61508bcb8b907b7d16443b310cc57581_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61508bcb8b907b7d16443b310cc57581_JaffaCakes118
Size

60KB
MD5

61508bcb8b907b7d16443b310cc57581
SHA1

371a02ef5c11fb444bb5dd16de21edd2580fe4ac
SHA256

1a6ccc8bb98ebf1d4e5653e9cadd824433b2bede291f57ed13c65aeb137bed42
SHA512

5c5f25f646bc2fbcdf4094dd3b0e748c221fedda1ef17df0a730f115412a2fbb15df85d3b96ddd442ec663fe6a42e6162d70946c20ee1312c668de459f409f47
SSDEEP

1536:pU4wGb2OZuoetK0e8N1lEMO6PCKp4D12Iukt93vYnDewJw:pU4V2OjfMO6a640QYF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61508bcb8b907b7d16443b310cc57581_JaffaCakes118

Files

61508bcb8b907b7d16443b310cc57581_JaffaCakes118
.exe windows:6 windows x86 arch:x86

7ac5587ed64714a66ae1c0d565256417

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

scrcons.pdb

Imports

advapi32

TraceMessage
FreeSid
EqualSid
AllocateAndInitializeSid
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
RegSetValueExW
OpenServiceW
DeleteService
OpenSCManagerW
CreateServiceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

kernel32

LCMapStringW
InterlockedDecrement
GetCurrentThreadId
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
ExitProcess
GetModuleFileNameW
lstrlenW
GetCommandLineW
HeapSetInformation
DebugBreak
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
InterlockedIncrement
FormatMessageW
LocalFree
CreateThread
DeleteCriticalSection
CreateWaitableTimerW
WaitForMultipleObjects
CancelWaitableTimer
GetSystemTimeAsFileTime
SetWaitableTimer
GetLastError
SetEvent
WaitForSingleObject
CloseHandle
LeaveCriticalSection
CreateEventW
CompareFileTime
InterlockedExchange
Sleep
InterlockedCompareExchange
GetCurrentProcess
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
EnterCriticalSection

user32

PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
SetTimer
KillTimer

msvcrt

_controlfp
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
printf
__setusermatherr
_amsg_exit
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
memcpy
_CxxThrowException
memset
_vsnwprintf
_purecall
__CxxFrameHandler3
_initterm
wcsstr
_adjust_fdiv
?terminate@@YAXXZ

esscli

?IsUserAdministrator@@YGJPAX@Z

wbemcomn

?InternalQueryInterface@CUnkInternal@@QAEJABU_GUID@@PAPAX@Z
?InternalRelease@CUnkInternal@@QAEKXZ
??0WString@@QAE@PAGH@Z
??0WString@@QAE@XZ
?DeleteString@WString@@AAEXPAG@Z
??1WString@@QAE@XZ
??YWString@@QAEAAV0@PBG@Z
??4WString@@QAEAAV0@PBG@Z
??4WString@@QAEAAV0@ABV0@@Z
??1CUnk@@UAE@XZ
?Initialize@CUnk@@UAEHXZ
?OnInitialize@CUnk@@UAEHXZ
?Release@CUnk@@UAGKXZ
?AddRef@CUnk@@UAGKXZ
?QueryInterface@CUnk@@UAGJABU_GUID@@PAPAX@Z
??0CUnk@@QAE@PAVCLifeControl@@PAUIUnknown@@@Z
?AddRef@CUnkInternal@@UAGKXZ
?QueryInterface@CUnkInternal@@UAGJABU_GUID@@PAPAX@Z
??0CUnkInternal@@QAE@PAVCLifeControl@@@Z
??_7CUnkInternal@@6B@
?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z
?InsertAt@CFlexArray@@QAEHHPAX@Z
?GetMemLogObject@@YGPAVCMemoryLog@@XZ
?Write@CMemoryLog@@QAEXJ@Z
?Enter@CCritSec@@QAEXXZ
?Compress@CFlexArray@@QAEXXZ
?Empty@CFlexArray@@QAEXXZ
??ACFlexArray@@QAEAAPAXH@Z
??1CInCritSec@@QAE@XZ
??0CInCritSec@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
??0CFlexArray@@QAE@HH@Z
??0CCritSec@@QAE@XZ
??1CFlexArray@@QAE@XZ
??1CCritSec@@QAE@XZ
?Release@CUnkInternal@@UAGKXZ

ole32

CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2
CoInitialize
CLSIDFromProgID
CoGetClassObject
CreateBindCtx
MkParseDisplayName
CoSuspendClassObjects
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
VariantInit
SysFreeString
SysAllocString
SetErrorInfo

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7ac5587ed64714a66ae1c0d565256417

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

esscli

wbemcomn

ole32

oleaut32

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 23KB - Virtual size: 23KB