8d7c8e8bf3ef09f2f7e343d3ff77b096_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8d7c8e8bf3ef09f2f7e343d3ff77b096_JaffaCakes118
Size

179KB
MD5

8d7c8e8bf3ef09f2f7e343d3ff77b096
SHA1

2385b37b05bff47fda10057325744f59d88b71b7
SHA256

51a5d8a6a423a9a8d49f62cc1ecf5db6e7e8646a3d3b2a47fef8f490c83471dc
SHA512

69345ea08658bb59be7b345edbd2cd32e23359ed59f7e2b45f606fff94343cff6740692f45dc167439ba6a9811bffed2d9d3eca01e129b140889b0d9eb79ef6d
SSDEEP

3072:6WQQXLHpPAYKPG2vs01sBaFvWo5nI1ZUt9RYM952d6RMuVspObVYgoChB+6UMMnC:6WQQuYK+pu8aFuo5autz95FvSMVYgoCO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d7c8e8bf3ef09f2f7e343d3ff77b096_JaffaCakes118

Files

8d7c8e8bf3ef09f2f7e343d3ff77b096_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ef49b022b364a20dffe041d759b41c68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueA
LookupPrivilegeValueA
RegOpenKeyExA
AdjustTokenPrivileges
RegSetValueExW
RegOpenKeyA
RegEnumValueA
RegQueryInfoKeyA
InitializeSecurityDescriptor
ReportEventA
RegSetValueExA
RegCreateKeyW
RegCloseKey
RegSetValueA
RegOpenKeyW
RegQueryValueExW
RegDeleteValueA
DeregisterEventSource
RegEnumKeyW
RegDeleteKeyW
RegisterEventSourceA
RegDeleteValueW
RegDeleteKeyA
OpenProcessToken
SetSecurityDescriptorDacl
RegCreateKeyA
RegEnumValueW
RegQueryValueExA
RegEnumKeyA

samlib

SamConnectWithCreds
SamConnect
SamLookupNamesInDomain

ddraw

DirectDrawEnumerateA

kernel32

DuplicateHandle
GetUserDefaultLangID
GetVersion
lstrcpyA
GetFileType
VirtualProtect
UnhandledExceptionFilter
ReadFile
FreeEnvironmentStringsA
MoveFileA
IsDBCSLeadByte
GetLocaleInfoA
lstrlenA
FileTimeToLocalFileTime
GetStartupInfoA
lstrcmpA
GetCurrentProcess
CreateEventA
Sleep
TerminateProcess
GetTempPathA
GetCurrentProcessId
WinExec
HeapReAlloc
CreateFileA
ResetEvent
GlobalReAlloc
VirtualFree
HeapSize
GlobalDeleteAtom
LCMapStringA
GetACP
GlobalHandle
_llseek
RemoveDirectoryA
InterlockedIncrement
VirtualAlloc
GetStdHandle
GetStringTypeExA
SystemTimeToFileTime
SetLocalTime
CloseHandle
_lclose
FindResourceA
WideCharToMultiByte
GetDateFormatA
SetEnvironmentVariableA
lstrcmpiA
GetTickCount
GetVolumeInformationA
SetCurrentDirectoryA
lstrcmpiW
DeleteCriticalSection
GetStringTypeA
InterlockedDecrement
CreateSemaphoreA
HeapFree
GetCommandLineA
GetSystemDirectoryA
MulDiv
InitializeCriticalSection
GetModuleHandleA
CompareStringW
GetFileTime
TlsGetValue
EnterCriticalSection
UnlockFile
CompareStringA
_lwrite
GetSystemInfo
GetSystemDefaultLangID
GetEnvironmentStringsW
GetProfileStringA
SetStdHandle
GetDriveTypeA
SetFileTime
GlobalUnlock
GetWindowsDirectoryA
IsBadReadPtr
TlsAlloc
GlobalLock
_lread
IsBadCodePtr
SetFilePointer
DeleteFileA
FlushInstructionCache
SetFileAttributesA
GlobalAlloc
GetCurrentDirectoryA
ExitThread
GetShortPathNameA
GlobalAddAtomA
GetUserDefaultLCID
GetFileAttributesA
SetHandleCount
lstrcatA
GetLastError
GetLocalTime
FreeResource
FileTimeToSystemTime
CreateProcessW
GetEnvironmentStrings
GetTimeZoneInformation
FlushFileBuffers
CreateThread
GetExitCodeProcess
FormatMessageW
GetVersionExA
LoadResource
FormatMessageA
SetErrorMode
CreateProcessA
LoadLibraryExA
FreeEnvironmentStringsW
HeapAlloc
GetCPInfo
SetEndOfFile
GlobalSize
WaitForSingleObject
GetStringTypeW
VirtualQuery
GetModuleFileNameW
FreeLibrary
LockResource
LoadLibraryA
GetCurrentThreadId
GetFullPathNameA
FindClose
SetLastError
GetSystemDefaultLCID
CreateDirectoryA
GetModuleFileNameA
GetSystemTime
LCMapStringW
TlsSetValue
WriteFile
lstrcpynA
GetProcAddress
RtlUnwind
LeaveCriticalSection
TlsFree
GetTempFileNameA
ResumeThread
FindNextFileA
MultiByteToWideChar
HeapCreate
SetEvent
HeapDestroy
ExitProcess
SizeofResource
GlobalFree
SearchPathA
GetOEMCP
ReleaseSemaphore
LockFile
FindFirstFileA
RaiseException

ws2_32

setsockopt
WSAConnect

ole32

OleSave
OleLoad

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 141KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef49b022b364a20dffe041d759b41c68

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

samlib

ddraw

kernel32

ws2_32

ole32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.data Size: 141KB - Virtual size: 368KB

.rsrc Size: 26KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.data
Size: 141KB - Virtual size: 368KB

.rsrc
Size: 26KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 64B