838c8cd2c3e8b3194f04bd561a70dff9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

838c8cd2c3e8b3194f04bd561a70dff9_JaffaCakes118
Size

283KB
MD5

838c8cd2c3e8b3194f04bd561a70dff9
SHA1

f519708935185485d030c870a988bc1d5baa9fc7
SHA256

e545b1ff7200deae4efec693a032e4c2039addddbd85a60a305d70236dfbdcdb
SHA512

ac589fd20407db470d7f4c2524c6fe4b1b9f67f601838f4bd6908250132f31002f0158c23a79419be9dd006c3fff1c686601c2c69ff2185f2a4c4e13ae1eb4a6
SSDEEP

6144:OITrvxrFph9HgYevGpXoHh0VqAg36DNPY1bWTBdN1/y:OITF7MdvOXoHKqAu0NPKm6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
838c8cd2c3e8b3194f04bd561a70dff9_JaffaCakes118

Files

838c8cd2c3e8b3194f04bd561a70dff9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f445c76117ca4c14df32bf01b095bf29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_errno
_ltoa
_wcsnicmp
_wtol
atol
_except_handler3
_local_unwind2
wcsncpy
wcslen
wcspbrk
memset
_wcsicmp
wcstoul
wcsstr
??2@YAPAXI@Z
wcscpy
strchr
wcscmp
sprintf
vsprintf
wcscat
qsort
memmove
atoi
iswdigit
free
_initterm
_ftol
??3@YAXPAX@Z
wcsncmp
malloc
_adjust_fdiv

ntdll

NtOpenProcessToken
DbgPrint
NtRemoveIoCompletion
RtlGetNtProductType
NtQueryObject
NtQueryMultipleValueKey
RtlNtStatusToDosError

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership
RegEnumKeyExA
RegOpenKeyExA
RegConnectRegistryW
RegEnumKeyExW
RegEnumValueA
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetSidSubAuthority
ChangeServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
OpenThreadToken
RegQueryInfoKeyA
OpenProcessToken
GetSidLengthRequired
InitializeSid
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetSecurityDescriptorOwner

gdi32

GetTextExtentPoint32W
AddFontResourceA
ExtCreatePen
CreateBrushIndirect
TranslateCharsetInfo
DeleteDC
LineTo
MoveToEx
ExtTextOutW
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
CreateFontIndirectW
GetPixel
GetObjectW
GetStockObject
GetDeviceCaps
SetPixel
DeleteObject
SetTextColor
SetBkColor
BitBlt
GetClipBox
PatBlt
GetCharWidthW
CreateSolidBrush
GetTextExtentPointW
GetTextMetricsW

kernel32

GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
GetVersionExA
TlsAlloc
GetModuleFileNameA
GetProcAddress
LoadLibraryW
SetFileAttributesA
lstrcpynW
GetSystemDefaultLCID
lstrlenW
GetModuleHandleA
lstrcatW
ReleaseMutex
WaitForSingleObject
VirtualAlloc
Sleep
lstrlenA
CreateProcessW
SetLastError
LoadLibraryA
lstrcmpiW
CloseHandle
FindClose
GetComputerNameExW
FindNextFileW
FindFirstFileW
IsBadWritePtr
CompareStringW
WideCharToMultiByte
lstrcpyW
GlobalDeleteAtom
CreateMutexW
GetSystemDefaultLangID
GlobalAddAtomW
OpenMutexW
SetFilePointer
SetEvent
GetTickCount
CreateThread
CreateEventW
ExpandEnvironmentStringsW
LoadLibraryExW
GlobalReAlloc
CreateFileA
GetUserDefaultLCID
DelayLoadFailureHook
InterlockedCompareExchange
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
GetUserDefaultLangID
FindFirstFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LockResource
LCMapStringW
LoadResource
FindResourceW
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
LeaveCriticalSection
CreateSemaphoreW
PulseEvent
EnterCriticalSection
HeapAlloc
TlsSetValue
FindResourceExA
GetProcessHeap
HeapFree
CreateProcessA
GetSystemDirectoryA
GetCurrentThread
GetTempPathA
GetAtomNameA
GetUserDefaultUILanguage
GetOEMCP
GetLocaleInfoW
TlsGetValue
GetLogicalDrives
GetLocaleInfoA
GetNumberFormatW
GetModuleHandleW
GetWindowsDirectoryW
GlobalMemoryStatusEx
GetModuleFileNameW
CreateFileW
TlsFree
InterlockedExchange
lstrcmpW
GetLastError
FormatMessageW
LocalFree
ReadFile
GlobalAlloc
GlobalFree
InterlockedIncrement
CreateDirectoryW
MultiByteToWideChar
LocalAlloc
OpenSemaphoreA
GetSystemDirectoryW
GetVersionExW
lstrcmpiA
lstrcpyA
AreFileApisANSI
GetSystemWindowsDirectoryW
OpenMutexA
CreateMutexA
GetFullPathNameW
InterlockedDecrement
GetACP
MulDiv
GetVersion
GetThreadLocale
GlobalUnlock
GlobalLock
GetComputerNameW

