662c1adf19f5a45cecf57b50ac3b2cc0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

662c1adf19f5a45cecf57b50ac3b2cc0_JaffaCakes118
Size

140KB
MD5

662c1adf19f5a45cecf57b50ac3b2cc0
SHA1

d43bc202c19a8b61e1e0d18d9c8c85ad54580740
SHA256

bfabac150844fdefda0519f1679321be66f8e973f62163354e499c1fbc6093fd
SHA512

69ef54ed64c3a548ad8331e539616dd13d6995a3328a170ff9c8fcc7f7b8ae795e77e71320a5ec6e6135ec399d093ba336a86c5cb90c58475987bb3e3ed727cf
SSDEEP

3072:uul6DxM3XzBr4IEFLsGd12oXyUD8/YlynS/2fhFj8C/:tQu3XNr45L9d17CUD8nS4Fj8C/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
662c1adf19f5a45cecf57b50ac3b2cc0_JaffaCakes118

Files

662c1adf19f5a45cecf57b50ac3b2cc0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

833f6cea9bbfe747adbd19e20352d08f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
SetCommConfig
SetHandleCount
AddAtomA
GetLastError
HeapReAlloc
Sleep
CloseHandle
CreateMailslotW
GetCurrentProcess
ExitProcess
Process32FirstW
HeapCreate
LCMapStringW
FreeEnvironmentStringsA
FindFirstVolumeMountPointA
FreeEnvironmentStringsA
LocalSize
GetExitCodeThread
GetACP
GetConsoleAliasesW
LocalFree
CreateProcessA
TlsSetValue
RtlUnwind
LoadResource
FreeLibrary
LocalAlloc
GetStringTypeA
LCMapStringA
SetFilePointer
SetCommBreak
GetCurrentProcess
ReplaceFileA
FillConsoleOutputCharacterW
EscapeCommFunction
GetStdHandle
FlushFileBuffers
HeapAlloc
GetModuleHandleA
InterlockedExchange
LZRead
PrivMoveFileIdentityW
GetEnvironmentStringsW
GetCommandLineA
SetUnhandledExceptionFilter
GetStartupInfoA
TerminateProcess
FreeEnvironmentStringsW
EnumDateFormatsExA
GlobalUnfix
GetSystemInfo
GetCPInfo
SetVolumeMountPointW
MultiByteToWideChar
GetCurrentDirectoryA
GetBinaryTypeW
Thread32Next
GetVersion
HeapFree
SetCalendarInfoW
FindAtomW
DosPathToSessionPathA
GetProcessHeap
FindNextVolumeA
QueryPerformanceCounter
IsDBCSLeadByteEx
FindResourceExW
GetOEMCP
GetSystemTimeAsFileTime
UpdateResourceW
SetThreadUILanguage
GetCurrentThread
GetTickCount
VirtualAlloc
IsBadWritePtr
CreatePipe
CompareFileTime
CreateFileMappingA
LocalFileTimeToFileTime
GetFileType
EnumCalendarInfoW
GetLocaleInfoA
CallNamedPipeA
OpenFile
GetProfileStringA
GetConsoleKeyboardLayoutNameA
GetVersionExA
ReadFile
OpenEventA
WideCharToMultiByte
WaitForSingleObject
CreateEventA
GetStringTypeW
RtlUnwind
GetCurrentProcessId
SetStdHandle
VirtualQuery
UnhandledExceptionFilter
lstrcatW
LCMapStringA
VirtualFree
EraseTape

user32

ExitWindowsEx
ChangeDisplaySettingsA
EnumDisplayDevicesA
UnregisterDeviceNotification
ChangeDisplaySettingsExA
RegisterDeviceNotificationA
MessageBoxA
EnumDisplaySettingsA
EnumDisplaySettingsExA

advapi32

RegCreateKeyExA
RegCloseKey
AllocateAndInitializeSid
RegDeleteValueA
RegDeleteKeyA
LookupPrivilegeValueA
InitializeAcl
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegSetValueExA
RegQueryValueExA
FreeSid
AddAccessAllowedAce
InitializeSecurityDescriptor
RegOpenKeyExA
RevertToSelf
OpenProcessToken
RegEnumKeyExA
AdjustTokenPrivileges
OpenThreadToken
SetThreadToken

gdi32

ExtEscape
CreateDCA
DeleteDC

setupapi

SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
CM_Get_DevNode_Registry_PropertyA
CM_Get_Device_ID_ExA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiOpenDevRegKey
SetupDiCallClassInstaller
SetupDiGetClassDevsA
CM_Reenumerate_DevNode

cfgmgr32

CM_Set_DevNode_Problem_Ex
CM_Remove_SubTree_Ex
CM_Free_Log_Conf_Handle
CM_Enable_DevNode
CM_Get_Hardware_Profile_InfoW
CM_Get_DevNode_Registry_Property_ExA
CM_Query_Arbitrator_Free_Size_Ex
CM_Get_Class_Key_NameW
CM_Set_DevNode_Registry_PropertyA
CM_Query_And_Remove_SubTree_ExA
CM_Get_Hardware_Profile_InfoA
CM_Query_Resource_Conflict_List
CM_Unregister_Device_Interface_ExA
CM_Get_Device_Interface_List_Size_ExW
CM_Open_Class_Key_ExW
CM_Delete_Class_Key_Ex
CM_Get_Device_ID_ListA
CM_Open_Class_Key_ExA
CM_Get_Device_Interface_Alias_ExW
CM_Free_Log_Conf
CM_Get_Device_ID_List_SizeW

Sections

.KLH
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.czh
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Yf
Size: 2KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zP
Size: 2KB - Virtual size: 23KB

IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

833f6cea9bbfe747adbd19e20352d08f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

setupapi

cfgmgr32

Sections

.KLH Size: 1024B - Virtual size: 624B

.czh Size: 2KB - Virtual size: 1KB

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 5KB - Virtual size: 4KB

.Yf Size: 2KB - Virtual size: 37KB

.zP Size: 2KB - Virtual size: 23KB

.data Size: 11KB - Virtual size: 567KB

.rsrc Size: 98KB - Virtual size: 97KB

.KLH
Size: 1024B - Virtual size: 624B

.czh
Size: 2KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 5KB - Virtual size: 4KB

.Yf
Size: 2KB - Virtual size: 37KB

.zP
Size: 2KB - Virtual size: 23KB

.data
Size: 11KB - Virtual size: 567KB

.rsrc
Size: 98KB - Virtual size: 97KB