76d60c5e6785fac7a8fa7bb9f502ceea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

76d60c5e6785fac7a8fa7bb9f502ceea_JaffaCakes118
Size

329KB
MD5

76d60c5e6785fac7a8fa7bb9f502ceea
SHA1

9937c4dd12fd339613b887c669b0d0617845d52e
SHA256

a4c5ec2605646ba1d050c016c63591f42477775f967a595ecfeb9255a6daff2d
SHA512

d97d6301df8efa7262109b06d073c549dc4a0ef2fc07687902f075dc00a8bb91dfbf7fcca986962c8c1914a558d5ed5b4d97336fffc0efecee7fe1dbd9660eb8
SSDEEP

6144:2wUdXxH4GNx7knPMmOF8GP0cB9KBGy/ewUZAyDzs4WYhD0aR2bm7Xr+lVYlcsv8L:2R4aknP2XMw7ZGyDzsjY2aRi/Lsv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76d60c5e6785fac7a8fa7bb9f502ceea_JaffaCakes118

Files

76d60c5e6785fac7a8fa7bb9f502ceea_JaffaCakes118
.exe windows:5 windows x86 arch:x86

28ece2cc8ff2a3297f99aeb1c7b93d46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingSetAuthInfoExW
RpcStringFreeW
NdrAsyncServerCall
RpcServerUnregisterIfEx
RpcStringBindingComposeW
RpcBindingFree
RpcAsyncCancelCall
UuidToStringW
RpcSsDestroyClientContext
RpcAsyncCompleteCall
RpcBindingVectorFree
RpcServerUseProtseqW
I_RpcExceptionFilter
RpcServerRegisterIfEx
NdrAsyncClientCall
RpcServerInqBindings
RpcBindingFromStringBindingW
RpcServerInqCallAttributesW
UuidCreate
RpcAsyncGetCallStatus
RpcEpRegisterW
RpcAsyncInitializeHandle

ole32

CoInitialize
CoCreateInstance
PropVariantCopy
CoUninitialize
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc

gdi32

GetDeviceCaps
CreateCompatibleDC
CreatePalette
CreateDIBSection
SelectObject
CreateDCW
GetRgnBox
RectInRegion
DeleteObject
DeleteDC
GetDIBits
RealizePalette
DrawEscape
GetSystemPaletteEntries
CreateRectRgnIndirect
BitBlt
GdiEntry13
SelectPalette
SetLayout
CreateCompatibleBitmap
CombineRgn
GetRegionData
CreateICW
OffsetRgn
GetDCOrgEx

psapi

GetProcessMemoryInfo

msvcrt

ceil
_vsnprintf
_resetstkoflw
_CIpow
realloc
modf
_onexit
memmove
wcstol
qsort
_lock
_CIsqrt
clock
_CIcos
_wcsicmp
_CIatan2
_stricmp
_finite
memset
_CIfmod
_isnan
_errno
_wtof
_CIacos
isspace
tolower
isxdigit
_purecall
isdigit
_copysign
_CIasin
_strdup
_controlfp
__dllonexit
setlocale
_CIcosh
strchr
_CIatan
_CIlog
wcschr
_clearfp
memcpy
floor
atoi
_unlock
_CItanh
isalpha
_CIexp
_XcptFilter
isalnum
toupper
_CIsinh
_amsg_exit
wcsstr
_initterm
_vsnwprintf
free
_fpclass
_CIsin
atof
_adjust_fdiv
malloc
_CItan
calloc
_wtoi

user32

OffsetRect
GetGuiResources
GetWindowDC
IsRectEmpty
EnumDisplaySettingsW
IntersectRect
GetDesktopWindow
GetMonitorInfoW
SystemParametersInfoW
DispatchMessageW
SetLayeredWindowAttributes
ClientToScreen
SetRect
PostMessageW
MsgWaitForMultipleObjects
TranslateMessage
GetClientRect
PeekMessageW
EnumDisplayDevicesW
GetDC
EnumDisplayMonitors
ReleaseDC
GetWindowLongW
IsWindow
EqualRect
UpdateLayeredWindow
InvalidateRect
RegisterWindowMessageW
CopyRect

