8d25911927011cf3cd7fbaf8102b021e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d25911927011cf3cd7fbaf8102b021e_JaffaCakes118
Size

443KB
MD5

8d25911927011cf3cd7fbaf8102b021e
SHA1

0c37efd0859151d2eda2bf58de90bf71d170853b
SHA256

2a51978167aedc83d108694923005c684c1d8e4eea7de851cea6285158a9636d
SHA512

73c6a60452e8911e333b1b4a2e8ffe9c84f8e7309f59832529de28b0bcf62a9689e01a5e4b74cc59922136033293c5d0864bdda8f8a77f0c939a09b65879e67b
SSDEEP

12288:JKXU2FzOcCQroxSVFLEpUVXUFFnECz9kZFh2/N5:oZzOwjf0UVXG79kZFh215

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d25911927011cf3cd7fbaf8102b021e_JaffaCakes118

Files

8d25911927011cf3cd7fbaf8102b021e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f88310024f8685b26967a7ef82cde225

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
memmove
__RTDynamicCast
_wcsicmp
__CxxFrameHandler
_purecall
_vsnprintf
strstr
wcslen
wcscpy
wcsrchr
free
malloc
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
__dllonexit
??2@YAPAXI@Z
_onexit
??3@YAXPAX@Z

atl

ord15
ord22
ord18
ord23
ord21
ord16
ord32

advapi32

CloseServiceHandle
GetUserNameW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegCreateKeyExA
RegSetValueExA

kernel32

GetCurrentProcess
HeapDestroy
GetProcessHeap
HeapCreate
FlushInstructionCache
ReleaseMutex
LockResource
LoadResource
FindResourceA
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
DeleteTimerQueue
OutputDebugStringA
lstrcatA
lstrlenA
GetCurrentThreadId
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
IsBadWritePtr
IsBadReadPtr
InterlockedDecrement
LocalFree
lstrcpyW
lstrlenW
IsBadStringPtrW
UnregisterWaitEx
SetEvent
CloseHandle
UnregisterWait
RegisterWaitForSingleObject
CreateEventA
lstrcmpiW
Sleep
WaitForSingleObject
IsBadCodePtr
GetProcAddress
GetModuleHandleA
CreateSemaphoreA
GetLastError
ReleaseSemaphore
LocalAlloc
FormatMessageA
FreeLibrary
LoadLibraryA
IsBadStringPtrA
MultiByteToWideChar
GetACP
WideCharToMultiByte
TlsSetValue
TlsGetValue
GetModuleFileNameW
GetModuleFileNameA
GetVersion
GetComputerNameW
GetCurrentProcessId
ExitThread
FreeLibraryAndExitThread
LoadLibraryW
CreateThread
WaitForMultipleObjectsEx
TlsFree
CreateMutexA
TlsAlloc
InitializeCriticalSectionAndSpinCount
CreateTimerQueue
ChangeTimerQueueTimer
TryEnterCriticalSection
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetTickCount
lstrcatW

ole32

IIDFromString
CoInitializeEx
CoWaitForMultipleHandles
CoUninitialize
CLSIDFromString
StringFromIID
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoCreateFreeThreadedMarshaler

oleaut32

VariantInit
SysAllocString
VariantCopy
SysFreeString
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayGetElement
SetErrorInfo
LoadRegTypeLi
SafeArrayAccessData
SysStringByteLen
SysStringLen
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantClear

rpcrt4

RpcStringFreeA
RpcBindingFree
I_RpcExceptionFilter
RpcStringBindingComposeA
NdrClientCall2
RpcBindingFromStringBindingA

user32

wsprintfW
LoadStringW
EndDialog
SetWindowLongA
IsWindow
SetDlgItemTextA
IsDlgButtonChecked
LoadStringA
DialogBoxParamA
GetActiveWindow
GetSystemMetrics
wsprintfA

wininet

InternetSetCookieA
InternetGetCookieA

winmm

mixerClose
waveOutOpen
waveOutReset
waveOutPrepareHeader
waveOutWrite
waveOutMessage
midiInMessage
midiOutMessage
waveInMessage
mixerGetLineControlsA
mixerOpen
mixerSetControlDetails
mixerGetControlDetailsA
waveOutClose

rtutils

TraceDeregisterA
TraceRegisterExW
TraceVprintfExA

Exports

Exports

?fghfghfghfgh@@YGHPAEH@Z
?oqwuioqwueqiuwe@@YGXPADID@Z

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.puup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uuup
Size: 414KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kuup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ouup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.duup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.auuu
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qiii
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f88310024f8685b26967a7ef82cde225

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

atl

advapi32

kernel32

ole32

oleaut32

rpcrt4

user32

wininet

winmm

rtutils

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 8KB

.rdata Size: 6KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 4KB

.puup Size: 512B - Virtual size: 4KB

.uuup Size: 414KB - Virtual size: 416KB

.kuup Size: 512B - Virtual size: 4KB

.ouup Size: 512B - Virtual size: 4KB

.duup Size: 512B - Virtual size: 4KB

.auuu Size: 512B - Virtual size: 4KB

.qiii Size: 512B - Virtual size: 4KB

.rsrc Size: 11KB - Virtual size: 24KB

.text
Size: 7KB - Virtual size: 8KB

.rdata
Size: 6KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 4KB

.puup
Size: 512B - Virtual size: 4KB

.uuup
Size: 414KB - Virtual size: 416KB

.kuup
Size: 512B - Virtual size: 4KB

.ouup
Size: 512B - Virtual size: 4KB

.duup
Size: 512B - Virtual size: 4KB

.auuu
Size: 512B - Virtual size: 4KB

.qiii
Size: 512B - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 24KB