhParseInstanceNameW
PdhVbOpenLog
PdhGetFormattedCounterArrayW
PdhCreateSQLTablesW
PdhEnumMachinesW
PdhGetLogSetGUID
PdhRelogW
PdhConnectMachineA
PdhOpenQueryA
PdhParseCounterPathA
PdhSelectDataSourceW
PdhMakeCounterPathW
PdhTranslate009CounterA
PdhOpenLogW
PdhValidatePathA
PdhBrowseCountersW
PdhIsRealTimeQuery
PdhEnumObjectsHA
PdhAdd009CounterW
PdhGetDataSourceTimeRangeA
PdhLookupPerfIndexByNameA
PdhGetLogFileSize
PdhEnumObjectItemsHW
PdhVbGetLogFileSize
PdhVbCreateCounterPathList
PdhVbAddCounter
PdhParseInstanceNameA
PdhExpandWildCardPathHA
PdhTranslateLocaleCounterA
PdhVbGetCounterPathFromList
PdhRelogA
PdhLookupPerfNameByIndexA
PdhRemoveCounter
PdhListLogFileHeaderA
PdhAddCounterW
PdhAddCounterA
PdhTranslate009CounterW
PdhListLogFileHeaderW
PdhEnumObjectsA
PdhGetDefaultPerfCounterHA
PdhVbGetOneCounterPath
PdhGetDataSourceTimeRangeW
PdhVerifySQLDBA
PdhGetDefaultPerfObjectA
PdhBrowseCountersHA
PdhCollectQueryDataEx
PdhSetLogSetRunID
PdhExpandCounterPathW

rtm

MgmGroupEnumerationStart
RtmGetNextHopPointer
RtmDeregisterFromChangeNotification
MgmReleaseInterfaceOwnership
RtmReleaseChangedDests
RtmRegisterClient
CreateTable
EnumOverTable
RtmIgnoreChangedDests
RtmUpdateAndUnlockRoute
RtmCreateNextHopEnum
RtmReleaseNextHopInfo
RtmLockRoute
RtmGetEnumRoutes
DestroyTable
RtmReleaseEntityInfo
MgmGetNextMfe
MgmGetProtocolOnInterface
RtmGetEnumNextHops
RtmFindNextHop
RtmInvokeMethod
MgmGetMfe
RtmGetMostSpecificDestination
RtmDeleteNextHop
RtmReadAddressFamilyConfig
NextMatchInTable
RtmGetListEnumRoutes
RtmLockDestination
RtmEnumerateGetNextRoute
RtmDequeueRouteChangeMessage
RtmBlockSetRouteEnable
MgmAddGroupMembershipEntry
RtmGetChangedDests
RtmMarkDestForChangeNotification
RtmAddRoute
RtmReadInstanceConfig
RtmGetEnumDests
RtmWriteInstanceConfig
RtmReleaseRoutes
MgmGroupEnumerationEnd
RtmGetRouteInfo
RtmDereferenceHandles
RtmHoldDestination
MgmInitialize
RtmCreateDestEnum
RtmGetOpaqueInformationPointer
MgmGetFirstMfe
RtmReleaseRouteInfo
RtmDeregisterClient
MgmGetMfeStats
RtmReleaseDests

advapi32

RegCloseKey
RegQueryValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegEnumKeyExW

comctl32

ord17

kernel32

TlsSetValue
DeleteCriticalSection
GetLocaleInfoA
GetStartupInfoW
GetSystemDirectoryW
CloseHandle
LoadLibraryW
GetTickCount
FreeEnvironmentStringsA
QueryPerformanceCounter
GetFileType
GetStringTypeA
InterlockedIncrement
GetStartupInfoA
GetModuleFileNameW
HeapFree
GetCPInfo
VirtualQuery
FlushFileBuffers
GetCurrentProcessId
SetHandleCount
VirtualAlloc
CompareFileTime
ExitThread
VirtualFree
lstrlenA
LocalFree
lstrlenW
GetCommandLineA
HeapCreate
WriteFile
CloseHandle
IsBadReadPtr
GetTickCount
IsBadWritePtr
CreateEventW
TlsGetValue
GlobalAlloc
TerminateProcess
InterlockedExchange
VirtualProtect
GetLastError
SetUnhandledExceptionFilter
GetFullPathNameW
LCMapStringW
ReadFile

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbf3a4fd25e069eed24cbf6dc61ea42c

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

pdh

rtm

advapi32

comctl32

kernel32

Sections

.text Size: 182KB - Virtual size: 182KB

.data Size: 50KB - Virtual size: 50KB

.rsrc Size: 28KB - Virtual size: 552KB

.text
Size: 182KB - Virtual size: 182KB

.data
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 28KB - Virtual size: 552KB