722f467b1e768bb2ed4e91574e141a73_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

722f467b1e768bb2ed4e91574e141a73_JaffaCakes118
Size

179KB
MD5

722f467b1e768bb2ed4e91574e141a73
SHA1

821b236e37eb29ecca9159a42df30c747bd5fb24
SHA256

4779f923f4a81b34c4975718dd59852427cfc9521e2c49811b46e3067166cce5
SHA512

e46a6d5cee5cdc0808680252606b9f07f9897c0dcec84b354eee505ee7a1ae1de190012877c24e5d736aa32fd85d172395b518b21aaf6957721d70339ab0cb8e
SSDEEP

3072:6WQQXLHpPAYKPG2vs01sBaFvWo5nI1ZUt9RYM952d6RMuVspObVYgoChB+6UMMnC:6WQQuYK+pu8aFuo5autz95FvSMVYgoCO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
722f467b1e768bb2ed4e91574e141a73_JaffaCakes118

Files

722f467b1e768bb2ed4e91574e141a73_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ef49b022b364a20dffe041d759b41c68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueA
LookupPrivilegeValueA
RegOpenKeyExA
AdjustTokenPrivileges
RegSetValueExW
RegOpenKeyA
RegEnumValueA
RegQueryInfoKeyA
InitializeSecurityDescriptor
ReportEventA
RegSetValueExA
RegCreateKeyW
RegCloseKey
RegSetValueA
RegOpenKeyW
RegQueryValueExW
RegDeleteValueA
DeregisterEventSource
RegEnumKeyW
RegDeleteKeyW
RegisterEventSourceA
RegDeleteValueW
RegDeleteKeyA
OpenProcessToken
SetSecurityDescriptorDacl
RegCreateKeyA
RegEnumValueW
RegQueryValueExA
RegEnumKeyA

samlib

SamConnectWithCreds
SamConnect
SamLookupNamesInDomain

ddraw

DirectDrawEnumerateA

kernel32

DuplicateHandle
GetUserDefaultLangID
GetVersion
lstrcpyA
GetFileType
VirtualProtect
UnhandledExceptionFilter
ReadFile
FreeEnvironmentStringsA
MoveFileA
IsDBCSLeadByte
GetLocaleInfoA
lstrlenA
FileTimeToLocalFileTime
GetStartupInfoA
lstrcmpA
GetCurrentProcess
CreateEventA
Sleep
TerminateProcess
GetTempPathA
GetCurrentProcessId
WinExec
HeapReAlloc
CreateFileA
ResetEvent
GlobalReAlloc
VirtualFree
HeapSize
GlobalDeleteAtom
LCMapStringA
GetACP
GlobalHandle
_llseek
RemoveDirectoryA
InterlockedIncrement
VirtualAlloc
GetStdHandle
GetStringTypeExA
SystemTimeToFileTime
SetLocalTime
CloseHandle
_lclose
FindResourceA
WideCharToMultiByte
GetDateFormatA
SetEnvironmentVariableA
lstrcmpiA
GetTickCount
GetVolumeInformationA
SetCurrentDirectoryA
lstrcmpiW
DeleteCriticalSection
GetStringTypeA
InterlockedDecrement
CreateSemaphoreA
HeapFree
GetCommandLineA
GetSystemDirectoryA
MulDiv
InitializeCriticalSection
GetModuleHandleA
CompareStringW
GetFileTime
TlsGetValue
EnterCriticalSection
UnlockFile
CompareStringA
_lwrite
GetSystemInfo
GetSystemDefaultLangID
GetEnvironmentStringsW
GetProfileStringA
SetStdHandle
GetDriveTypeA
SetFileTime
GlobalUnlock
GetWindowsDirectoryA
IsBadReadPtr
TlsAlloc
GlobalLock
_lread
IsBadCodePtr
SetFilePointer
DeleteFileA
FlushInstructionCache
SetFileAttributesA
GlobalAlloc
GetCurrentDirectoryA
ExitThread
GetShortPathNameA
GlobalAddAtomA
GetUserDefaultLCID
GetFileAttributesA
SetHandleCount
lstrcatA
GetLastError
GetLocalTime
FreeResource
FileTimeToSystemTime
CreateProcessW
GetEnvironmentStrings
GetTimeZoneInformation
FlushFileBuffers
CreateThread
GetExitCodeProcess
FormatMessageW
GetVersionExA
LoadResource
FormatMessageA
SetErrorMode
CreateProcessA
LoadLibraryExA
FreeEnvironmentStringsW
HeapAlloc
GetCPInfo
SetEndOfFile
GlobalSize
WaitForSingleObject
GetStringTypeW
VirtualQuery
GetModuleFileNameW
FreeLibrary
LockResource
LoadLibraryA
GetCurrentThreadId
GetFullPathNameA
FindClose
SetLastError
GetSystemDefaultLCID
CreateDirectoryA
GetModuleFileNameA
GetSystemTime
LCMapStringW
TlsSetValue
WriteFile
lstrcpynA
GetProcAddress
RtlUnwind
LeaveCriticalSection
TlsFree
GetTempFileNameA
ResumeThread
FindNextFileA
MultiByteToWideChar
HeapCreate
SetEvent
HeapDestroy
ExitProcess
SizeofResource
GlobalFree
SearchPathA
GetOEMCP
ReleaseSemaphore
LockFile
FindFirstFileA
RaiseException

ws2_32

setsockopt
WSAConnect

ole32

OleSave
OleLoad

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 141KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef49b022b364a20dffe041d759b41c68

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

samlib

ddraw

kernel32

ws2_32

ole32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.data Size: 141KB - Virtual size: 368KB

.rsrc Size: 26KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.data
Size: 141KB - Virtual size: 368KB

.rsrc
Size: 26KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 64B