60b120f7c985d3a050db2ac6e29928c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60b120f7c985d3a050db2ac6e29928c3_JaffaCakes118
Size

362KB
MD5

60b120f7c985d3a050db2ac6e29928c3
SHA1

907d10beb2ee611a05dbb3ae5f7c8028a4f52e71
SHA256

224d42f43beaefe96db133a4824d7557330384d0f208fd16ce0675c96d463a7b
SHA512

99b2f8ce3144784c6fd9eb48ed84ca7e7c174c4a503c9f9834fde78067e9db91282f70b548d64fc864f3ff8cc9de55ced14b76b32b66a15b3ad3b5576ba438cd
SSDEEP

6144:w+5X+Hd6jvQ98wK6To+04UsNNa8glPzWanpLoWleMEKJ29jy4O3Un:D+HAjzwfS4UsYFzWK1hlhE02IJ34

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60b120f7c985d3a050db2ac6e29928c3_JaffaCakes118

Files

60b120f7c985d3a050db2ac6e29928c3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

36db9360cff50878994f77ec411678ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStructW
OutputDebugStringA
ResetEvent
MoveFileExW
FindFirstFileW
CreateActCtxW
_lcreat
FindNextFileA
ProcessIdToSessionId
WriteConsoleOutputW
LocalFileTimeToFileTime
GetLogicalDriveStringsW
VerLanguageNameW
EndUpdateResourceA
QueryPerformanceCounter
FindAtomW
GetSystemInfo
GetComPlusPackageInstallStatus
LoadLibraryA
FlushFileBuffers
GetFileSizeEx
HeapAlloc
CreateConsoleScreenBuffer
ConvertDefaultLocale
IsBadReadPtr
GlobalFindAtomW
MultiByteToWideChar
VirtualAlloc
LocalAlloc
GetLocaleInfoA
GlobalDeleteAtom
GetSystemPowerStatus
DosPathToSessionPathA
GlobalFix
GetPrivateProfileStructW
IsBadHugeWritePtr
GetProcessAffinityMask
GetStartupInfoW
PulseEvent
VerLanguageNameA
ContinueDebugEvent
OpenJobObjectA
GetUserGeoID
CancelWaitableTimer
GlobalAddAtomA
DeleteTimerQueue
DosDateTimeToFileTime
GetModuleHandleW
GetFileAttributesExW
GetDiskFreeSpaceA
IsDebuggerPresent
CompareFileTime
RtlUnwind
FindNextVolumeW
SetConsoleCursor
BaseInitAppcompatCacheSupport
GetCurrencyFormatW
OpenMutexW
GetCalendarInfoW
AddVectoredExceptionHandler
DeactivateActCtx
FindNextVolumeMountPointA
CreateNamedPipeA
GetCommProperties
SetProcessShutdownParameters
TlsFree
ClearCommError
FindNextChangeNotification
GetNamedPipeHandleStateW
OpenJobObjectW
RequestDeviceWakeup
SetCommTimeouts
ReadFile

shdocvw

DllRegisterWindowClasses
DoFileDownload
DoOrganizeFavDlgW
HlinkFindFrame
HlinkFrameNavigate
SHGetIDispatchForFolder
ImportPrivacySettings
DllGetVersion
SetQueryNetSessionCount
DoPrivacyDlg
URLQualifyW
DllGetClassObject
SHAddSubscribeFavorite
URLQualifyA
DoAddToFavDlgW
HlinkFrameNavigateNHL
SoftwareUpdateMessageBox
DoOrganizeFavDlg
OpenURL
AddUrlToFavorites
DoAddToFavDlg

shlwapi

StrChrW
wnsprintfW
SHCreateShellPalette
PathStripPathA
PathFileExistsA
PathIsRootA
PathParseIconLocationA
PathSearchAndQualifyA
ChrCmpIW
SHRegDuplicateHKey
SHOpenRegStream2W
SHGetValueA
PathCreateFromUrlW
StrChrIA
PathCreateFromUrlA
PathIsUNCServerShareW
SHRegCreateUSKeyA
SHRegQueryInfoUSKeyA
SHAutoComplete
PathIsContentTypeW
UrlUnescapeA
SHDeleteKeyA
PathStripPathW
StrRChrA
PathAppendA
PathIsFileSpecA
ColorHLSToRGB
StrSpnW
PathCompactPathExW
StrCmpLogicalW
PathFindFileNameW
GetMenuPosFromID
StrNCatW

imm32

ImmGetHotKey
ImmLoadLayout
ImmGetIMCLockCount
ImmGetStatusWindowPos
ImmRequestMessageW
ImmGetConversionListW
ImmUnregisterWordW
ImmGetCompositionFontW
ImmEnumRegisterWordA
ImmLockIMCC
ImmInstallIMEA
ImmGenerateMessage
ImmDestroySoftKeyboard
ImmSetOpenStatus
ImmGetGuideLineW
ImmSendIMEMessageExW
ImmUnlockIMCC
ImmGetDefaultIMEWnd
ImmGetCompositionWindow
ImmWINNLSGetEnableStatus
ImmSetCompositionFontA
ImmConfigureIMEW
ImmCallImeConsoleIME
ImmFreeLayout
ImmUnlockClientImc
ImmUnregisterWordA
ImmConfigureIMEA
ImmTranslateMessage
ImmRegisterWordA
ImmIMPSetIMEA
ImmSimulateHotKey
ImmGetGuideLineA
ImmSetCandidateWindow
ImmReSizeIMCC
ImmGetCandidateListA
ImmIsIME
ImmActivateLayout
ImmEnumInputContext
ImmIsUIMessageA
ImmSendIMEMessageExA
ImmProcessKey
ImmSetCompositionWindow
ImmRegisterWordW
ImmGetCandidateListCountW

photowiz

UsePPWForPrintTo
DllInstall
DllGetClassObject
DllMain

advapi32

ConvertAccessToSecurityDescriptorW
SystemFunction032
RegisterServiceCtrlHandlerW
SaferComputeTokenFromLevel
LsaEnumeratePrivileges
I_ScSetServiceBitsA
OpenEventLogW
SetUserFileEncryptionKey
SaferRecordEventLogEntry
BuildImpersonateExplicitAccessWithNameW
ChangeServiceConfigW
OpenSCManagerA
A_SHAFinal
SetTraceCallback
SystemFunction011
CredWriteW
SystemFunction014
CredGetTargetInfoA
A_SHAInit
GetMultipleTrusteeW
GetNamedSecurityInfoW
RegSetValueExW
OpenEventLogA
SaferCloseLevel
SetNamedSecurityInfoExW
EnumDependentServicesW
DeleteAce
SystemFunction026
RegSetValueExA
GetMultipleTrusteeA
IsValidAcl
WmiQuerySingleInstanceMultipleA
OpenSCManagerW
EnumServicesStatusW
GetAuditedPermissionsFromAclA
CryptSetProviderA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36db9360cff50878994f77ec411678ed

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shdocvw

shlwapi

imm32

photowiz

advapi32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 144KB - Virtual size: 549KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 144KB - Virtual size: 549KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 1024B