862dca44c29d6831f64a29e2282c2267_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

862dca44c29d6831f64a29e2282c2267_JaffaCakes118
Size

205KB
MD5

862dca44c29d6831f64a29e2282c2267
SHA1

97c8e3e463e3926f04a9328a912ebb1f2630cb0d
SHA256

0b8d0c08491059c268c3a2826bd4069a8c042066ef00be0c0f111288c211519b
SHA512

984cc4dacc8c6a22623acfc438be40f992713fe1357177971fa16ba358ddfcbfe7512c904528d88024b396d52132bb64248a93400b21708e7210bd09d751b2d2
SSDEEP

3072:tOueiU9cKZSOJngvnHMvTAfabiITXyByr3FtWtLBYdtFk:4uIMangvnHGhbi/yr3etLBYdA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
862dca44c29d6831f64a29e2282c2267_JaffaCakes118

Files

862dca44c29d6831f64a29e2282c2267_JaffaCakes118
.exe windows:6 windows x86 arch:x86

cc320de4604927c9951c5534d46c7bbd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336994582464.Build\build\win32\release\McSACore.pdb

Imports

urlmon

CoInternetParseUrl

userenv

CreateEnvironmentBlock

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

ws2_32

inet_addr
inet_ntoa

kernel32

GetUserDefaultLangID
GetUserDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultLCID
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
HeapFree
SetCurrentDirectoryW
LocalFree
LoadLibraryW
GetProcAddress
LoadLibraryExW
OutputDebugStringW
GetCurrentThread
GetCurrentProcess
lstrcmpiW
FreeLibrary
GetVersionExW
OpenEventW
GetTickCount
GetModuleFileNameW
CreateFileW
SetFilePointer
ReadFile
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCommandLineW
GetLastError
InterlockedDecrement
InterlockedIncrement
SetEvent
GetCurrentThreadId
GetModuleHandleW
OpenProcess
CreateThread
Sleep
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WaitForSingleObject
CloseHandle
IsValidCodePage
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetOEMCP
GetCPInfo
ExitProcess
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetFileType
GetExitCodeProcess
CreateProcessW
lstrcmpW
WaitForMultipleObjects
HeapAlloc
IsBadReadPtr
IsBadCodePtr
CreateEventW
GetProcessHeap
GetStartupInfoA
SetHandleCount

user32

UnregisterClassA
MsgWaitForMultipleObjects
MessageBoxW
CharUpperW
CharNextW
CharLowerBuffW
LoadStringW
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
PeekMessageW

advapi32

ConvertSidToStringSidW
ImpersonateLoggedOnUser
CreateProcessAsUserW
DuplicateTokenEx
RegEnumValueW
RegisterServiceCtrlHandlerExW
ChangeServiceConfig2W
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorDacl
RegEnumKeyExW
ControlService
DeleteService
CreateServiceW
InitializeAcl
AddAccessAllowedAce
GetAclInformation
AddAce
GetAce
LookupAccountNameW
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyW
RegCreateKeyW
GetSecurityDescriptorLength
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ChangeServiceConfigW
StartServiceCtrlDispatcherW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoResumeClassObjects
CoImpersonateClient
CoTaskMemAlloc
CoSuspendClassObjects
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoInitializeSecurity
CoRevokeClassObject
CoRevertToSelf
CoRegisterClassObject

oleaut32

SysAllocString
SysFreeString
SysStringLen
VarBstrCmp
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantCopy
VariantClear
VariantInit

shlwapi

StrSpnW
StrRChrW
StrCmpW

crypt32

CertGetCertificateChain
CertGetCertificateContextProperty
CryptDecodeObject
CertCloseStore
CertFreeCertificateContext
CryptMsgClose
CertFreeCertificateChain
CertGetSubjectCertificateFromStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW
CertVerifyCertificateChainPolicy

wintrust

WinVerifyTrust

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc320de4604927c9951c5534d46c7bbd

Headers

File Characteristics

PDB Paths

Imports

urlmon

userenv

wtsapi32

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

wintrust

Sections

.text Size: 133KB - Virtual size: 132KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 27KB - Virtual size: 27KB

.text
Size: 133KB - Virtual size: 132KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 27KB - Virtual size: 27KB