724608d620b6507575d9929c44d120f9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

724608d620b6507575d9929c44d120f9_JaffaCakes118
Size

106KB
MD5

724608d620b6507575d9929c44d120f9
SHA1

080cf95ae0c736c559c370dd9a4d6478eb5859d1
SHA256

1ab7ee71b9b3d6badb7425f26499cb1ff840dba6afe52513269b3c1efdd9be46
SHA512

3e39708cd3bf30bd6c9e3c0838f499608f4ebf284d9cd33edb09effa75d8c95425384b826c09e2dea8181e5287d4693ab767366dbc9705626e3d85aa4947fb92
SSDEEP

3072:D+SUvzWLmgn7gnFswhMm6hk8zSVczfPXE2WFME:DKzWxk6hkUSQeF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
724608d620b6507575d9929c44d120f9_JaffaCakes118

Files

724608d620b6507575d9929c44d120f9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

92cd3a64e6a3dc041c1a7718b2bc7f94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
TlsSetValue
LeaveCriticalSection
TlsFree
SetLastError
TlsGetValue
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InitializeCriticalSection
EnterCriticalSection
OutputDebugStringA
GetCurrentProcessId
GetVersion
FindResourceA
LoadResource
SizeofResource
FreeLibrary
SwitchToThread
lstrlenA
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrlenW
MultiByteToWideChar
InterlockedExchange
TryEnterCriticalSection
GetModuleFileNameW
VirtualQuery
LoadLibraryExA
lstrcmpiA
RaiseException
MapViewOfFile
CreateFileMappingW
InterlockedCompareExchange
GetModuleHandleA
GetProcAddress
GetCommandLineA
RtlUnwind
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
HeapAlloc
LoadLibraryA
SetFilePointer
TlsAlloc
WaitForMultipleObjects
ResetEvent
CreateEventA
HeapFree
GetProcessHeap
LocalFree
CloseHandle
LocalAlloc
GetLastError
GetCurrentProcess
OpenWaitableTimerW
OpenJobObjectW
OpenFileMappingW
OpenSemaphoreW
GetOverlappedResult
GetCurrentThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
VirtualProtect

user32

SetWindowLongW
CharNextA
EndDialog
CheckDlgButton
GetWindowLongW
IsDlgButtonChecked

advapi32

ConvertSidToStringSidW
GetSidSubAuthorityCount
RegDeleteValueA
RegQueryInfoKeyA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
SetSecurityDescriptorGroup
OpenThreadToken
RevertToSelf
CreatePrivateObjectSecurityEx
SetThreadToken
MakeSelfRelativeSD
RegCloseKey
RegGetKeySecurity
RegConnectRegistryW
SetSecurityDescriptorOwner
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
DestroyPrivateObjectSecurity
LookupAccountNameW
CopySid
GetLengthSid
InitializeAcl
OpenProcessToken
GetTokenInformation
IsValidSid
RegOpenKeyExW
GetSidSubAuthority
RegQueryValueExW
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW

ole32

CoTaskMemFree
CoTaskMemRealloc

rpcrt4

MesEncodeDynBufferHandleCreate
MesHandleFree
MesDecodeBufferHandleCreate

msvcrt

_callnewh
_initterm
_onexit
asctime
ctime
clock
difftime
localtime
time
_except_handler3
memcpy
wcschr
_wcsicmp
wcsrchr
_errno
_CxxThrowException
memset
free
malloc
__dllonexit
_XcptFilter
_adjust_fdiv
_vsnwprintf

msvcp60

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92cd3a64e6a3dc041c1a7718b2bc7f94

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

msvcrt

msvcp60

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 34KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 34KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 3KB - Virtual size: 2KB