7865603ebf0ab27dfc256167a856405c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7865603ebf0ab27dfc256167a856405c_JaffaCakes118
Size

294KB
MD5

7865603ebf0ab27dfc256167a856405c
SHA1

a40eeee3ca3436f7be960d6982852c1551734d52
SHA256

8c4c46b7a9ede6194c4d160115dffdf055dad2119c44f80b2f22080e15091541
SHA512

6bf8c2920e944df9f582ef870f3aaf0b852bcc0b335e1a1b95ea5a085aa815846e2a69b8f8e1a2b071432d8c6078d73c940df03a3d55e05ea740c621d88de6e6
SSDEEP

6144:EjBX+1baifuZLNOkEiHDXPJYN5O+az/lMsZTUNgkyG41u:QN+haiWNOsHDXPJ22z/lPUezL1u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7865603ebf0ab27dfc256167a856405c_JaffaCakes118

Files

7865603ebf0ab27dfc256167a856405c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ee3c0eaaa6aacc2bf7e4c85d270a9922

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\out_Win32\Release\kav50.pdb

Imports

prremote

PRCloseProcessRequest
PRInitialize
PRIsValidProxy
PRStopServer
PRDeinitialize
PRCreateProcess
PRRegisterObject
PRUnregisterObject
PRGetObjectProxy
PRReleaseObjectProxy

fssync

FSSync_ScreeState
FSSync_SetCheck
FSSync_ScreeNotify
FSSync_ScreeActive

kernel32

QueryPerformanceCounter
OpenProcess
LoadLibraryW
lstrcmpiW
GetModuleHandleW
QueryDosDeviceW
lstrcpyW
lstrlenW
GetShortPathNameW
ExpandEnvironmentStringsW
GetModuleFileNameW
GetLocalTime
CreateMutexA
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
lstrcatA
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetCommandLineW
GetModuleHandleA
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
HeapAlloc
GetStdHandle
OpenMutexA
ExpandEnvironmentStringsA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetProcessAffinityMask
SetErrorMode
SetEvent
InitializeCriticalSection
FreeConsole
SetConsoleCtrlHandler
SetProcessWorkingSetSize
WaitForMultipleObjects
DeleteCriticalSection
LocalFree
CreateEventA
SetConsoleMode
GetConsoleMode
SetConsoleTitleA
AllocConsole
CreateProcessA
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
GetFileAttributesA
ResetEvent
GetFullPathNameA
WideCharToMultiByte
DeleteFileA
GetTempFileNameA
CreateDirectoryA
GetTempPathA
GetVersion
InterlockedExchange
GetTickCount
GetVersionExA
GetLastError
Sleep
ReleaseMutex
SetUnhandledExceptionFilter
TerminateProcess
DeviceIoControl
CreateThread
WaitForSingleObject
GetExitCodeThread
WriteFile
FlushFileBuffers
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetFileSize
CloseHandle
lstrcpyA
CreateFileW
HeapFree
FormatMessageA
GetProcessHeap
InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
IsDebuggerPresent
GetFileType

user32

wsprintfA
GetSystemMetrics
RegisterWindowMessageA
ExitWindowsEx
DefWindowProcA
IsWindow
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
DestroyWindow
CreateWindowExA
RegisterClassA
PostMessageA
MsgWaitForMultipleObjects

advapi32

LookupAccountNameA
IsValidSid
GetLengthSid
CopySid
RegQueryValueExW
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegNotifyChangeKeyValue
AllocateAndInitializeSid
FreeSid
RegOpenKeyA
RegEnumValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CloseServiceHandle
OpenServiceA
OpenSCManagerA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
SetServiceStatus
RegDeleteValueA
CreateServiceA
DeleteService
QueryServiceStatus
ControlService
StartServiceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
SetSecurityDescriptorSacl
GetUserNameA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

msvcr80

_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__dllonexit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
_lock
_onexit
_decode_pointer
_except_handler4_common
__setusermatherr
_configthreadlocale
_initterm_e
??2@YAPAXI@Z
_controlfp_s
memcpy
memmove
_set_invalid_parameter_handler
atoi
??3@YAXPAX@Z
strchr
strrchr
wcsrchr
_mbsstr
_mbsicmp
_mbsnbicmp
_mbslwr
_time32
memset
wcscat_s
wcscpy_s
_snprintf_s
_itoa
strtoul
__CxxFrameHandler3
_getch
printf
sprintf
__argc
__argv
_makepath
_splitpath
setlocale
_mbslen
??_U@YAPAXI@Z
??_V@YAXPAX@Z
setvbuf
_fdopen
_open_osfhandle
__iob_func
_ismbblead
_initterm
_localtime32
fflush
fprintf
_vsnprintf
fclose
fgets
fopen
strerror
_errno
_snprintf
getchar
getc
_flushall
strcat_s
strcpy_s
sprintf_s
_close
_read
_filelength
_open
malloc
free
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
_acmdln
_invoke_watson

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.prdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ee3c0eaaa6aacc2bf7e4c85d270a9922

Headers

File Characteristics

PDB Paths

Imports

prremote

fssync

kernel32

user32

advapi32

shell32

ole32

msvcr80

msvcp80

Sections

.text Size: 136KB - Virtual size: 134KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 12KB - Virtual size: 10KB

.prdata Size: 68KB - Virtual size: 68KB

.text
Size: 136KB - Virtual size: 134KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 12KB - Virtual size: 10KB

.prdata
Size: 68KB - Virtual size: 68KB