710af579975cf6f5928a22f0a81808ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

710af579975cf6f5928a22f0a81808ae_JaffaCakes118
Size

264KB
MD5

710af579975cf6f5928a22f0a81808ae
SHA1

93b6c61c5ee15f0f7103622b9660be8eb044394c
SHA256

735a37efb2c9403921e89b92c1e54582a59eadf05524c1c3636457617a663a06
SHA512

e9f6b58b0ac16288f26721ffa466c7f205d36970f4022492eaa3211277cbbf8e293a8601a9a76c1f8a2317a8eb4b164d23bae96ed9bbf3cbf04383c9c49b4984
SSDEEP

6144:sZTs1E3Jt4pzvS6o+h7knyD+LJWW9v/JjTtGHwwM9+RfJ:s1swUpzvSj+GG+9vtBfoHNMUl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
710af579975cf6f5928a22f0a81808ae_JaffaCakes118

Files

710af579975cf6f5928a22f0a81808ae_JaffaCakes118
.exe windows:3 windows x86 arch:x86

1475de8417a223ebab9fd3aa45457146

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

CoUninitialize

user32

GetClientRect
GetDesktopWindow
wsprintfW
EndDialog
LoadStringA
SetWindowsHookExW
SendMessageW
IsWindowEnabled
TranslateMessage
MessageBoxW
ShowWindow
PostMessageW
GetFocus
KillTimer
EnableWindow
SetDlgItemTextW
SetWindowTextW
SetDlgItemInt
GetDlgItemTextW
SetFocus
CheckDlgButton
SetForegroundWindow
wsprintfA
GetWindowLongW
SetTimer

rtm

RtmGetDestInfo
RtmGetMostSpecificDestination
RtmDereferenceHandles
NextMatchInTable
RtmWriteAddressFamilyConfig
RtmReleaseRouteInfo
RtmInsertInRouteList
MgmDeRegisterMProtocol
RtmAddRoute
RtmReadInstanceConfig
RtmLockNextHop
DumpTable
RtmGetExactMatchRoute
RtmGetInstanceInfo
RtmDeleteRouteList
MgmReleaseInterfaceOwnership
RtmInvokeMethod
RtmRegisterForChangeNotification
RtmReadAddressFamilyConfig
RtmDeleteRouteToDest
RtmGetEnumNextHops
RtmAddRouteToDest
RtmIsBestRoute
RtmDeregisterEntity
RtmDeleteRoute
RtmDeregisterFromChangeNotification
MgmInitialize
DeleteFromTable
RtmGetRoutePointer
RtmGetChangeStatus
RtmDequeueRouteChangeMessage
RtmAddNextHop
RtmGetOpaqueInformationPointer
RtmGetChangedDests
RtmGetNextHopPointer
RtmReferenceHandles
RtmGetAddressFamilyInfo
RtmGetFirstRoute
RtmReleaseDests
RtmMarkDestForChangeNotification
RtmLookupIPDestination
RtmReleaseEntities
RtmReleaseNextHops
RtmReleaseChangedDests
RtmIsRoute
RtmDeleteRouteTable
RtmLockDestination
RtmDeleteEnumHandle
RtmCreateRouteListEnum
RtmCreateDestEnum
RtmRegisterClient
RtmCloseEnumerationHandle
MgmGetNextMfeStats
RtmGetRegisteredEntities
MgmGetProtocolOnInterface
RtmGetEnumDests
RtmWriteInstanceConfig

pdh

PdhVbAddCounter
PdhIsRealTimeQuery
PdhSetLogSetRunID
PdhGetDllVersion
PdhUpdateLogFileCatalog
PdhConnectMachineW
PdhTranslateLocaleCounterA
PdhGetCounterTimeBase
PdhGetDefaultPerfCounterW
PdhGetDefaultPerfCounterA
PdhRemoveCounter
PdhCalculateCounterFromRawValue
PdhGetDefaultPerfCounterHW
PdhCreateSQLTablesW
PdhGetFormattedCounterValue
PdhSelectDataSourceW
PdhGetDefaultPerfObjectA
PdhLookupPerfNameByIndexA
PdhTranslateLocaleCounterW
PdhEnumObjectsHA
PdhLookupPerfIndexByNameW
PdhBrowseCountersHW
PdhOpenQueryW
PdhGetCounterInfoA
PdhConnectMachineA
PdhOpenQueryA
PdhMakeCounterPathA
PdhVbUpdateLog
PdhExpandCounterPathA
PdhVerifySQLDBA
PdhGetLogFileSize
PdhAdd009CounterW
PdhGetRawCounterValue
PdhValidatePathW
PdhGetDataSourceTimeRangeA
PdhOpenQueryH
PdhVerifySQLDBW
PdhVbGetLogFileSize
PdhTranslate009CounterA
PdhParseCounterPathA
PdhGetCounterInfoW
PdhCollectQueryDataEx
PdhBrowseCountersW
PdhParseInstanceNameA
PdhParseInstanceNameW
PdhBrowseCountersHA
PdhVbIsGoodStatus
PdhRelogA
PdhVbGetOneCounterPath
PdhEnumObjectsA
PdhSelectDataSourceA
PdhOpenLogA
PdhListLogFileHeaderA
PdhCreateSQLTablesA

advapi32

RegOpenKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegFlushKey
RegCreateKeyExW
RegEnumValueW

comctl32

ImageList_Destroy

kernel32

VirtualAlloc
GetVersionExA
VirtualFree
IsBadCodePtr
lstrcmpW
GetStartupInfoW
WriteFile
DeleteCriticalSection
ExitThread
VirtualAlloc
GlobalAlloc
GetOEMCP
SetHandleCount
GetTickCount
TlsAlloc
QueryPerformanceCounter
GetACP
HeapAlloc
FreeEnvironmentStringsA
FlushFileBuffers
TlsGetValue
GetSystemTimeAsFileTime
TlsFree
GetLastError
GetLocaleInfoA
ExitProcess
InterlockedDecrement
WaitForSingleObject
ReadFile
GetFileAttributesW
GetCurrentThreadId
LocalFree
CreateFileW
GetFileType
InterlockedIncrement
CloseHandle
UnhandledExceptionFilter
GetCurrentDirectoryW
HeapCreate
LeaveCriticalSection
GetModuleHandleA
SetUnhandledExceptionFilter
EnterCriticalSection
VirtualFree
CreateEventW
RtlUnwind

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1475de8417a223ebab9fd3aa45457146

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

rtm

pdh

advapi32

comctl32

kernel32

Sections

.text Size: 178KB - Virtual size: 178KB

.data Size: 52KB - Virtual size: 51KB

.rsrc Size: 33KB - Virtual size: 564KB

.text
Size: 178KB - Virtual size: 178KB

.data
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 33KB - Virtual size: 564KB