716640a6ac97b5ec3f2e03063712ea1d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

716640a6ac97b5ec3f2e03063712ea1d_JaffaCakes118
Size

806KB
MD5

716640a6ac97b5ec3f2e03063712ea1d
SHA1

2defb6d978a4536c8307ba200f06bebca0a9f58f
SHA256

3f8e6046faa043a6ae372257e07d8b66d20eea42d5a708e73888cab698e0bdf9
SHA512

12f383110d18cb227144b6d2d82e5eb71f35923eb0008ca4a63e0c77700afaa46fc7d344ef44210749589d0c22fa4df2770df8591a7af6be3aea99e581ddf1ab
SSDEEP

24576:D+TZhVGxTNTFRi/Y/9xBNcG6DHFTnRMNRL:De98hFRi/YDPcGgHFTn4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
716640a6ac97b5ec3f2e03063712ea1d_JaffaCakes118

Files

716640a6ac97b5ec3f2e03063712ea1d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7a7a29e4a04996722b67e3d056753fc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UnionRect
GetWindowWord
CharToOemA
CreateCaret
DdeDisconnectList
GetInternalWindowPos
LoadMenuIndirectW
SubtractRect
MonitorFromPoint
BlockInput
IsDialogMessageA
EnumDesktopsA
GetWindowRgn
CharUpperA
PostMessageA
DestroyWindow
GetUpdateRgn
SetShellWindowEx
CreateWindowStationA
DrawIcon
ModifyMenuW
RegisterDeviceNotificationA
WindowFromDC
DragDetect
PackDDElParam
SetParent

msdart

?ConvertSharedToExclusive@CFakeLock@@QAEXXZ
?ConvertExclusiveToShared@CReaderWriterLock2@@QAEXXZ
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?BucketSizes@CLKRHashTableStats@@SGPBJXZ
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?_TryReadLock@CReaderWriterLock2@@AAE_NXZ
?SetSpinCount@CCritSec@@QAE_NG@Z
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?GetDefaultSpinCount@CSmallSpinLock@@SGGXZ
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?ReadUnlock@CReaderWriterLock@@QAEXXZ
?_SegIndex@CLKRLinearHashTable@@ABEKK@Z
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
?ReadOrWriteLock@CSpinLock@@QAE_NXZ
??1CLKRLinearHashTable@@QAE@XZ
MpGetHeapHandle
?ReadUnlock@CSpinLock@@QAEXXZ
?WriteLock@CCritSec@@QAEXXZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?TryWriteLock@CCritSec@@QAE_NXZ
??0CSpinLock@@QAE@XZ
?WriteUnlock@CLKRLinearHashTable@@QBEXXZ
?_H0@CLKRLinearHashTable@@CGKKK@Z
?sm_wDefaultSpinCount@CReaderWriterLock3@@1GA

winsta

WinStationSendWindowMessage
WinStationRemoveLicense
WinStationEnumerateW
_NWLogonQueryAdmin
WinStationSendMessageA
_WinStationUpdateClientCachedCredentials
_WinStationUpdateSettings
WinStationQueryUpdateRequired
WinStationShutdownSystem
WinStationGetLanAdapterNameA
WinStationDisconnect
ServerLicensingGetAvailablePolicyIds
_WinStationBreakPoint
WinStationIsHelpAssistantSession
_WinStationAnnoyancePopup
ServerLicensingFreePolicyInformation
WinStationReset
WinStationServerPing
ServerLicensingClose
WinStationRenameA
ServerLicensingOpenA
_NWLogonSetAdmin

cfgmgr32

CM_Set_HW_Prof_Flags_ExA
CM_Disable_DevNode
CM_Detect_Resource_Conflict
CM_Get_Res_Des_Data_Size_Ex
CM_Free_Res_Des_Ex
CM_Register_Device_Interface_ExW
CM_Query_Resource_Conflict_List
CM_Locate_DevNode_ExW
CM_Add_Res_Des_Ex
CM_Create_DevNodeW
CM_Locate_DevNodeW
CM_Get_Sibling_Ex
CM_Get_DevNode_Status
CM_Get_Log_Conf_Priority
CMP_WaitNoPendingInstallEvents
CM_Unregister_Device_Interface_ExA
CM_Get_Device_IDA
CM_Get_Resource_Conflict_DetailsA
CM_Get_Hardware_Profile_InfoA
CM_Run_Detection_Ex
CM_Get_Next_Log_Conf_Ex
CM_Get_Version_Ex
CM_Get_Parent
CM_Get_Device_ID_ExW
CM_Get_Version
CMP_Init_Detection
CM_Unregister_Device_Interface_ExW
CM_Get_Device_Interface_AliasW

kernel32

GetConsoleAliasExesA
SetComputerNameW
CloseHandle
CreateMailslotW
BaseDumpAppcompatCache
GetConsoleCharType
GetConsoleAliasesLengthW
GetProcessIoCounters
QueryActCtxW
LocalFree
SetProcessPriorityBoost
BaseFlushAppcompatCache
GetConsoleTitleA
DeleteFileA
Process32First
VirtualAlloc
CopyFileExW
ReleaseActCtx
EnumSystemLocalesW
GetPrivateProfileStructW
ExpandEnvironmentStringsA
LoadLibraryA
FindFirstFileExW
SetConsoleKeyShortcuts
GetThreadContext

msoert2

IsPrint
WriteStreamToFile
HrCreatePhonebookEntry
CreateLogFile
IDrawText
HrRewindStream
HrStreamSeekSet
IUnknownList_CreateInstance
PszScanToWhiteA
CreateStreamOnHFileW
FIsEmptyA
HrGetCertKeyUsage
WriteStreamToFileHandle
HrCreateTridentMenu
HrCopyStreamCBEndOnCRLF
_MSG
PszScanToCharA
HrCopyStream
CrackNotificationPackage
CreateEnumFormatEtc

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 628KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a7a29e4a04996722b67e3d056753fc1

Headers

DLL Characteristics

File Characteristics

Imports

user32

msdart

winsta

cfgmgr32

kernel32

msoert2

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 162KB - Virtual size: 161KB

.data Size: 628KB - Virtual size: 2.0MB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 284B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 162KB - Virtual size: 161KB

.data
Size: 628KB - Virtual size: 2.0MB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 284B