8e15ebe78e8299436dd2c45d2f5bb737_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8e15ebe78e8299436dd2c45d2f5bb737_JaffaCakes118
Size

366KB
MD5

8e15ebe78e8299436dd2c45d2f5bb737
SHA1

38f96ce0eaa3f415ae966b329cbd0c72bc8bf0a8
SHA256

c87ac67ebc23c18608af9e5a2e7b068e835186fca5703837ea4cb47787b02982
SHA512

4c322bbe231fac6ad89a86c05e6279e8654df71d55d8d647c68532cd66cc20a9ec4168a2c682c0e72dd3493f70da541264962c8460a4161f5ce5f4f56d6e34c2
SSDEEP

6144:BnI3N5WEpMJN7L87pKkqYzetIMkTR4FNyRXiwepIwvgidbuwk:i+EnKkUYMNIXXe/vgMyw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e15ebe78e8299436dd2c45d2f5bb737_JaffaCakes118

Files

8e15ebe78e8299436dd2c45d2f5bb737_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2f3066e35d59a88e83da4b819d1cdd8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
swprintf
wcscat
malloc
wcsncpy
realloc
free
wcscmp
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_except_handler3
wcslen

advapi32

RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
TraceMessage
RegCloseKey
RegSetValueExW
RegCreateKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW

kernel32

QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
GetLastError
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls
FormatMessageW
LocalFree
FlushInstructionCache
GetCurrentProcess
LoadLibraryA
Sleep
lstrcmpiW
MultiByteToWideChar
lstrlenW
lstrcpyW
lstrlenA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
HeapDestroy
lstrcatW
lstrcpynW
SizeofResource
LoadResource
FindResourceW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
RegisterTypeLi
LoadTypeLi
VarI4FromStr

user32

EndDialog
GetWindowRect
LoadStringW
MessageBoxW
LoadImageW
SendMessageW
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
CreateDialogParamW
DrawTextW
CopyRect
GetDialogBaseUnits
EnableWindow
SetFocus
SetWindowLongW
ShowWindow
GetWindowLongW
GetSystemMetrics
GetClientRect
DestroyWindow
SetDlgItemTextW
DialogBoxParamW
GetDlgItemTextW
GetParent
CharNextW
SystemParametersInfoW
GetWindow
SetWindowPos
MapWindowPoints

shell32

SHGetFolderPathW
ShellExecuteW

netshell

HrGetIconFromMediaType

rpcrt4

CStdStubBuffer_DebugServerRelease
NdrCStdStubBuffer_Release
NdrDllUnregisterProxy
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
NdrDllRegisterProxy
CStdStubBuffer_DebugServerQueryInterface

gdi32

SetBkMode

irprops.cpl

BluetoothRemoveDevice
BluetoothRegisterForAuthentication
BluetoothAuthenticateDevice
BluetoothUnregisterAuthentication
BluetoothFindFirstDevice
BluetoothFindNextDevice
BluetoothFindDeviceClose
BluetoothMapClassOfDeviceToImageIndex
BluetoothFindFirstService
BluetoothFindFirstClassId
BluetoothFindNextClassId
BluetoothFindClassIdClose
BluetoothFindNextService
BluetoothFindServiceClose
BluetoothSelectDevicesFree
BluetoothSelectDevices

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 2KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gddg0
Size: 2KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gddg1
Size: 2KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gddg2
Size: 2KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gddg3
Size: 2KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gddg4
Size: 2KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gddg5
Size: 2KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gddg6
Size: 2KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gddg7
Size: 2KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gddg8
Size: 2KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ik
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gddg9
Size: 2KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gddg10
Size: 2KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ocode
Size: 2KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oxcodex
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kpack0
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 2KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f3066e35d59a88e83da4b819d1cdd8b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

ole32

oleaut32

user32

shell32

netshell

rpcrt4

gdi32

irprops.cpl

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 2KB - Virtual size: 1KB

.tls Size: 74KB - Virtual size: 73KB

.ndata Size: 2KB - Virtual size: 328B

.gddg0 Size: 2KB - Virtual size: 156B

.gddg1 Size: 2KB - Virtual size: 156B

.gddg2 Size: 2KB - Virtual size: 156B

.gddg3 Size: 2KB - Virtual size: 156B

.gddg4 Size: 2KB - Virtual size: 156B

.gddg5 Size: 2KB - Virtual size: 156B

.gddg6 Size: 2KB - Virtual size: 156B

.gddg7 Size: 2KB - Virtual size: 156B

.gddg8 Size: 2KB - Virtual size: 156B

.ik Size: 74KB - Virtual size: 73KB

.gddg9 Size: 2KB - Virtual size: 156B

.gddg10 Size: 2KB - Virtual size: 156B

.ocode Size: 2KB - Virtual size: 108B

.oxcodex Size: 2KB - Virtual size: 2KB

.kpack0 Size: 74KB - Virtual size: 73KB

.CRT Size: 2KB - Virtual size: 12B

.rsrc Size: 18KB - Virtual size: 16KB

.reloc Size: 2KB - Virtual size: 248KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 2KB - Virtual size: 1KB

.tls
Size: 74KB - Virtual size: 73KB

.ndata
Size: 2KB - Virtual size: 328B

.gddg0
Size: 2KB - Virtual size: 156B

.gddg1
Size: 2KB - Virtual size: 156B

.gddg2
Size: 2KB - Virtual size: 156B

.gddg3
Size: 2KB - Virtual size: 156B

.gddg4
Size: 2KB - Virtual size: 156B

.gddg5
Size: 2KB - Virtual size: 156B

.gddg6
Size: 2KB - Virtual size: 156B

.gddg7
Size: 2KB - Virtual size: 156B

.gddg8
Size: 2KB - Virtual size: 156B

.ik
Size: 74KB - Virtual size: 73KB

.gddg9
Size: 2KB - Virtual size: 156B

.gddg10
Size: 2KB - Virtual size: 156B

.ocode
Size: 2KB - Virtual size: 108B

.oxcodex
Size: 2KB - Virtual size: 2KB

.kpack0
Size: 74KB - Virtual size: 73KB

.CRT
Size: 2KB - Virtual size: 12B

.rsrc
Size: 18KB - Virtual size: 16KB

.reloc
Size: 2KB - Virtual size: 248KB