881d90f3016640d9ad4ce8f926eae3ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

881d90f3016640d9ad4ce8f926eae3ac_JaffaCakes118
Size

56KB
MD5

881d90f3016640d9ad4ce8f926eae3ac
SHA1

9269480fdbaed35bf2817ce69618cb2228acafde
SHA256

ec6691cb1c357614a87883afa5c63aec286a4808b8006ebccec37a719efe75e3
SHA512

e3864b7dcbab778383a9cb84bda7619d84533e38b945f935024f75560fbcf5a5154969b6b6364213224d1bd4d9e76e8b1464e26daed86d1a425c864498b3f744
SSDEEP

768:IN+YyMR0jhwEiewRC/7ZTyaG0qrp49MU8igWRVE8OqKcXD3ZnUnmFFF5yCVumOq:e+VVhenRq7F7qVQx9SsDpbImOq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
881d90f3016640d9ad4ce8f926eae3ac_JaffaCakes118

Files

881d90f3016640d9ad4ce8f926eae3ac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6c4b7f21d53aeac37e58bce06a282684

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileWithProgressA
WTSGetActiveConsoleSessionId
QueryDosDeviceW
GetProcessVersion
lstrcpynW
QueryDepthSList
BackupSeek
LocalLock
CompareStringW
VirtualAlloc
SwitchToThread
IsBadWritePtr
SetLastConsoleEventActive
QueryInformationJobObject
SetConsoleNlsMode
QueryPerformanceCounter
ExitProcess
PulseEvent
SetConsoleMenuClose
GetPrivateProfileIntA
GlobalAlloc
LoadLibraryA
RtlUnwind
SetVolumeMountPointA

ureg

?DoesKeyExist@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAK@Z
?IsAccessAllowed@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@KPAK@Z
?LoadHive@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
?CreateKey@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@1PAKE@Z
??0REGISTRY_VALUE_ENTRY@@QAE@XZ
?Initialize@REGISTRY@@QAEEPBVWSTRING@@PAK@Z
?QuerySubKeysInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVARRAY@@PAK@Z
?Initialize@REGISTRY_VALUE_ENTRY@@QAEEPBVWSTRING@@KW4_REG_TYPE@@PBEK@Z
??1REGISTRY@@UAE@XZ
?SaveKeyToFile@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
?Initialize@REGISTRY_KEY_INFO@@QAEEPBVWSTRING@@0K0PAU_SECURITY_ATTRIBUTES@@@Z
?QueryValues@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVARRAY@@PAK@Z
?UpdateKeyInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PAK@Z
?UnLoadHive@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PAK@Z
?QueryKeyInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVREGISTRY_KEY_INFO@@PAK@Z
?DoesValueExist@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@11PAK@Z
??0REGISTRY@@QAE@XZ
?SetKeySecurity@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@KPAXPAKE@Z
?EnableRootNotification@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAXKE@Z

udhisapi

HttpExtensionProc
GetExtensionVersion
TerminateExtension

ole32

CoMarshalInterface
CoInitializeWOW
CoCreateInstance
UtConvertDvtd16toDvtd32
CreateObjrefMoniker
IsValidIid
HWND_UserSize
PropSysFreeString
CoQueryReleaseObject
StgOpenStorage
PropSysAllocString
CoGetPSClsid
OleIsRunning
ComPs_NdrDllUnregisterProxy
CoInstall
WdtpInterfacePointer_UserFree
SetDocumentBitStg
CoFreeLibrary
CreateBindCtx
CoDosDateTimeToFileTime
OleSetClipboard
CoEnableCallCancellation
StgConvertPropertyToVariant
HACCEL_UserFree
OleBuildVersion

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c4b7f21d53aeac37e58bce06a282684

Headers

File Characteristics

Imports

kernel32

ureg

udhisapi

ole32

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 17KB - Virtual size: 84KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 17KB - Virtual size: 84KB

.rsrc
Size: 1KB - Virtual size: 1KB