mprapi

MprAdminPortDisconnect
MprAdminBufferFree
MprAdminPortEnum
MprAdminIsServiceRunning
MprAdminConnectionEnum
MprAdminConnectionGetInfo
MprAdminServerDisconnect
MprAdminServerConnect
MprAdminUserServerDisconnect
MprAdminUserWriteProfFlags
MprAdminUserServerConnect
MprAdminUserReadProfFlags
MprAdminUserOpen
MprAdminUserRead
MprAdminUserClose
MprAdminUserWrite
MprAdminInterfaceDelete

ole32

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CLSIDFromString

rasapi32

RasGetEapUserDataW
RasSetAutodialAddressW
RasGetAutodialAddressW

rasman

RasGetDeviceConfigInfo
RasSetDeviceConfigInfo
RasGetCustomScriptDll
RasSetCommSettings
RasIsTrustedCustomDll
RasSendNotification
RasGetUnicodeDeviceName
RasRpcSetUserPreferences
RasRpcGetUserPreferences
RasRpcGetSystemDirectory
RasRpcGetInstalledProtocolsEx
RasRpcGetInstalledProtocols
RasRpcGetVersion
RasGetInfo

tapi32

lineTranslateDialogW
lineSetCurrentLocation
LOpenDialAsst
lineGetCountryW
lineGetTranslateCapsW
lineConfigDialogW
lineTranslateAddressW

user32

SendMessageA
CreateIconIndirect
GetIconInfo
LoadIconW
MessageBoxW
SendDlgItemMessageW
DialogBoxParamW
UnregisterClassA
ShowCursor
SetCursor
LoadCursorW
ExitWindowsEx
LoadStringW
GetDlgItemTextW
SetCaretPos
GetCaretPos
CreateWindowExW
RegisterClassW
GetClassInfoW
GetKeyState
SetWindowsHookExW
PeekMessageW
UnhookWindowsHookEx
PostMessageW
GetClientRect
GetDC
GetSysColorBrush
ReleaseDC
WinHelpW
SetDlgItemTextW
SetForegroundWindow
GetClipboardOwner
GetWindowTextW
wsprintfW
SetDlgItemInt
GetDlgItemInt
TranslateMessage
SetWindowPos
ShowWindow
SetTimer
IsDlgButtonChecked
KillTimer
GetDoubleClickTime
CheckDlgButton
LoadImageW
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
GetParent
EnableWindow
GetFocus
IsWindowEnabled
SetFocus
GetWindowLongW
SendMessageW
GetWindowRect
RemovePropW
GetActiveWindow
InvalidateRect
GetForegroundWindow
UpdateWindow
DefWindowProcA
LoadMenuA
LoadBitmapW
GetWindowTextLengthW
EnumChildWindows
EnumWindows
SetPropW
GetPropW
CallWindowProcW
CountClipboardFormats
FindWindowA
DestroyIcon
CharNextW
CharPrevW
GetDlgCtrlID
MapWindowPoints
ScreenToClient
GetProcessDefaultLayout
IsWindowVisible
GetSystemMetrics
GetCursor
InflateRect
GetSysColor
EnumThreadWindows
GetCursorPos
DestroyWindow
MessageBeep
DefWindowProcW
EndPaint
SetRect
FillRect
GetClipboardSequenceNumber
BeginPaint
GetCaretBlinkTime
FindWindowExA
DrawFocusRect
GetClipboardViewer
DrawTextW

rpcrt4

RpcBindingFree
UuidCreate

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 209KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 857B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f445c76117ca4c14df32bf01b095bf29

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

advapi32

gdi32

kernel32

mprapi

ole32

rasapi32

rasman

tapi32

user32

rpcrt4

Sections

.text Size: 64KB - Virtual size: 61KB

.data Size: 209KB - Virtual size: 308KB

.tls Size: 1024B - Virtual size: 857B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 64KB - Virtual size: 61KB

.data
Size: 209KB - Virtual size: 308KB

.tls
Size: 1024B - Virtual size: 857B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 2KB