ntdll

RtlDeleteElementGenericTable
DbgBreakPoint
RtlLookupElementGenericTable
RtlIsGenericTableEmpty
NtAddAtom
DbgPrintEx
DbgPrompt
NtMapViewOfSection
RtlFindClearBitsAndSet
RtlNumberGenericTableElements
RtlInitializeGenericTable
NtAllocateVirtualMemory
RtlSetBits
RtlInsertElementGenericTable
NtCreateSection
RtlUlongByteSwap
RtlInterlockedFlushSList
RtlClearBits
RtlInitializeBitMap

advapi32

UnregisterTraceGuids
GetTraceLoggerHandle
RegCloseKey
TraceEvent
RegisterTraceGuidsW
TraceMessage
RegOpenKeyExW
RegOpenKeyA
GetTraceEnableLevel
RegQueryValueExA
RegQueryValueExW
GetTraceEnableFlags

kernel32

InterlockedCompareExchange
MapViewOfFile
InterlockedExchange
GetFullPathNameA
GetVersionExW
FindClose
DebugBreak
LocalFree
InterlockedDecrement
WaitForMultipleObjects
OutputDebugStringA
DuplicateHandle
InterlockedFlushSList
CreateFileMappingW
WaitForSingleObject
InitializeSListHead
ProcessIdToSessionId
CloseHandle
DelayLoadFailureHook
HeapFree
GetCurrentProcess
SleepEx
CreateEventW
QueryDepthSList
DeleteCriticalSection
CreateWaitableTimerW
RtlCaptureStackBackTrace
TerminateThread
GetCurrentThreadId
InitializeCriticalSection
GetTickCount
CreateFileMappingA
SetWaitableTimer
QueryPerformanceCounter
GetSystemInfo
InitializeCriticalSectionAndSpinCount
CreateFileW
GetSystemDirectoryW
UnmapViewOfFile
SystemTimeToFileTime
GetProcessId
FindResourceW
LoadLibraryA
IsDebuggerPresent
LocalAlloc
VirtualAlloc
InterlockedPushEntrySList
FindFirstFileW
VirtualLock
Sleep
OutputDebugStringW
WideCharToMultiByte
GetCurrentProcessId
LockResource
GetFileSize
VirtualFree
SizeofResource
GetOverlappedResult
GetVersion
QueryPerformanceFrequency
GetLastError
ExitProcess
SetThreadPriority
GetProcAddress
GetProcessWorkingSetSize
GetSystemTimeAsFileTime
RaiseException
InterlockedExchangeAdd
SetLastError
PulseEvent
GetModuleHandleW
SetEvent
InterlockedIncrement
RtlUnwind
GetProcessHeap
GlobalUnlock
CreateFileA
WaitForSingleObjectEx
ReadFile
GetVersionExA
GetModuleHandleA
GetCurrentThread
LoadResource
ResetEvent
CompareStringW
WriteFile
MulDiv
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
TerminateProcess
LeaveCriticalSection
VirtualQuery
HeapReAlloc
CreateThread
HeapAlloc
SetProcessWorkingSetSize
lstrcmpiA
EnterCriticalSection
DisableThreadLibraryCalls
FreeLibrary
UnhandledExceptionFilter
TryEnterCriticalSection
LoadLibraryW
CancelIo

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

28ece2cc8ff2a3297f99aeb1c7b93d46

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

ole32

gdi32

psapi

msvcrt

user32

ntdll

advapi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 248KB - Virtual size: 248KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 1.4MB

.text
Size: 26KB - Virtual size: 26KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 248KB - Virtual size: 248KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 1.4MB