65a10b8b59c80144cefc5483937335ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

65a10b8b59c80144cefc5483937335ff_JaffaCakes118
Size

54KB
MD5

65a10b8b59c80144cefc5483937335ff
SHA1

7a0d76e638f1cf1d185f34cb492d925b3cf2ceb9
SHA256

0656ee69e5a6e9c6cf46c4c4e512cf2ab8cc07fb31d2639c909df1428fd7ab4c
SHA512

0ce9547b8d10f0718bbf487aad2372a4bf8e811214148f9360ffa5a4266bf5d814a2105894c337afbf26ed8eebd0d873016331cfc3af3714f6018bf4d02d23a7
SSDEEP

768:Q1/QUvNim28bkadUtCtB4DLA6DgvwEprIikQRoRrUWn0FswbqwE3uMBhWm:Q1rF28bkKUItsLuworgRHn6wwauMGm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65a10b8b59c80144cefc5483937335ff_JaffaCakes118

Files

65a10b8b59c80144cefc5483937335ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f622f683756e772e27fb8e4a337d0d57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

GetUserNameExW

ole32

OleGetClipboard
OleSetClipboard
ReleaseStgMedium
CoTaskMemAlloc
CoCreateInstance
OleUninitialize
CoTaskMemFree
CoGetCallContext
OleInitialize

gdi32

DeleteDC
CreateCompatibleDC
DeleteObject
SelectObject
GetStockObject
CreateFontIndirectW
GetObjectW
RealizePalette
CreateDIBitmap
CreatePalette
GetDeviceCaps
SelectPalette
BitBlt

mpr

WNetGetNetworkInformationW
WNetGetResourceInformationW
WNetGetConnectionW

msvcrt

wcspbrk
mbstowcs
_vsnwprintf
wcsncmp
_adjust_fdiv
iswctype
wcscmp
_itow
wcsstr
setlocale
_purecall
wcschr
free
_except_handler3
wcsncpy
_wcsnicmp
wcsspn
wcstoul
_initterm
wcstombs
_wcsicmp
memmove
wcsrchr
wcslen
rand
malloc

comctl32

ImageList_AddMasked
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Create
ImageList_SetOverlayImage
ImageList_GetIcon
CreatePropertySheetPageW
ImageList_Remove
PropertySheetW
ImageList_Destroy
DestroyPropertySheetPage

comdlg32

CommDlgExtendedError
GetOpenFileNameW

advapi32

RegEnumKeyExW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW
FreeSid
AccessCheck
ControlService
GetFileSecurityW
LookupAccountSidW
OpenThreadToken
GetUserNameW
RegOpenKeyExW
RevertToSelf
StartServiceW
RegConnectRegistryW
RegSetValueExW
QueryServiceStatus
SetSecurityInfo
GetSecurityInfo
GetTokenInformation
LookupPrivilegeValueW
SetSecurityDescriptorOwner
AdjustTokenPrivileges
RegQueryValueExW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle
OpenServiceW
ImpersonateSelf
RegCloseKey
CheckTokenMembership
AllocateAndInitializeSid

ntdsapi

DsMakeSpnW

shell32

SHGetPathFromIDListW
DragQueryFileW
SHChangeNotify
SHFileOperationW
SHGetFolderPathW
SHExtractIconsW
ShellExecuteW

