86e53ad096d6a7aee0483cbe8320af45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

86e53ad096d6a7aee0483cbe8320af45_JaffaCakes118
Size

138KB
MD5

86e53ad096d6a7aee0483cbe8320af45
SHA1

f7ad6f0a5bd0a9c33d4f168d636b5e63885a6eec
SHA256

683c6cb32c6e7ecafaab7de2afc36562dd09657e669da3ce79de8310ad613a64
SHA512

018ac98acfca0ea99e9df4085eda264a7d61f176cf2805018c7ad4e808ddabf7df5b12c4460ac76d558e8b91ea125a3f21a4f37622c01934fc5ea5bc23b3b792
SSDEEP

3072:4ihWWWHARkN/MXRKL7PM62yX/z2Axv8K3HNZOIGDOPUAw5:bhjXRKLY6n72cHNZocW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86e53ad096d6a7aee0483cbe8320af45_JaffaCakes118

Files

86e53ad096d6a7aee0483cbe8320af45_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0578f45c0e81001ce0a4492c85ec372d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
PeekMessageA
LoadStringA
DispatchMessageA
PostThreadMessageA
KillTimer
SetTimer
GetWindowThreadProcessId
CharUpperA
IsWindowVisible
CharNextA
EnumWindows
wsprintfW
GetMessageA
GetWindowTextA
wsprintfA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

InitializeCriticalSection
SetLastError
GetComputerNameA
RtlUnwind
CreateProcessA
CompareStringW
GetCurrentProcess
IsDBCSLeadByte
CreateMutexA
IsBadWritePtr
lstrcmpiA
WideCharToMultiByte
FreeLibrary
GetProcessTimes
lstrcatA
TlsAlloc
FindFirstFileA
GetCurrentThread
CreateThread
FindResourceA
GetFileAttributesA
GetCurrentThreadId
FreeEnvironmentStringsA
LoadLibraryA
SetUnhandledExceptionFilter
GetCommandLineA
TlsSetValue
ReadFile
UnmapViewOfFile
ClearCommError
GetTickCount
GetThreadLocale
FreeEnvironmentStringsW
GetPrivateProfileStringA
GetProcAddress
LCMapStringW
GetProcessHeap
MultiByteToWideChar
GetOEMCP
lstrlenW
LocalSize
RaiseException
CreateProcessW
SetEndOfFile
SetHandleCount
SetEvent
HeapDestroy
GetSystemInfo
FindResourceExA
TerminateThread
HeapAlloc
GetStringTypeA
GetStdHandle
InterlockedExchange
GetStringTypeW
EnumResourceNamesW
LCMapStringA
CreateEventA
GetPrivateProfileSectionA
WaitForSingleObject
GetFileType
TlsFree
CompareStringA
InterlockedCompareExchange
GetPrivateProfileSectionNamesA
EnterCriticalSection
HeapSize
MapViewOfFile
LockResource
GetSystemDirectoryA
FindClose
IsBadCodePtr
SetStdHandle
GetVersionExA
GetLastError
InterlockedDecrement
lstrlenA
GetModuleHandleW
GetModuleFileNameW
VirtualProtect
GetCPInfo
ExitProcess
GetModuleFileNameA
GetExitCodeProcess
VirtualAlloc
HeapReAlloc
DuplicateHandle
GetVersion
TerminateProcess
CloseHandle
GetPrivateProfileIntA
WriteFile
TlsGetValue
UnhandledExceptionFilter
FormatMessageA
SetEnvironmentVariableA
ExitProcess
VirtualFree
GetStartupInfoA
ReadProcessMemory
GetEnvironmentStringsW
WritePrivateProfileStringA
ReleaseMutex
GetACP
SetFilePointer
CreateDirectoryA
GetModuleHandleA
LocalFree
GetCurrentProcessId
LeaveCriticalSection
GetProfileStringA
VirtualQuery
GetEnvironmentStrings
LoadLibraryExA
Sleep
SizeofResource
LocalAlloc
FlushFileBuffers
CreateFileMappingA
QueryPerformanceCounter
SetErrorMode
IsBadReadPtr
GetSystemTimeAsFileTime
WriteProfileStringA
HeapCreate
GetLocaleInfoA
lstrcpynA
OpenProcess
LoadResource
SetLastError
CreateFileA
lstrcpyA
LoadLibraryW
InterlockedIncrement
DeleteCriticalSection
HeapFree

rpcrt4

RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
NdrClientCall
RpcStringBindingComposeA
RpcStringFreeA

advapi32

RegQueryValueExA
RegSetKeySecurity
CopySid
InitializeSid
GetSecurityDescriptorGroup
RegQueryValueExW
RegEnumKeyA
RegCloseKey
AdjustTokenPrivileges
CloseServiceHandle
AddAccessDeniedAce
AccessCheck
GetLengthSid
ChangeServiceConfigA
RegCreateKeyA
OpenSCManagerA
RegisterEventSourceA
GetSidSubAuthority
GetAclInformation
RegisterServiceCtrlHandlerA
SetThreadToken
GetAce
ReportEventA
SetSecurityDescriptorOwner
GetSecurityDescriptorLength
LookupAccountSidA
ControlService
GetSecurityDescriptorDacl
RegConnectRegistryA
MakeAbsoluteSD
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
DeregisterEventSource
PrivilegeCheck
GetUserNameA
GetSidLengthRequired
SetSecurityDescriptorDacl
OpenThreadToken
FreeSid
SetServiceStatus
GetSecurityDescriptorOwner
OpenProcessToken
GetTokenInformation
EqualSid
IsValidSid
GetSecurityDescriptorSacl
RegSetValueExA
AllocateAndInitializeSid
CreateServiceA
IsValidSecurityDescriptor
RegCreateKeyExA
LookupAccountSidW
DuplicateToken
StartServiceCtrlDispatcherA
RegDeleteKeyA
AddAccessAllowedAce
DuplicateTokenEx
RegDeleteValueA
LookupAccountNameA
GetSecurityDescriptorControl
MakeSelfRelativeSD
RegEnumValueA
InitializeAcl
RegEnumKeyExA
DeleteService
OpenServiceA
RegOpenKeyExA
SetSecurityDescriptorSacl
RegQueryInfoKeyA
LookupPrivilegeValueA
QueryServiceStatus
RegOpenKeyExW

shlwapi

PathFindExtensionA

ole32

CoCreateGuid
CoCreateInstance
CoGetCallContext
CoGetClassObject
CoTaskMemRealloc
CoSetProxyBlanket
CoInitializeSecurity
CoTaskMemFree
StringFromIID
CoRevertToSelf
CLSIDFromString
CoRegisterClassObject
StringFromGUID2
CoDisconnectObject
CoTaskMemAlloc
CoQueryProxyBlanket
CoUninitialize
CoImpersonateClient
StringFromCLSID
CoInitializeEx
CoRevokeClassObject

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0578f45c0e81001ce0a4492c85ec372d

Headers

File Characteristics

Imports

user32

version

kernel32

rpcrt4

advapi32

shlwapi

ole32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 33KB - Virtual size: 33KB

.rscr Size: 512B - Virtual size: 212KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 33KB - Virtual size: 33KB

.rscr
Size: 512B - Virtual size: 212KB