625b90c52105fb2cf18f4c02ff9fb4a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

625b90c52105fb2cf18f4c02ff9fb4a5_JaffaCakes118
Size

87KB
MD5

625b90c52105fb2cf18f4c02ff9fb4a5
SHA1

d1bff4f6856790abed6c3a8b532caae5679b70e5
SHA256

21825469e2213ab5bc14ae23e63083c32a25e8379fc9e257b0a0d79f4395be33
SHA512

cee4f0a0e649f96ed82a163f5e529d3d0883314f6e82309c19c1851a59cfbd7c25757ac6282da97c7608088841b52d2787d6e0fa627e96195b532c60176a9596
SSDEEP

1536:Kei604+1HRAsewZbUHlm6qtuCILuAOLfjdVpVD6R/jMUTADHW7XyrltwYD:TeneObYk6WutuTDpVk/xszowltwYD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
625b90c52105fb2cf18f4c02ff9fb4a5_JaffaCakes118

Files

625b90c52105fb2cf18f4c02ff9fb4a5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b43378042ea5b83c4d2b4ae1fd595c5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

GetUserNameExW

lz32

LZClose

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
StartServiceW
RegOpenKeyExW
RegConnectRegistryW
OpenServiceW
AdjustTokenPrivileges
SetSecurityInfo
GetFileSecurityW
AccessCheck
LookupAccountSidW
SetSecurityDescriptorOwner
RegQueryValueExW
RegSetValueExW
CloseServiceHandle
RegEnumKeyExW
GetTokenInformation
SetEntriesInAclW
CheckTokenMembership
OpenSCManagerW
FreeSid
OpenProcessToken
GetSecurityInfo
RegCloseKey
QueryServiceStatus
AllocateAndInitializeSid
LookupPrivilegeValueW
OpenThreadToken
RegDeleteKeyW
ControlService
ImpersonateSelf
GetUserNameW

winmm

auxOutMessage

rpcrt4

RpcEpResolveBinding
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrClientCall2
UuidCreate
RpcBindingFree

comctl32

ImageList_GetIcon
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Destroy
PropertySheetW
ImageList_Remove
CreatePropertySheetPageW
ImageList_Create
ImageList_SetOverlayImage
ImageList_ReplaceIcon
ImageList_AddMasked

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comdlg32

CommDlgExtendedError
GetOpenFileNameW

ole32

OleInitialize
ReleaseStgMedium
CoTaskMemAlloc
CoGetCallContext
OleGetClipboard
OleSetClipboard
CoCreateInstance
CoTaskMemFree
OleUninitialize

mpr

WNetGetNetworkInformationW
WNetGetResourceInformationW
WNetGetConnectionW

ntdsapi

DsMakeSpnW

shell32

SHGetPathFromIDListW
DragQueryFileW
SHFileOperationW
SHGetFolderPathW
ShellExecuteW
SHExtractIconsW
SHChangeNotify

gdi32

RealizePalette
CreatePalette
DeleteDC
DeleteObject
SelectPalette
GetObjectW
BitBlt
CreateDIBitmap
CreateCompatibleDC
GetDeviceCaps
CreateFontIndirectW
GetStockObject
SelectObject