rpcrt4

NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
UuidCreate

kernel32

CreateDirectoryW
GetCurrentProcessId
UnmapViewOfFile
lstrcmpiW
InterlockedDecrement
InitializeCriticalSection
FindFirstFileW
LocalAlloc
GetFileAttributesW
GetCurrentProcess
QueryPerformanceCounter
GetFileSize
MulDiv
SetFileAttributesW
GlobalLock
FreeLibrary
SetCurrentDirectoryW
GetLocaleInfoW
LockResource
GetCurrentActCtx
InterlockedIncrement
GetFileType
GetUserDefaultLCID
IsBadWritePtr
IsBadStringPtrW
SetUnhandledExceptionFilter
SetEndOfFile
LoadResource
GetDateFormatW
GetFullPathNameW
DeleteCriticalSection
GetCurrentDirectoryW
GetDriveTypeW
SystemTimeToFileTime
DeleteFileW
LoadLibraryW
DuplicateHandle
GetUserDefaultUILanguage
EnterCriticalSection
SetErrorMode
GlobalReAlloc
CancelWaitableTimer
LocalReAlloc
CreateFileW
GetTimeFormatW
GlobalFree
GlobalAlloc
WideCharToMultiByte
SetFileTime
CloseHandle
GetProcAddress
FindResourceW
GetEnvironmentVariableW
VirtualAlloc
LocalFree
FileTimeToSystemTime
FindClose
CompareStringW
DeactivateActCtx
GetLocalTime
MapViewOfFile
OpenProcess
GetSystemTimeAsFileTime
SetFilePointer
UnhandledExceptionFilter
GetComputerNameW
SearchPathW
GetCurrentThread
FormatMessageW
TerminateProcess
GetCurrentThreadId
Sleep
FindNextFileW
lstrcmpW
ExpandEnvironmentStringsW
lstrcmpA
SetWaitableTimer
DisableThreadLibraryCalls
ExitThread
ReadFile
CreateWaitableTimerW
lstrlenW
CompareFileTime
CreateFileMappingW
GetLastError
CreateThread
ActivateActCtx
GetComputerNameExW
GetFileTime
GetVersionExW
GlobalUnlock
WriteFile
LeaveCriticalSection
lstrcpynW
ReleaseActCtx
GetTickCount
GetSystemTime

userenv

UnloadUserProfile

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

winmm

auxOutMessage

user32

RegisterClipboardFormatW
GetMenuItemInfoW
EnableWindow
MessageBeep
GetWindowTextLengthW
EndDialog
SystemParametersInfoW
GetDlgItem
CheckMenuItem
MessageBoxW
SetWindowLongW
CheckDlgButton
GetLastActivePopup
SwitchToThisWindow
PostMessageW
ValidateRect
GetClientRect
WinHelpW
ShowWindow
IsWindow
GetSubMenu
FindWindowW
GetWindowTextW
EnumWindows
DestroyMenu
CheckRadioButton
GetClassInfoW
GetWindowRect
GetWindow
InvalidateRect
SetCursor
SendMessageW
CreateWindowExW
GetDlgItemTextW
LoadMenuW
GetWindowLongW
TrackPopupMenu
KillTimer
LoadStringW
SetWindowPos
SetDlgItemTextW
RegisterClassW
SetForegroundWindow
SetWindowTextW
DestroyIcon
RegisterWindowMessageW
GetDlgItemInt
SetFocus
EnumChildWindows
DefWindowProcW
GetWindowThreadProcessId
GetClassNameW
GetForegroundWindow
SendDlgItemMessageW
GetDC
ReleaseDC
SetTimer
GetSystemMetrics
LoadImageW
LoadCursorW
SetMenuItemInfoW
SetMenuDefaultItem
EnableMenuItem
GetMenuItemID
GetKeyState
GetMenuItemCount
DestroyWindow
GetParent
RemoveMenu
DialogBoxParamW
IsDlgButtonChecked
MapWindowPoints

lz32

LZClose

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.textbss
Size: 43KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f622f683756e772e27fb8e4a337d0d57

Headers

File Characteristics

Imports

secur32

ole32

gdi32

mpr

msvcrt

comctl32

comdlg32

advapi32

ntdsapi

shell32

rpcrt4

kernel32

userenv

shlwapi

winmm

user32

lz32

version

Sections

.textbss Size: 43KB - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 424B

.idata Size: 8KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 80KB

.textbss
Size: 43KB - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 424B

.idata
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 80KB