68f6d84ac9a28c2fea59ff5e04577911_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

68f6d84ac9a28c2fea59ff5e04577911_JaffaCakes118
Size

166KB
MD5

68f6d84ac9a28c2fea59ff5e04577911
SHA1

4a9875f646c5410f8317191ef2a91f934ce76f57
SHA256

5ef73d904cf5dcbec5919fba0b640168d6feb8f7021507568297e3da1a7e47a5
SHA512

5df07fa0cf7f52f8c76139a55170820136e9131116fd5e102f817ddd7c0c08bb75afc524d876effdfc748d52f58355e082e38230991044e79d02bd3c947f4ab2
SSDEEP

3072:ey0N28mDd+/NEmQhqR1K4mzWPmlIbJrw1ovX:ey0NuM1jXi4kIb13

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68f6d84ac9a28c2fea59ff5e04577911_JaffaCakes118

Files

68f6d84ac9a28c2fea59ff5e04577911_JaffaCakes118
.exe windows:5 windows x86 arch:x86

25eed7fa6b29d83223b6de8faeb5be1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapCreate
SetLastError
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindVolumeClose
GetVersionExW
FindNextVolumeW
GetDiskFreeSpaceExW
FindFirstVolumeW
IsBadReadPtr
LocalAlloc
LocalFree
CreateNamedPipeW
GetCommandLineW
GetCurrentThreadId
SetCurrentDirectoryW
CreateMutexW
ReadDirectoryChangesW
CreateFileMappingW
CreateEventW
WaitForMultipleObjects
ReleaseMutex
GetFileSize
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalUnlock
GetDriveTypeW
GetVolumePathNamesForVolumeNameW
FileTimeToSystemTime
FindNextVolumeMountPointW
GetCurrentDirectoryW
FindVolumeMountPointClose
FindFirstVolumeMountPointW
GetOEMCP
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
ExpandEnvironmentStringsW
HeapAlloc
RtlUnwind
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
RaiseException
GetStringTypeW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapSize
HeapCompact
HeapReAlloc
GetVolumeInformationW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
GetFileSizeEx
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
CreateFileW
ReadFile
GetSystemWow64DirectoryW
GetSystemDirectoryW
WriteFile
SetFileTime
SetFilePointer
GetEnvironmentVariableW
FindFirstFileW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetSystemTime
GetLocalTime
MoveFileW
SetThreadPriority
MultiByteToWideChar
lstrcmpW
GetACP
FreeConsole
CopyFileW
GetCurrentThread
GetTickCount
GetModuleHandleW
SleepEx
SystemTimeToFileTime
SetUnhandledExceptionFilter
CreateProcessW
FreeLibrary
SetErrorMode
lstrlenA
ExitProcess
lstrcmpiW
GetProcAddress
LoadLibraryW
GetLastError
GetCurrentProcess
GetExitCodeThread
ExitThread
CreateThread
CloseHandle
TerminateThread
WaitForSingleObject
Sleep
lstrcpyW
GetWindowsDirectoryW
lstrcatW
GetTempPathW
EncodePointer
lstrlenW
GetModuleFileNameW
lstrcpynW
GetComputerNameW
OpenMutexW

user32

RegisterClassExW
SetWindowLongW
GetUserObjectInformationW
SetThreadDesktop
PostQuitMessage
ReleaseDC
PeekMessageW
GetProcessWindowStation
GetDesktopWindow
GetWindowRect
SetProcessWindowStation
OpenClipboard
GetClipboardData
GetForegroundWindow
CloseClipboard
GetKeyboardLayoutNameW
DispatchMessageW
DefWindowProcW
UnregisterDeviceNotification
CreateWindowExW
ShowWindow
SetTimer
GetMessageW
GetThreadDesktop
KillTimer
RegisterDeviceNotificationW
GetKeyboardType
wsprintfA
wsprintfW
CharLowerW
GetDC

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDIBits
DeleteObject
CreateCompatibleBitmap

winspool.drv

EnumPrintersW
GetPrinterDataW
OpenPrinterW
ClosePrinter

advapi32

OpenSCManagerW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
LookupAccountSidA
QueryServiceStatus
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptSetKeyParam
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
SetEntriesInAclW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
GetTokenInformation
OpenThreadToken
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
GetUserNameW
ChangeServiceConfigW
CryptGenRandom
StartServiceW
OpenServiceW
CryptAcquireContextW
CloseServiceHandle

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

IIDFromString
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoTaskMemFree
CoUninitialize

oleaut32

SysAllocString
VariantClear
VariantInit
VariantChangeType

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

secur32

GetComputerObjectNameW

wininet

InternetGetLastResponseInfoW
InternetGetConnectedState

ws2_32

WSAStartup
WSACleanup

shlwapi

PathAppendW
PathRemoveFileSpecW
StrStrA

winmm

waveInGetDevCapsW
mixerGetLineInfoW
mixerSetControlDetails
waveInClose
waveInGetErrorTextW
waveInPrepareHeader
waveInGetNumDevs
mixerGetControlDetailsW
waveInUnprepareHeader
waveInStart
mixerOpen
mixerGetLineControlsW
mixerClose
waveInOpen
waveInReset
waveInAddBuffer

crypt32

CryptUnprotectData

mpr

WNetAddConnection2W
WNetCancelConnectionW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25eed7fa6b29d83223b6de8faeb5be1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

rpcrt4

wtsapi32

secur32

wininet

ws2_32

shlwapi

winmm

crypt32

mpr

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 11KB - Virtual size: 86KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 11KB - Virtual size: 86KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 10KB - Virtual size: 10KB