userenv

UnloadUserProfile

kernel32

CancelWaitableTimer
LocalAlloc
GetTickCount
GetFileTime
SystemTimeToFileTime
GetCurrentDirectoryW
ActivateActCtx
GetLastError
lstrcmpiW
SetCurrentDirectoryW
CompareFileTime
CreateFileMappingW
SetEndOfFile
GetVersionExW
SetErrorMode
lstrcpynW
GlobalUnlock
GetCurrentThread
SetFileAttributesW
IsBadStringPtrW
Sleep
ExpandEnvironmentStringsW
DeleteCriticalSection
CloseHandle
EnterCriticalSection
CreateFileW
DuplicateHandle
CompareStringW
CreateDirectoryW
LockResource
VirtualAlloc
MapViewOfFile
GlobalAlloc
GetLocalTime
ReleaseActCtx
FindClose
OpenProcess
DisableThreadLibraryCalls
SearchPathW
GetLocaleInfoW
GetCurrentActCtx
LoadLibraryW
CreateWaitableTimerW
DeactivateActCtx
LocalReAlloc
GetCurrentProcess
GetFileAttributesW
GlobalReAlloc
FormatMessageW
WideCharToMultiByte
CreateThread
GetCurrentThreadId
GetUserDefaultUILanguage
TerminateProcess
MulDiv
QueryPerformanceCounter
GetTimeFormatW
GetDateFormatW
GetDriveTypeW
SetFilePointer
UnhandledExceptionFilter
IsBadWritePtr
InterlockedIncrement
GetUserDefaultLCID
GetCurrentProcessId
FreeLibrary
lstrlenW
lstrcmpW
ReadFile
GetFileType
lstrcmpA
DeleteFileW
WriteFile
GetSystemTimeAsFileTime
FindFirstFileW
GetProcAddress
GetSystemTime
SetFileTime
GetFullPathNameW
UnmapViewOfFile
GetComputerNameW
GetComputerNameExW
LoadResource
LeaveCriticalSection
LocalFree
GetVolumeInformationW
FindNextFileW
ExitThread
InterlockedDecrement
GetEnvironmentVariableW
GetFileSize
SetWaitableTimer
GlobalLock
InitializeCriticalSection
FindResourceW
GlobalFree
FileTimeToSystemTime

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW

user32

SetCursor
SystemParametersInfoW
RegisterClassW
DefWindowProcW
GetWindowRect
KillTimer
SetWindowLongW
IsWindow
SendDlgItemMessageW
SetWindowTextW
SetMenuDefaultItem
SetMenuItemInfoW
GetWindowLongW
GetSubMenu
SwitchToThisWindow
ReleaseDC
FindWindowW
InvalidateRect
IsDlgButtonChecked
RegisterClipboardFormatW
GetDlgItemInt
SetFocus
CheckMenuItem
CheckDlgButton
SetDlgItemTextW
GetMenuItemID
MapWindowPoints
LoadMenuW
GetWindowTextLengthW
GetWindowTextW
CreateWindowExW
EnableWindow
GetDlgItem
GetDC
DestroyIcon
RemoveMenu
SetWindowPos
DestroyMenu
GetForegroundWindow
DestroyWindow
EnumWindows
RegisterWindowMessageW
LoadCursorW
GetParent
GetClassInfoW
EnumChildWindows
SendMessageW
ShowWindow
EnableMenuItem
MessageBeep
DialogBoxParamW
GetWindow
LoadStringW
WinHelpW
GetKeyState
MessageBoxW
GetMenuItemInfoW
SetForegroundWindow
GetLastActivePopup
LoadImageW
GetClassNameW
SetTimer
TrackPopupMenu
GetMenuItemCount
ValidateRect
PostMessageW
GetClientRect
EndDialog
GetWindowThreadProcessId
GetSystemMetrics
CheckRadioButton
GetDlgItemTextW

msvcrt

wcsrchr
_vsnwprintf
wcstombs
malloc
iswctype
free
wcspbrk
wcsncpy
setlocale
wcsncmp
_initterm
rand
wcsstr
_wcsicmp
wcschr
_except_handler3
wcslen
wcscmp
wcsspn
_itow
mbstowcs
memmove
_purecall
_wcsnicmp
wcstoul
_adjust_fdiv

Sections

.textbss
Size: 77KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b43378042ea5b83c4d2b4ae1fd595c5c

Headers

DLL Characteristics

File Characteristics

Imports

secur32

lz32

advapi32

winmm

rpcrt4

comctl32

version

comdlg32

ole32

mpr

ntdsapi

shell32

gdi32

userenv

kernel32

shlwapi

user32

msvcrt

Sections

.textbss Size: 77KB - Virtual size: 1.2MB

.text Size: 512B - Virtual size: 420B

.idata Size: 8KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 28B

.textbss
Size: 77KB - Virtual size: 1.2MB

.text
Size: 512B - Virtual size: 420B

.idata
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 28B