63cf353c41e58d20abb75c137ccec2a5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

63cf353c41e58d20abb75c137ccec2a5_JaffaCakes118
Size

381KB
MD5

63cf353c41e58d20abb75c137ccec2a5
SHA1

291381d2ad163d2043761ac7af3d5d5874e64950
SHA256

7a3e1de45064cd7690c44680ba707aa70e680792260e95fff975596394854fc5
SHA512

1e2d1d43c2be5a1bccadd6f2d4f5f3a3cdac280e6d54d79378d325062bc3e7306142c25209e7327f27068f81ddfa9274364f28f99f97cd11544dec113204048e
SSDEEP

6144:sdvIOl2yU/zau2ZU/JYidjhbv3HwjqIz+8OD08DHY1RH0lnrCd3oguiTqd1Cegrh:uwPyGW/tijv3wmI3ODF83HOaog/ejyrK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63cf353c41e58d20abb75c137ccec2a5_JaffaCakes118

Files

63cf353c41e58d20abb75c137ccec2a5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

123d8a6b2eb377d00c476bf8f75e91ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCompactPathExA
PathFindNextComponentW
wvnsprintfA
PathFindFileNameW
StrCatChainW
StrCpyNW
StrCmpNA
StrStrIW
PathSetDlgItemPathA
SHRegQueryInfoUSKeyW
StrCmpIW
PathUndecorateA
SHSkipJunction
StrPBrkW
UrlCompareA
PathRemoveExtensionA
PathFindOnPathA
PathFileExistsA
GetMenuPosFromID
UrlHashA
PathFindExtensionA
PathAddExtensionW
PathRemoveBackslashW
StrCSpnIW
PathGetArgsW
StrCSpnW
AssocQueryStringByKeyA
PathUnExpandEnvStringsA
PathCompactPathExW
UrlGetLocationW
PathSkipRootA
PathIsSystemFolderW
SHCopyKeyA
SHRegSetPathW
UrlCombineW
PathMatchSpecW
wnsprintfA
StrToInt64ExW
StrIsIntlEqualW
StrRChrIW
PathIsPrefixA
ColorAdjustLuma
StrStrW
PathRelativePathToA
StrToIntW

winmm

PlaySoundA
midiOutGetDevCapsW
mmioWrite
joySetCapture
mmioGetInfo
mmsystemGetVersion
mciGetDriverData
timeGetSystemTime
mmioOpenW
waveOutSetPlaybackRate
mmioSetBuffer
waveOutPrepareHeader
waveInStop
waveOutReset
mciLoadCommandResource
auxGetDevCapsW
mmioSendMessage
waveOutOpen
midiStreamOut
mixerMessage
mmioDescend
mixerClose
mmioCreateChunk
mciGetDeviceIDFromElementIDW
midiInMessage
PlaySound

ole32

StgOpenAsyncDocfileOnIFillLockBytes
CoGetCurrentProcess
SetConvertStg
CoGetInterceptor
StgCreateStorageEx
CoGetClassVersion
EnableHookObject
OleCreateLink
CreatePointerMoniker
WriteStringStream
StgOpenPropStg
HICON_UserUnmarshal
HMETAFILE_UserUnmarshal
CLIPFORMAT_UserMarshal
CoCreateInstanceEx
CoGetInterfaceAndReleaseStream
GetHGlobalFromStream
CoGetDefaultContext
CoGetTreatAsClass
OleDestroyMenuDescriptor
CoQueryAuthenticationServices
IsValidIid
CoFreeAllLibraries
HBRUSH_UserFree
PropVariantCopy

kernel32

SwitchToThread
SetCurrentDirectoryW
SetThreadLocale
GlobalFlags
SetThreadExecutionState
MoveFileExA
LoadLibraryA
GetPrivateProfileIntA
BaseFlushAppcompatCache
GetLogicalDrives
FindFirstChangeNotificationW
WaitNamedPipeW
AddLocalAlternateComputerNameA
GetEnvironmentStrings
GlobalFindAtomA
FindVolumeClose
HeapSize
GetGeoInfoA
VirtualAlloc
GetConsoleTitleA
GetPriorityClass
GetTempFileNameW
GetConsoleAliasExesA
OpenMutexW
WriteFile
DeviceIoControl
RegisterConsoleVDM
IsDBCSLeadByteEx
GlobalUnfix
SetConsoleKeyShortcuts
GetComputerNameExW
GetCompressedFileSizeW
IsValidCodePage
CreateIoCompletionPort
lstrcmpi
GetStartupInfoA
WriteConsoleA
GetNumaHighestNodeNumber
LockResource
GetTapeParameters
DefineDosDeviceA
InitializeCriticalSection

