757c2bbe0d0527857de01f12c28d55bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

757c2bbe0d0527857de01f12c28d55bd_JaffaCakes118
Size

86KB
MD5

757c2bbe0d0527857de01f12c28d55bd
SHA1

70aed8c4fc67442db24d57fed65f3817a028cb5a
SHA256

84ede79814621849a37bc207738b476a8cfd8d6cb0894f048af3e140a43c1ce6
SHA512

31143d9b2fb1b020b54f17330cc45e7fb0931ec6725b8c94e2b9cf8ae3a1c6df46d084b6645e686d35c35bea5bcd5728232719a4cbf9c9d59d5bb99d1fea44a4
SSDEEP

1536:+QyHbpT5Tg0/DiZOdAvwlkG+B2glBeV1VfVvAeR9lA+dL:+3Hbhq0/DewlkBQgC/f5zR9m+p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
757c2bbe0d0527857de01f12c28d55bd_JaffaCakes118

Files

757c2bbe0d0527857de01f12c28d55bd_JaffaCakes118
.exe windows:6 windows x86 arch:x86

12d7c5abd681cf91407485c9f01124dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msoobe.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceEvent
GetSidSubAuthorityCount
GetSidLengthRequired
CopySid
GetSidSubAuthority
ConvertSidToStringSidW
QueryServiceStatusEx
OpenSCManagerW
QueryServiceConfigW
EventWrite
RegEnumKeyW
RegDeleteKeyW
OpenServiceW
StartServiceW
CloseServiceHandle
TraceMessage

kernel32

RegEnumValueW
LocalAlloc
GetFileSize
ReadFile
HeapSetInformation
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
CreateMutexW
InterlockedCompareExchange
WritePrivateProfileStringW
InterlockedExchange
Sleep
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RegOpenKeyExW
RegQueryValueExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
SetLastError
GetFullPathNameW
CreateDirectoryW
ExpandEnvironmentStringsW
LocalFree
lstrlenW
SetEvent
OpenEventW
WaitForSingleObject
GetModuleHandleW
CreateFileW
GetFileAttributesW
FindClose
FindFirstFileW
FlushFileBuffers
FindNextFileW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
NotifyUILanguageChange
CreateEventW
CompareStringW
GetVersionExW
GetExitCodeProcess
CreateProcessW
GetStartupInfoW

msvcrt

__getmainargs
_cexit
_exit
__dllonexit
_XcptFilter
_ismbblead
exit
_acmdln
_onexit
_lock
_initterm
_amsg_exit
__setusermatherr
_unlock
__set_app_type
memcpy
_vsnprintf
wcsrchr
memset
wcschr
_wcsnicmp
_vsnwprintf
_wcsicmp
_vscwprintf
swprintf_s
__p__fmode
_except_handler4_common
__p__commode
_controlfp
?terminate@@YAXXZ

shlwapi

ord16
ord437
SHRegGetValueW

ntdll

WinSqmStartSession
RtlFreeHeap
WinSqmSetDWORD
RtlpVerifyAndCommitUILanguageSettings
NtClose
NtSetValueKey
NtCreateKey
RtlInitUnicodeString
RtlAllocateHeap
WinSqmEndSession

userenv

ord206
DeleteProfileW

netapi32

NetApiBufferFree
NetUserModalsGet

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12d7c5abd681cf91407485c9f01124dc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

shlwapi

ntdll

userenv

netapi32

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 23KB