85c5eb14ee9626926012c7d18dfa06f4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

85c5eb14ee9626926012c7d18dfa06f4_JaffaCakes118
Size

139KB
MD5

85c5eb14ee9626926012c7d18dfa06f4
SHA1

70d5202d7259bc85a1a58ba2320893735e433f9d
SHA256

4945fb6a4c7622ddc28e5f907e4b9b81a3477108176af88bf82f8d7d378726ba
SHA512

70c91d49fde25e93aab1b2f7eee02c1c83e33d23cb9837c7170bac4bba528678a49adc28064f500f6d688c52e3d476ec81147d93aca328ef1ded3b77ca1314da
SSDEEP

3072:021h6DhkV1DKrqokzVnghOvZkZeaf2fNeYGYz/j:0pOneqgMvCZe/GYrj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85c5eb14ee9626926012c7d18dfa06f4_JaffaCakes118

Files

85c5eb14ee9626926012c7d18dfa06f4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a61f52cad714054fff253005472bdd30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
LookupAccountSidW
GetSidSubAuthority
GetLengthSid
GetSidLengthRequired
GetSidSubAuthorityCount
LsaFreeMemory
LsaQueryInformationPolicy
LsaClose
LsaOpenPolicy
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
CloseEventLog
ClearEventLogW
OpenEventLogW
CloseServiceHandle
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
ControlService
RegSaveKeyW
RegQueryValueExA
RegEnumKeyA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueA
RegOpenKeyExA

kernel32

GetPrivateProfileIntW
FreeLibrary
GetProcAddress
LoadLibraryA
LoadLibraryW
WideCharToMultiByte
HeapAlloc
lstrlenW
CompareStringW
GetPrivateProfileStringW
lstrcmpiW
CloseHandle
FormatMessageW
CreateEventW
WaitForSingleObject
SetEvent
GetModuleFileNameW
Sleep
CreateMutexW
WritePrivateProfileStringW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetSystemDirectoryW
ExpandEnvironmentStringsW
WritePrivateProfileSectionW
CreateDirectoryW
_lwrite
_lcreat
SetFileAttributesA
_lclose
_lread
_llseek
_lopen
CopyFileW
GetFullPathNameW
MoveFileW
DeviceIoControl
CreateFileW
WriteFile
SetFilePointer
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetSystemTimeAsFileTime
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetLastError
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
VirtualQuery
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
CompareStringA
SetEnvironmentVariableA
HeapFree
GetProcessHeap
lstrcpynW
CreateThread
GetLastError
SetCurrentDirectoryW
FindFirstFileW
SetFileAttributesW
DeleteFileW
ReadFile
SetEndOfFile
DeleteFileA
GetFileAttributesA
CreateFileA
GetPrivateProfileSectionW
SetErrorMode
GetLogicalDrives
GetDriveTypeW
GetTickCount
GetFileAttributesW
GetCommandLineW
GetCurrentProcess
lstrcatW
lstrcpyW
GetPrivateProfileSectionNamesW
LocalReAlloc
lstrcmpW
GetVersionExW
LocalFree
LocalAlloc
RemoveDirectoryW
FindClose
FindNextFileW

user32

GetWindowRect
SetWindowPos
CheckDlgButton
IsDlgButtonChecked
SendMessageTimeoutW
FindWindowW
SystemParametersInfoW
ExitWindowsEx
MsgWaitForMultipleObjects
PeekMessageW
DestroyWindow
GetParent
SetForegroundWindow
MessageBoxW
CharPrevW
IsDialogMessageW
ShowWindow
GetMessageW
IsWindow
TranslateMessage
DispatchMessageW
CreateDialogParamW
PostQuitMessage
GetDlgItem
SetFocus
EnableWindow
SendMessageW
LoadStringW
CharNextW
GetSystemMetrics

netapi32

NetUnjoinDomain
NetUseDel
NetUseAdd
NetApiBufferFree
NetGetJoinInformation
NetServerGetInfo

ntdll

DbgPrint
NtQueryInformationProcess
NtPowerInformation

setupapi

SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsExW
SetupDiClassNameFromGuidW
CM_Get_DevNode_Registry_PropertyW
CM_Locate_DevNodeW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
pSetupUnmapAndCloseFile
pSetupOpenAndMapFileForRead
pSetupEnablePrivilege
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
SetupFindNextLine
SetupDiOpenDeviceInfoW
SetupGetStringFieldW
SetupDiCreateDeviceInfoW
SetupCloseInfFile
SetupOpenInfFileW
SetupDefaultQueueCallbackW
SetupCloseFileQueue
SetupCommitFileQueueW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupOpenFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyW
pSetupDoesUserHavePrivilege
pSetupIsUserAdmin
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiCallClassInstaller
SetupDiGetDriverInfoDetailW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupFindFirstLineW

shlwapi

StrChrW
SHSetValueW
wnsprintfW
StrCatBuffW
StrRChrW
PathAppendW
PathFileExistsW
StrStrW
PathIsUNCW
SHDeleteKeyW
PathRemoveFileSpecW
PathIsDirectoryW
StrStrIW

imagehlp

CheckSumMappedFile

ole32

CoInitialize
CoCreateInstance
CoUninitialize

comctl32

InitCommonControlsEx

shell32

SHEmptyRecycleBinW

userenv

GetProfilesDirectoryW

wininet

DeleteUrlCacheEntryA
FreeUrlCacheSpaceW
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nnntvld
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a61f52cad714054fff253005472bdd30

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

netapi32

ntdll

setupapi

shlwapi

imagehlp

ole32

comctl32

shell32

userenv

wininet

Sections

.text Size: 83KB - Virtual size: 83KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 50KB - Virtual size: 51KB

nnntvld Size: - Virtual size: 4KB

.text
Size: 83KB - Virtual size: 83KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 50KB - Virtual size: 51KB

nnntvld
Size: - Virtual size: 4KB