cfgmgr32

CM_Get_Child_Ex
CM_Add_IDW
CM_Get_Res_Des_Data_Size
CM_Set_DevNode_Registry_Property_ExW
CM_Open_Class_KeyW
CM_Set_HW_Prof_Flags_ExA
CM_Enumerate_Classes
CM_Delete_DevNode_Key_Ex
CM_Modify_Res_Des
CM_Get_Resource_Conflict_Count
CM_Modify_Res_Des_Ex
CM_Unregister_Device_InterfaceA
CM_Add_ID_ExW
CM_Free_Res_Des
CM_Reenumerate_DevNode
CM_Query_Remove_SubTree
CM_Set_DevNode_Problem
CM_Enumerate_Enumerators_ExA
CM_Get_Hardware_Profile_Info_ExA
CM_Query_Arbitrator_Free_Size
CM_Remove_SubTree
CM_Get_Class_Key_Name_ExW
CM_Query_And_Remove_SubTreeW
CM_Get_Device_ID_List_SizeA
CM_Set_HW_Prof
CM_Get_Device_Interface_List_ExW
CM_Run_Detection
CM_Run_Detection_Ex
CM_Add_Empty_Log_Conf
CM_Get_Class_Key_NameA
CM_Get_Hardware_Profile_Info_ExW
CM_Get_Version
CM_Get_Depth_Ex
CM_Add_Res_Des_Ex
CM_Request_Eject_PC_Ex
CM_Get_Device_ID_Size
CM_Free_Log_Conf_Ex
CM_Invert_Range_List
CM_Set_HW_Prof_FlagsA
CM_Register_Device_Driver

rpcns4

I_RpcReBindBuffer
RpcNsProfileEltRemoveA
RpcNsProfileEltAddA
RpcNsMgmtBindingUnexportA
RpcNsBindingLookupNext
RpcNsBindingUnexportPnPW
I_RpcNsGetBuffer
RpcIfIdVectorFree
RpcNsBindingLookupBeginA
RpcNsMgmtEntryInqIfIdsW
I_RpcNsRaiseException
RpcNsBindingSelect
RpcNsProfileEltRemoveW
I_RpcNsSendReceive
RpcNsProfileEltInqBeginW
RpcNsBindingLookupDone
RpcNsMgmtEntryCreateA
RpcNsGroupMbrRemoveA
RpcNsBindingImportBeginW
RpcNsGroupDeleteW
RpcNsGroupMbrInqBeginW
RpcNsBindingImportDone
RpcNsGroupMbrInqDone
I_RpcNsNegotiateTransferSyntax
RpcNsMgmtEntryDeleteA
RpcNsBindingUnexportW
RpcNsProfileEltInqNextW
RpcNsEntryObjectInqBeginA
RpcNsBindingUnexportA
RpcNsMgmtSetExpAge
RpcNsMgmtEntryInqIfIdsA
RpcNsGroupMbrInqNextW

wmasf

ASFFindRootObject
ASFGUIDToCodecID
ASFCreateIndexMakerFileSink
ASFGUIDFromCodecID
ASFCreateIOMonitor
ASFGetStreamPropertiesObject
ASFWriteHeaderToFile
ASFFindStreamPropertiesObject
ASFGetHeaderObject
ASFGetRootObject
ASFReadHeaderFromFile
ASFCreateLibrary
ASFCreateStreamSelector
ASFFindHeaderObject
ASFCreateIndexMaker

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 204KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

123d8a6b2eb377d00c476bf8f75e91ed

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

winmm

ole32

kernel32

cfgmgr32

rpcns4

wmasf

Sections

.text Size: 85KB - Virtual size: 85KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 204KB - Virtual size: 632KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 204KB - Virtual size: 632KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1KB - Virtual size: 1KB