7152d993d243bf856f786c0b5e18930a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7152d993d243bf856f786c0b5e18930a_JaffaCakes118
Size

56KB
MD5

7152d993d243bf856f786c0b5e18930a
SHA1

299986c34080d93f8c280432e9d7fd557240518b
SHA256

48ee13ff04eab006d5a79df1b387121e18a9119b40ff7c3d5d377cb3b946cf48
SHA512

3115005d99df9810a00cbcba6daf9424809906ecf14a554ff2a2cb33c0cf6973cb6e97aa17b0f01b6f523da23f35e4fdeace6bc7a061f4929a5c7a18705e70bd
SSDEEP

1536:sx5uupyjG/swFlAYVihNiqRkaoC1OxeHIvd6M7C3WNcR:s+uUK/swFyYV0LwpoV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7152d993d243bf856f786c0b5e18930a_JaffaCakes118

Files

7152d993d243bf856f786c0b5e18930a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

47e70e906c30a1628f69b2f59aab8cfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msoert2

CchFileTimeToDateTimeSz
PVDecodeObject
PszMonthFromIndex
PszAllocW
PszSkipWhiteA
HrIStreamToBSTR
PszDupA
HrGetStreamSize
CreateLogFile
HrCopyStream
strtrim
CrackNotificationPackage
HrCopyLockBytesToStream
CreateTempFileStream
UpdateRebarBandColors
HrSetDirtyFlagImpl
FIsHTMLFile
CryptAllocFunc
FreeTempFileList
HrGetElementImpl
HrFindInetTimeZone
CreateEnumFormatEtc
IDrawText
HrStreamSeekEnd
StripCRLF
CreateSystemHandleName

setupapi

pSetupModifyGlobalFlags
SetupDiGetWizardPage
SetupScanFileQueueW
SetupInstallServicesFromInfSectionW
CM_Get_Hardware_Profile_Info_ExA
SetupQueryInfOriginalFileInformationA
SetupGetTargetPathA
CMP_GetServerSideDeviceInstallFlags
CM_Set_DevNode_Problem
SetupDiOpenDeviceInterfaceW
CM_Set_DevNode_Problem_Ex
pSetupGetQueueFlags
SetupDiRegisterDeviceInfo
pSetupGetFileTitle
CM_Get_DevNode_Status_Ex
CM_Reenumerate_DevNode
SetupRemoveFromSourceListA
SetupDiMoveDuplicateDevice
SetupGetBinaryField
CM_Enumerate_EnumeratorsA
CM_Get_Device_IDA
SetupBackupErrorA
SetupDiDestroyClassImageList
CM_Query_Arbitrator_Free_Size_Ex
SetupFindFirstLineA

wsock32

WEP
WSAGetLastError
socket
getprotobynumber
select
send
ntohs
WSAAsyncGetServByPort
GetAddressByNameA
getprotobyname
ntohl
s_perror
gethostname
GetAcceptExSockaddrs
NPLoadNameSpaces
WSApSetPostRoutine
inet_addr
WSARecvEx
WSASetLastError
GetAddressByNameW
dn_expand
getservbyname
inet_network
htonl
WSAStartup
GetTypeByNameA
GetServiceW
WSAAsyncGetHostByName
connect

kernel32

GetHandleInformation
QueueUserAPC
EnumCalendarInfoW
GetLargestConsoleWindowSize
EndUpdateResourceA
GlobalFindAtomW
GetFileSize
LoadLibraryA
HeapCreate
LZDone
GetNumberFormatA
UnregisterConsoleIME
ReadConsoleOutputA
VirtualAlloc
VirtualFreeEx
EnumResourceTypesW
GlobalReAlloc
SetPriorityClass
FindNextChangeNotification
SetCommTimeouts
DeactivateActCtx
EnumLanguageGroupLocalesW

ntdll

ZwCreateDebugObject
RtlCheckForOrphanedCriticalSections
DbgUserBreakPoint
RtlQueryHeapInformation
ZwQueryObject
RtlDefaultNpAcl
ZwNotifyChangeMultipleKeys
RtlAreBitsClear
RtlxUnicodeStringToAnsiSize
RtlCancelTimer
NtClearEvent
RtlCreateAndSetSD
NtResetEvent
RtlComputeImportTableHash
RtlIpv4StringToAddressA
NtRestoreKey
ZwWaitForMultipleObjects
RtlSetSaclSecurityDescriptor
RtlNtStatusToDosErrorNoTeb
NtSetIoCompletion
RtlInitializeSListHead
NtMapViewOfSection
NtReleaseSemaphore
ZwCompressKey
NtTerminateJobObject
ZwCreateToken

shdocvw

AddUrlToFavorites
OpenURL
URLQualifyA
URLQualifyW
DoOrganizeFavDlgW
DllCanUnloadNow
DllGetVersion
DllRegisterWindowClasses
SHAddSubscribeFavorite
DoOrganizeFavDlg
HlinkFrameNavigateNHL
SetQueryNetSessionCount
HlinkFrameNavigate
SoftwareUpdateMessageBox
DoAddToFavDlgW
DoFileDownload
ImportPrivacySettings
DoAddToFavDlg
SHGetIDispatchForFolder
DoPrivacyDlg
DllGetClassObject
HlinkFindFrame

dmime

DllGetClassObject
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47e70e906c30a1628f69b2f59aab8cfe

Headers

DLL Characteristics

File Characteristics

Imports

msoert2

setupapi

wsock32

kernel32

ntdll

shdocvw

dmime

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 19KB - Virtual size: 61KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 172B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 19KB - Virtual size: 61KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 172B