67522701675fa36abcc601b6b728069f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

67522701675fa36abcc601b6b728069f_JaffaCakes118
Size

570KB
MD5

67522701675fa36abcc601b6b728069f
SHA1

ad784b5d210784c02d346463d807274336248a7f
SHA256

e5bbf4d41e6a5da1e16ef80be02a6965862db2e032bc012b831220719efeb948
SHA512

3d98a39af2010e2a0325e034c63ffb6c1c69726c99f29ab2671fdf07dc84dd0a2fd09f89f48fec6daaea1089c60322d7ea7f9934ee2fd5b6bc617e2d29082391
SSDEEP

6144:eQUOmA+k5qSMRftBtM1V079Os6Bzdi1DOmgEsXQ6koQkvkkUOmlPA7wEaP6Vt1kq:edA+fqf04UDbIQQkSme7NJt1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67522701675fa36abcc601b6b728069f_JaffaCakes118

Files

67522701675fa36abcc601b6b728069f_JaffaCakes118
.exe windows:6 windows x86 arch:x86

120cb0ff535b31a9f3f27b9e94c68802

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ehRecvr.pdb

Imports

advapi32

CloseServiceHandle
OpenServiceW
OpenSCManagerW
ReportEventW
SetServiceStatus
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
LookupAccountNameW
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
InitializeAcl
GetLengthSid
IsValidSid
DeleteService
ControlService
RegisterEventSourceW
RegEnumKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ChangeServiceConfig2W
CreateServiceW
DeregisterEventSource
RegisterServiceCtrlHandlerExW
RegDeleteKeyW
StartServiceCtrlDispatcherW
CreateWellKnownSid
RegGetValueW
RegEnumKeyW
RegEnumValueW
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
SetSecurityInfo
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CopySid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
OpenProcessToken
LookupAccountSidW

kernel32

InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
CloseHandle
SetEvent
MultiByteToWideChar
GetModuleFileNameW
Sleep
OutputDebugStringA
MoveFileExW
GetTempPathW
InterlockedIncrement
LeaveCriticalSection
ResetEvent
CreateEventW
SetPriorityClass
GetCurrentProcess
GetProfileIntW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
HeapSetInformation
GetTickCount
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentThreadId
SleepEx
QueueUserAPC
GetCurrentThread
InterlockedExchange
DuplicateHandle
HeapReAlloc
LocalAlloc
LocalFree
GetCurrentProcessId
K32GetModuleBaseNameW
CreateWaitableTimerW
CreateThread
CreateDirectoryW
CancelWaitableTimer
SetWaitableTimer
GetExitCodeThread
WaitForSingleObject
OutputDebugStringW
WaitForMultipleObjects
OpenThread
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
GetFileAttributesW
ExitThread
WaitForMultipleObjectsEx
GetLocalTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
lstrlenA
SetThreadExecutionState
GetVersionExA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
HeapAlloc
GetProcessHeap
HeapFree
EnterCriticalSection
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
EncodeSystemPointer
DecodeSystemPointer

user32

TranslateMessage
SetTimer
PostThreadMessageW
KillTimer
RegisterDeviceNotificationW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
UnregisterDeviceNotification
CharNextW
LoadStringW
UnregisterClassA

msvcrt

_wfopen
_resetstkoflw
calloc
__dllonexit
wcscat_s
wcsncpy_s
wcscpy_s
memcpy_s
free
_unlock
_errno
realloc
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_purecall
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
_localtime64
wcsftime
wcstok_s
_time64
??0exception@@QAE@XZ
wcsstr
wcsncmp
_wcsnicmp
wcscspn
_lock
_onexit
??1type_info@@UAE@XZ
_controlfp
fputws
__setusermatherr
fflush
_itow_s
_CxxThrowException
??0exception@@QAE@ABV0@@Z
malloc
memcpy
memset
_ui64tow
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
swprintf_s
_vsnwprintf
wcschr
iswalpha
_wcsicmp
floor
__CxxFrameHandler3
_ftol2_sse
fclose

ole32

CoInitialize
CoTaskMemAlloc
CoImpersonateClient
CoRevertToSelf
CLSIDFromString
CoFreeUnusedLibrariesEx
CoCreateGuid
StringFromCLSID
CoDisconnectObject
CoWaitForMultipleHandles
CoInitializeSecurity
StringFromGUID2
CoUninitialize
CoInitializeEx
CoSuspendClassObjects
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysStringByteLen
SysStringLen
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
DispCallFunc
SafeArrayRedim
VarBstrCat
SysFreeString
SysAllocStringByteLen
VarBstrCmp
SafeArrayCreate

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

ehtrace

ehTraceEvent
ehUnregisterTraceGUIDs
ehFreeEventBuffer
ehAllocateEventBuffer
ehRegisterTraceGUIDs

shell32

SHGetKnownFolderPath
SHCreateDirectoryExW

slc

SLGetWindowsInformationDWORD

Exports

Exports

_CETWProvider_Initialize@20
_CETWProvider_TraceCriticalCall@12
_CETWProvider_TraceEHomeEvent@56
_CETWProvider_TraceErrorEvent@16
_CETWProvider_TraceErrorLevel@24
_CETWProvider_TraceEventID@12
_CETWProvider_TraceInfo@12
_CETWProvider_TracePerfMarkerEnd@12
_CETWProvider_TracePerfMarkerStart@12
_CETWProvider_TraceTextLevel@20
_CETWProvider_TraceVideoSize@16
_CETWProvider_Uninitialize@4

Sections

.text
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdhsscm
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

120cb0ff535b31a9f3f27b9e94c68802

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

shlwapi

version

ehtrace

shell32

slc

Exports

Exports

Sections

.text Size: 520KB - Virtual size: 520KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 41KB - Virtual size: 42KB

rdhsscm Size: - Virtual size: 4KB

.text
Size: 520KB - Virtual size: 520KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 41KB - Virtual size: 42KB

rdhsscm
Size: - Virtual size: 4KB