7416870e96cb5a582b57f493fe916722_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7416870e96cb5a582b57f493fe916722_JaffaCakes118
Size

412KB
MD5

7416870e96cb5a582b57f493fe916722
SHA1

71a7f75ac426e9da9df1420683c1e94a41ebf1e2
SHA256

b9087d66d3d406f3a5f82d8648fcf85c580040f3651f05096819c6dbdfe04dbf
SHA512

21bc57d6833886f37dcd973a4dbd0acaa754bdb729035d98b79f45dfbd5c439da24a01a6de26a0cfa00f7204eae60ed0b9352f879346b74ee294497f9fea0acf
SSDEEP

6144:wQSr496nJRSaBGbpZWLhlZLOHn0zYOSgpJ8/2RQcRqF:wQRWGbLAZKHnqSgpJ8/LcRk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7416870e96cb5a582b57f493fe916722_JaffaCakes118

Files

7416870e96cb5a582b57f493fe916722_JaffaCakes118
.exe windows:4 windows x86 arch:x86

20c3a3bad04db67e5a40f84a54b69198

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hprbutil

?SetIntegerValue@CHPRBIniHandler@@QAEHPBD0H@Z
??0CHPRBWinOS@@QAE@XZ
?IsWindows@CHPRBWinOS@@QBEHK@Z
??1CHPRBWinOS@@UAE@XZ
??0CHPRBIniHandler@@QAE@XZ
??1CHPRBIniHandler@@UAE@XZ
?GetIntegerValue@CHPRBIniHandler@@QAEHPBD0H@Z

kernel32

RaiseException
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetCommandLineA
CreateSemaphoreA
GetCurrentProcessId
ReleaseSemaphore
InterlockedExchange
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedCompareExchange
GetModuleFileNameA
InitializeCriticalSection
CreateEventA
CreateMutexA
CreateThread
WaitForMultipleObjects
CloseHandle
SignalObjectAndWait
DeleteCriticalSection
WaitForSingleObject
ReleaseMutex
lstrlenW
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
SetEvent
LeaveCriticalSection
SetStdHandle
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
GetEnvironmentStrings
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
FreeEnvironmentStringsA
Sleep
WriteFile
ExitProcess
HeapCreate
VirtualFree
GetFileType
GetStdHandle
SetHandleCount
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetCPInfo
GetStartupInfoA
VirtualQuery
GetSystemInfo
GetProcAddress
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
VirtualProtect
VirtualAlloc

user32

MessageBoxA
DispatchMessageA
GetMessageA
PostThreadMessageA
LoadStringA
UnregisterClassA
CharNextA

advapi32

RegEnumKeyExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenThreadToken
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ControlService
DeleteService
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle

ole32

CoInitializeSecurity
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
VariantCopyInd
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysStringByteLen
SafeArrayUnaccessData
SafeArrayGetElemsize
SysAllocString
VariantChangeType
VariantInit
SysFreeString
VariantClear

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zyfhhua
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

20c3a3bad04db67e5a40f84a54b69198

Headers

File Characteristics

Imports

hprbutil

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 300KB - Virtual size: 300KB

zyfhhua Size: - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 300KB - Virtual size: 300KB

zyfhhua
Size: - Virtual size: 4KB