744b4aefbda8d4682c943da1b9dff0db_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

744b4aefbda8d4682c943da1b9dff0db_JaffaCakes118
Size

138KB
MD5

744b4aefbda8d4682c943da1b9dff0db
SHA1

402076c28caae7e153ffa550fa18393ffafd0b2d
SHA256

b2af56bc3a66f827dc9217c4b1cd8761c7d181754eadaacd816d5caebe80ca55
SHA512

ad454fe121187f1e63125b8039d66d148e7cc656d27ff7bbc6abe32f8c3ffe515ffe630f8e10147d7d036535ad15d60a030362f4a66f3cdbceaf4620a0a9160f
SSDEEP

3072:6vrd8xPFd7OJQ6G14jlinSUvt9lfvLXtxnhyUxABkwZiw+7VCe2CRB:6TdmFdKjlinSO9hvLdGUxAB8VCe2CR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
744b4aefbda8d4682c943da1b9dff0db_JaffaCakes118

Files

744b4aefbda8d4682c943da1b9dff0db_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0504d475157ffe803036495128f447ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
SetServiceStatus
GetSecurityDescriptorControl
OpenSCManagerA
AccessCheck
RegEnumValueA
RegQueryInfoKeyA
CopySid
AddAccessDeniedAce
GetAce
RegCloseKey
EqualSid
RegSetValueExA
LookupAccountSidW
AdjustTokenPrivileges
RegisterServiceCtrlHandlerA
GetSidSubAuthority
AddAce
FreeSid
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
DuplicateToken
CloseServiceHandle
RegConnectRegistryA
LookupAccountSidA
OpenServiceA
GetLengthSid
GetSecurityDescriptorSacl
GetSidLengthRequired
DuplicateTokenEx
IsValidSecurityDescriptor
LookupAccountNameA
SetThreadToken
StartServiceCtrlDispatcherA
ReportEventA
OpenProcessToken
ControlService
MakeAbsoluteSD
RegCreateKeyExA
RegQueryValueExW
SetSecurityDescriptorGroup
MakeSelfRelativeSD
RegCreateKeyA
AllocateAndInitializeSid
SetSecurityDescriptorDacl
DeregisterEventSource
GetTokenInformation
GetSecurityDescriptorDacl
RegOpenKeyExA
OpenThreadToken
IsValidSid
PrivilegeCheck
GetAclInformation
AddAccessAllowedAce
RegSetKeySecurity
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
InitializeAcl
RegEnumKeyA
LookupPrivilegeValueA
RegisterEventSourceA
InitializeSid
RegEnumKeyExA
DeleteService
GetSecurityDescriptorLength
QueryServiceStatus
GetUserNameA
SetSecurityDescriptorSacl
ChangeServiceConfigA
CreateServiceA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExW

shlwapi

PathFindExtensionA

rpcrt4

RpcStringBindingComposeA
NdrClientCall
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
RpcStringFreeA

user32

wsprintfW
PeekMessageA
EnumWindows
KillTimer
SetTimer
DispatchMessageA
CharNextA
IsWindowVisible
GetWindowThreadProcessId
GetMessageA
CharUpperA
GetWindowTextA
LoadStringA
PostThreadMessageA
MessageBoxA
wsprintfA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ole32

CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemFree
CoGetCallContext
CoInitializeEx
StringFromGUID2
CoInitializeSecurity
CoImpersonateClient
CoGetClassObject
StringFromIID
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
StringFromCLSID
CoRevertToSelf
CLSIDFromString
CoDisconnectObject
CoQueryProxyBlanket
CoTaskMemAlloc
CoRevokeClassObject

kernel32

LocalAlloc
LocalSize
LoadResource
GetModuleHandleA
EnterCriticalSection
FlushFileBuffers
RtlUnwind
GetCurrentProcess
lstrlenW
HeapDestroy
GetModuleFileNameA
SetEnvironmentVariableA
LCMapStringW
InterlockedExchange
GetComputerNameA
GetLastError
GetFileAttributesA
CreateMutexA
LocalFree
LoadLibraryA
WritePrivateProfileStringA
lstrcpynA
ReadProcessMemory
OpenProcess
SetLastError
GetVersionExA
CreateEventA
GetStdHandle
GetPrivateProfileStringA
TerminateThread
WideCharToMultiByte
MapViewOfFile
HeapSize
MultiByteToWideChar
VirtualQuery
TlsFree
VirtualAlloc
GetProcessTimes
TlsAlloc
CreateThread
SetHandleCount
GetExitCodeProcess
FindResourceA
FormatMessageA
GetVersion
IsDBCSLeadByte
ClearCommError
lstrcpyA
CreateProcessA
SetUnhandledExceptionFilter
CloseHandle
TlsSetValue
FindFirstFileA
lstrcatA
SetLastError
GetPrivateProfileSectionA
IsBadCodePtr
DuplicateHandle
LeaveCriticalSection
VirtualFree
CreateProcessW
TlsGetValue
CreateFileMappingA
WriteProfileStringA
GetProfileStringA
GetModuleFileNameW
FreeLibrary
SetStdHandle
GetCPInfo
EnumResourceNamesW
GetStringTypeA
LockResource
WaitForSingleObject
IsBadWritePtr
FindResourceExA
InterlockedCompareExchange
GetPrivateProfileSectionNamesA
GetCommandLineA
CompareStringA
GetFileType
GetPrivateProfileIntA
ReadFile
LoadLibraryExA
RaiseException
GetCurrentThreadId
GetSystemDirectoryA
GetSystemInfo
UnmapViewOfFile
HeapAlloc
Sleep
CompareStringW
FindClose
GetEnvironmentStringsW
GetThreadLocale
FreeEnvironmentStringsA
DeleteCriticalSection
SetErrorMode
HeapReAlloc
SetEndOfFile
LoadLibraryW
CreateFileA
SetFilePointer
GetSystemTimeAsFileTime
CreateDirectoryA
InterlockedDecrement
QueryPerformanceCounter
IsBadReadPtr
ExitProcess
GetACP
ExitProcess
GetLocaleInfoA
SetEvent
GetCurrentProcessId
GetCurrentThread
TerminateProcess
HeapCreate
lstrlenA
InterlockedIncrement
GetStringTypeW
InitializeCriticalSection
UnhandledExceptionFilter
GetProcessHeap
ReleaseMutex
GetStartupInfoA
GetModuleHandleW
GetTickCount
VirtualProtect
FreeEnvironmentStringsW
GetProcAddress
LCMapStringA
lstrcmpiA
GetEnvironmentStrings
GetOEMCP
WriteFile
SizeofResource
HeapFree

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0504d475157ffe803036495128f447ce

Headers

File Characteristics

Imports

advapi32

shlwapi

rpcrt4

user32

version

ole32

kernel32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 33KB - Virtual size: 32KB

.rscr Size: 512B - Virtual size: 212KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 33KB - Virtual size: 32KB

.rscr
Size: 512B - Virtual size: 212KB