7252eb47a23c2e381f7b9c3a91b248c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7252eb47a23c2e381f7b9c3a91b248c8_JaffaCakes118
Size

369KB
MD5

7252eb47a23c2e381f7b9c3a91b248c8
SHA1

c5244a5c353a9e8acbc685f483973539379d4812
SHA256

3843a2545acb8ee37165c87f43874d8d9077fd3366186dc48f9456b8514d5f1a
SHA512

f7743331a94967454722dde9b12f13379e593d506cfecbdd3da0b4f75bd4373cce60328935bac590d22a99a56099419023f575ae2ca1a3de2f4af2fa05e537ed
SSDEEP

6144:b/5nFiwi9DoD45g8GLhG2agYn+Gye174aCXrC55yiKELwapueCrHqEaG0GiBgPE:Zi5oU3MGwY+GRHC1J+yqEaG01

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7252eb47a23c2e381f7b9c3a91b248c8_JaffaCakes118

Files

7252eb47a23c2e381f7b9c3a91b248c8_JaffaCakes118
.exe .vbs windows:5 windows x86 arch:x86 polyglot

7e70b13b1b3b9a3dfbb06b778dced783

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

spuninst.pdb

Imports

comctl32

CreatePropertySheetPageW
PropertySheetW

user32

GetWindow
EnumWindowStationsA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
GetWindowThreadProcessId
wvsprintfW
EnableWindow
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
MessageBoxW
FindWindowExA
CloseDesktop
EnumWindows
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
CloseWindowStation
LoadIconA
MessageBoxA
SetDlgItemTextA
DialogBoxParamA
SetWindowTextA
DialogBoxParamW
KillTimer
CheckDlgButton
SetTimer
IsDlgButtonChecked
SetDlgItemTextW
DestroyWindow
EnumDesktopsA
SendDlgItemMessageA
ShowWindow
SendMessageA
GetDlgItem
LoadStringW
LoadStringA
EndDialog
SetForegroundWindow
SendMessageW
PostMessageA
SetWindowTextW
SetWindowLongA
GetWindowLongA
GetWindowTextA
GetParent

ntdll

RtlUnwind
strrchr
_strcmpi
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlUnicodeStringToAnsiString
strncat
_itoa
_chkstk
wcslen
wcscpy
_snwprintf
strtoul
_stricmp
_snprintf
strncpy
strchr
sprintf
_strnicmp
strstr
_vsnprintf
NtQueryVirtualMemory

ole32

CoUninitialize
CoInitialize

updspapi

UpdSpGetLineByIndexA
UpdSpGetFieldCount
UpdSpGetLineCountA
UpdSpSetDynamicStringA
UpdSpGetTargetPathA
UpdSpCopyErrorA
UpdSpPromptForDiskA
UpdSpSetDirectoryIdA
UpdSpGetSourceInfoA
UpdSpOpenFileQueue
UpdSpInstallFilesFromInfSectionA
UpdSpInitDefaultQueueCallbackEx
UpdSpScanFileQueueA
UpdSpDefaultQueueCallbackW
UpdSpDefaultQueueCallbackA
UpdSpInstallFromInfSectionA
UpdSpOpenAppendInfFileA
UpdSpDecompressOrCopyFileA
UpdSpGetLineTextW
UpdSpGetIntField
UpdSpCloseInfFile
UpdSpGetBinaryField
UpdSpGetLineTextA
UpdSpGetTargetPathW
UpdSpGetStringFieldW
UpdSpOpenInfFileA
UpdSpFindFirstLineA
UpdSpGetStringFieldA
UpdSpFindNextLine
UpdSpGetMultiSzFieldW
UpdSpFindFirstLineW
UpdSpCommitFileQueueA
UpdSpFindNextMatchLineW

msvcrt

wcscmp
toupper
strspn
atol
strpbrk
_close
_read
_open
mbstowcs
getenv
_ultoa
_wtoi64
_wcsicmp
swprintf
wcstoul
exit
_itow
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
calloc
isdigit
memmove
strcspn
malloc
free
_mbslwr
_strdup
strtok
_vsnwprintf
_lseek

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
OpenServiceW
EnumServicesStatusExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyA
InitiateSystemShutdownA
AbortSystemShutdownA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
GetFileSecurityA
LockServiceDatabase
QueryServiceConfigA
ChangeServiceConfigA
UnlockServiceDatabase
GetNamedSecurityInfoA
SetNamedSecurityInfoA
FreeSid
AdjustTokenPrivileges
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
RegQueryValueExW
EnumDependentServicesA
OpenSCManagerA
StartServiceA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetServiceDisplayNameA
ControlService
SetFileSecurityA
RegCreateKeyExA
RegRestoreKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA

kernel32

DelayLoadFailureHook
DeleteFileA
GetStartupInfoA
CreateProcessW
DeleteFileW
MapViewOfFile
DuplicateHandle
GetSystemDefaultLangID
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetWindowsDirectoryW
GetTempFileNameW
lstrlenW
VirtualFree
GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
GetLocalTime
OpenEventA
GetTempFileNameA
CreateFileW
SetEndOfFile
InterlockedIncrement
OpenProcess
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
CreateEventA
CreateEventW
lstrcmpiA
QueryDosDeviceA
DefineDosDeviceA
lstrcmpA
LoadLibraryW
lstrcmpiW
FormatMessageW
GetFileSize
LocalFree
LocalAlloc
CreateFileMappingA
MapViewOfFileEx
FindResourceA
LoadResource
UnmapViewOfFile
ReadFile
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
DeviceIoControl
GetSystemDirectoryA
GetDiskFreeSpaceA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
FreeLibrary
GetVersionExA
GetSystemInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentVariableA
CreateMutexA
SetUnhandledExceptionFilter
FormatMessageA
lstrcpynA
lstrcpyA
SetEvent
WaitForSingleObject
GetModuleHandleA
CreateThread
GetCurrentProcess
GetWindowsDirectoryA
SetCurrentDirectoryA
LoadLibraryA
Sleep
VirtualAlloc
WideCharToMultiByte
CopyFileA
SetFileAttributesA
MultiByteToWideChar
GetProcAddress
SetFilePointer
CreateFileA
WriteFile
CloseHandle
RemoveDirectoryA
MoveFileExA
lstrlenA
GetFullPathNameA
ExitProcess
SetLastError
GetModuleFileNameA
SetEnvironmentVariableA
GetFileAttributesA
MoveFileA
GetLastError

gdi32

GetObjectA
CreateFontIndirectA

shell32

SHGetSpecialFolderPathA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

psapi

GetModuleFileNameExA

userenv

ord119
ord138
ord121

rpcrt4

UuidFromStringA

imagehlp

EnumerateLoadedModules64

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PACK
Size: 160KB - Virtual size: 424KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e70b13b1b3b9a3dfbb06b778dced783

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

user32

ntdll

ole32

updspapi

msvcrt

advapi32

kernel32

gdi32

shell32

version

psapi

userenv

rpcrt4

imagehlp

Sections

.text Size: 162KB - Virtual size: 162KB

.data Size: 2KB - Virtual size: 398KB

.rsrc Size: 44KB - Virtual size: 43KB

PACK Size: 160KB - Virtual size: 424KB

.text
Size: 162KB - Virtual size: 162KB

.data
Size: 2KB - Virtual size: 398KB

.rsrc
Size: 44KB - Virtual size: 43KB

PACK
Size: 160KB - Virtual size: 424KB