661e7ad6bc597d1d78549059c3859d0b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

661e7ad6bc597d1d78549059c3859d0b_JaffaCakes118
Size

273KB
MD5

661e7ad6bc597d1d78549059c3859d0b
SHA1

6800d589ea05233a7d1ae155c8f64d8f199beca0
SHA256

050240e1bdac34a44002ef8229415e274931af86b2a90bbe2633ab21a782f5c3
SHA512

947789aea5bda8eab0a7f3f21bf8082417ff2611bd6f2c816cbe7059885d9c48f6c8ab157be77cc2d27c58c8fadfce5994aab628c4466ec59f8918be6956aebf
SSDEEP

6144:DUsVhHbrYprD1mp9YobGlkYi24vtQT7o5B42q3Us5xgmWCTJwZ2q65:TnYprDgpKaGl5i24vtEgB42qkkxgYTJz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
661e7ad6bc597d1d78549059c3859d0b_JaffaCakes118

Files

661e7ad6bc597d1d78549059c3859d0b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

780ec2dd6022b8506711dc9a2f23d010

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromString
CoGetClassObject
CoUninitialize
CoDisconnectObject
CoCreateGuid
CoTaskMemAlloc
CoQueryProxyBlanket
CoTaskMemRealloc
StringFromCLSID
StringFromGUID2
CoRegisterClassObject
CoRevertToSelf
CoInitializeEx
CoSetProxyBlanket
CoGetCallContext
CoImpersonateClient
StringFromIID
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
CoRevokeClassObject

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

InitializeCriticalSection
SetEnvironmentVariableA
HeapFree
EnterCriticalSection
GetLastError
VirtualProtect
CreateProcessW
DeleteCriticalSection
FreeEnvironmentStringsA
FreeLibrary
GetSystemInfo
InterlockedCompareExchange
GetVersion
WritePrivateProfileStringA
GetOEMCP
VirtualQuery
lstrlenW
DuplicateHandle
FlushFileBuffers
QueryPerformanceCounter
LoadResource
SetEvent
GetCommandLineA
GetCurrentProcess
TerminateProcess
GetACP
CompareStringW
SetLastError
SetErrorMode
LoadLibraryA
GetPrivateProfileSectionA
FreeEnvironmentStringsW
GetProcessTimes
LeaveCriticalSection
CreateThread
LocalAlloc
GetModuleFileNameW
GetStringTypeA
CreateDirectoryA
LocalSize
GetThreadLocale
GetLocaleInfoA
GetTickCount
RtlUnwind
InterlockedDecrement
CreateProcessA
GetSystemDirectoryA
CreateEventA
RaiseException
HeapDestroy
GetModuleHandleA
IsBadWritePtr
GetExitCodeProcess
HeapSize
CloseHandle
FindResourceA
GetModuleHandleW
GetComputerNameA
FindClose
EnumSystemLanguageGroupsW
GetSystemTimeAsFileTime
LockResource
GetVersionExA
Sleep
GetEnvironmentStrings
GetModuleFileNameA
LCMapStringA
TlsGetValue
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
ReadProcessMemory
GetProcessHeap
lstrcpynA
FindFirstFileA
HeapCreate
SetEndOfFile
FindResourceExA
IsBadCodePtr
LoadLibraryExA
SetUnhandledExceptionFilter
lstrcpyA
FormatMessageA
WriteFile
ReleaseMutex
ExitProcess
lstrcmpiA
GetPrivateProfileIntA
lstrlenA
GetCPInfo
GetEnvironmentStringsW
OpenProcess
LocalFree
ResetWriteWatch
SetStdHandle
GetCurrentProcessId
HeapAlloc
VirtualAlloc
GetFileAttributesA
TlsSetValue
GetStartupInfoA
GetStdHandle
TlsFree
HeapReAlloc
CreateFileA
GetCurrentThreadId
GetProcAddress
UnhandledExceptionFilter
CreateMutexA
LoadLibraryW
MultiByteToWideChar
IsBadReadPtr
SetHandleCount
GetCurrentThread
CreateFileMappingA
IsDBCSLeadByte
ReadFile
GetProfileStringA
SetFilePointer
GetFileType
InterlockedIncrement
CompareStringA
UnmapViewOfFile
GetStringTypeW
WriteProfileStringA
TerminateThread
LCMapStringW
MapViewOfFile
WaitForSingleObject
InterlockedExchange
VirtualFree
WideCharToMultiByte
TlsAlloc
SizeofResource
lstrcatA
HeapFree

shlwapi

PathFindExtensionA

advapi32

RegisterServiceCtrlHandlerA
DeleteService
CloseServiceHandle
RegDeleteKeyA
IsValidSecurityDescriptor
AllocateAndInitializeSid
OpenThreadToken
PrivilegeCheck
GetUserNameA
LookupAccountNameA
OpenProcessToken
DeregisterEventSource
LookupAccountSidA
GetTokenInformation
SetSecurityDescriptorGroup
DuplicateToken
RegConnectRegistryA
AddAccessDeniedAce
InitializeSid
RegQueryValueExW
RegSetKeySecurity
RegQueryInfoKeyA
LookupAccountSidW
GetLengthSid
SetSecurityDescriptorOwner
IsValidSid
LookupPrivilegeValueA
RegQueryValueExA
AddAccessAllowedAce
StartServiceCtrlDispatcherA
GetSidSubAuthority
GetSecurityDescriptorSacl
CopySid
AdjustTokenPrivileges
ControlService
AddAce
RegCreateKeyA
MakeAbsoluteSD
RegCloseKey
RegisterEventSourceA
QueryServiceStatus
GetSecurityDescriptorOwner
SetSecurityDescriptorDacl
DuplicateTokenEx
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
InitializeAcl
GetAce
RegCreateKeyExA
RegEnumKeyExA
SetSecurityDescriptorSacl
EqualSid
RegEnumValueA
GetSecurityDescriptorGroup
SetServiceStatus
ChangeServiceConfigA
GetSecurityDescriptorDacl
GetSidLengthRequired
MakeSelfRelativeSD
FreeSid
OpenSCManagerA
GetSecurityDescriptorControl
SetThreadToken
GetAclInformation
RegEnumKeyA
AccessCheck
ReportEventA
GetSecurityDescriptorLength
InitializeSecurityDescriptor
OpenServiceA
CreateServiceA
RegOpenKeyExW

user32

EnumWindows
IsWindowVisible
GetWindowTextA
GetWindowThreadProcessId
LoadStringA
KillTimer
PostThreadMessageA
CharUpperA
GetMessageA
PeekMessageA
MessageBoxA
wsprintfW
CharNextA
DispatchMessageA
SetTimer
wsprintfA

oleacc

LresultFromObject
AccessibleObjectFromPoint

rpcrt4

RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
NdrClientCall
RpcStringBindingComposeA
RpcStringFreeA

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

780ec2dd6022b8506711dc9a2f23d010

Headers

File Characteristics

Imports

ole32

version

kernel32

shlwapi

advapi32

user32

oleacc

rpcrt4

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 7KB - Virtual size: 147KB

.data Size: 199KB - Virtual size: 199KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 7KB - Virtual size: 147KB

.data
Size: 199KB - Virtual size: 199KB

.rsrc
Size: 512B - Virtual size: 4KB