6253abcf9d583e6489c4185c4401a619_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6253abcf9d583e6489c4185c4401a619_JaffaCakes118
Size

183KB
MD5

6253abcf9d583e6489c4185c4401a619
SHA1

311aafaefa60784e0e8661a198ef334ccbac77a7
SHA256

ff12c1f7d5e430718f5e01470ecf918ecf87b086443345eb4bfde0847779f847
SHA512

73a147ca44754a42b00cca2f709d8271217a5ddf88f8118f1eb721441447fab0ddfa30b98b579a81b177a0e9442eaa42717d714b6065915fad570457f4383804
SSDEEP

3072:2VkS+xXckCFQvgAMtZBRsiWLvduZCZxBzwjCcge3dcdG0ujg2VUFzac83eYyhCpu:1NedrLBWL11zwbJ2MM2VUg13eiRJxyHK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6253abcf9d583e6489c4185c4401a619_JaffaCakes118

Files

6253abcf9d583e6489c4185c4401a619_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12daf20b473bdfc0791c29f880dd1f7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
CoSetProxyBlanket
StringFromCLSID
CoImpersonateClient
StringFromGUID2
CoGetCallContext
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoInitializeSecurity
StringFromIID
CoRegisterClassObject
CoInitializeEx
CoRevertToSelf
CoGetClassObject
CLSIDFromString
CoQueryProxyBlanket
CoDisconnectObject
CoUninitialize
CoTaskMemRealloc
CoRevokeClassObject

rpcrt4

RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcBindingSetAuthInfoA
NdrClientCall
RpcStringFreeA

shlwapi

PathFindExtensionA

oleacc

LresultFromObject
AccessibleObjectFromPoint

kernel32

SizeofResource
SetLastError
DeleteCriticalSection
GetACP
HeapAlloc
HeapFree
GetEnvironmentStrings
CreateEventA
LoadLibraryA
FreeLibrary
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
SetHandleCount
GetOEMCP
GetModuleHandleW
SetUnhandledExceptionFilter
GetStdHandle
ReleaseMutex
CompareStringA
SetEnvironmentVariableA
InitializeCriticalSection
SetEvent
EnterCriticalSection
GetPrivateProfileStringA
lstrcmpiA
IsBadWritePtr
GetVersionExA
CreateProcessA
CreateProcessW
IsBadReadPtr
WaitForSingleObject
WriteFile
lstrcatA
LocalSize
FindFirstFileA
OpenProcess
MapViewOfFile
GetPrivateProfileSectionNamesA
SetErrorMode
GetCPInfo
VirtualFree
GetProcAddress
QueryPerformanceCounter
VirtualAlloc
WriteProfileStringA
GetCurrentThreadId
CreateDirectoryA
TerminateThread
WideCharToMultiByte
lstrcpynA
GetSystemInfo
FreeEnvironmentStringsA
FormatMessageA
lstrlenW
ReadFile
LoadLibraryExA
CreateThread
SetStdHandle
GetModuleHandleA
LocalFree
lstrlenA
WritePrivateProfileStringA
GetCurrentProcessId
FlushFileBuffers
Sleep
TerminateProcess
VirtualQuery
GetProfileStringA
LoadLibraryW
GetProcessTimes
VirtualProtect
EnumSystemLanguageGroupsW
GetStringTypeW
GetStringTypeA
TlsGetValue
TlsAlloc
GetProcessHeap
GetFileAttributesA
MultiByteToWideChar
TlsSetValue
TlsFree
LockResource
GetEnvironmentStringsW
SetEndOfFile
GetCurrentProcess
GetLastError
InterlockedDecrement
SetFilePointer
DuplicateHandle
UnhandledExceptionFilter
HeapSize
GetThreadLocale
CompareStringW
GetCurrentThread
LCMapStringW
LocalAlloc
ResetWriteWatch
InterlockedExchange
GetFileType
CreateFileA
ReadProcessMemory
CreateFileMappingA
LoadResource
RaiseException
IsBadCodePtr
GetExitCodeProcess
GetComputerNameA
GetModuleFileNameA
LeaveCriticalSection
GetStartupInfoA
HeapReAlloc
GetModuleFileNameW
HeapDestroy
IsDBCSLeadByte
FindResourceExA
ExitProcess
GetCommandLineA
GetPrivateProfileSectionA
FindClose
InterlockedIncrement
RtlUnwind
lstrcpyA
GetPrivateProfileIntA
UnmapViewOfFile
HeapCreate
GetTickCount
CloseHandle
CreateMutexA
GetSystemDirectoryA
LCMapStringA
GetVersion
FindResourceA
InterlockedCompareExchange
GetLocaleInfoA
HeapFree

user32

CharNextA
EnumWindows
KillTimer
LoadStringA
SetTimer
GetMessageA
GetWindowTextA
PostThreadMessageA
MessageBoxA
GetWindowThreadProcessId
PeekMessageA
DispatchMessageA
IsWindowVisible
CharUpperA
wsprintfW
wsprintfA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

advapi32

InitializeAcl
RegEnumKeyExA
CloseServiceHandle
FreeSid
GetSecurityDescriptorOwner
InitializeSid
EqualSid
CopySid
GetSidSubAuthority
GetSecurityDescriptorSacl
GetAclInformation
SetThreadToken
IsValidSid
SetServiceStatus
SetSecurityDescriptorDacl
GetSecurityDescriptorGroup
DeleteService
QueryServiceStatus
IsValidSecurityDescriptor
LookupAccountSidA
RegQueryValueExW
RegEnumKeyA
RegisterServiceCtrlHandlerA
OpenSCManagerA
InitializeSecurityDescriptor
RegCreateKeyExA
LookupAccountNameA
LookupAccountSidW
RegSetKeySecurity
AddAccessAllowedAce
LookupPrivilegeValueA
RegOpenKeyExA
AdjustTokenPrivileges
GetSecurityDescriptorControl
RegDeleteKeyA
RegCreateKeyA
DeregisterEventSource
GetUserNameA
GetSecurityDescriptorDacl
RegQueryInfoKeyA
GetSidLengthRequired
OpenThreadToken
CreateServiceA
RegCloseKey
RegQueryValueExA
AccessCheck
SetSecurityDescriptorOwner
AddAce
RegEnumValueA
OpenProcessToken
GetLengthSid
AllocateAndInitializeSid
DuplicateTokenEx
GetSecurityDescriptorLength
GetTokenInformation
AddAccessDeniedAce
MakeAbsoluteSD
RegisterEventSourceA
RegSetValueExA
RegConnectRegistryA
SetSecurityDescriptorSacl
DuplicateToken
PrivilegeCheck
GetAce
MakeSelfRelativeSD
SetSecurityDescriptorGroup
OpenServiceA
RegDeleteValueA
ChangeServiceConfigA
StartServiceCtrlDispatcherA
ControlService
ReportEventA
RegOpenKeyExW

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12daf20b473bdfc0791c29f880dd1f7a

Headers

File Characteristics

Imports

ole32

rpcrt4

shlwapi

oleacc

kernel32

user32

version

advapi32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 7KB - Virtual size: 147KB

.data Size: 110KB - Virtual size: 109KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 7KB - Virtual size: 147KB

.data
Size: 110KB - Virtual size: 109KB

.rsrc
Size: 512B - Virtual size: 4KB