8e659b638a5d3d65c4a52d123714c4a3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8e659b638a5d3d65c4a52d123714c4a3_JaffaCakes118
Size

431KB
MD5

8e659b638a5d3d65c4a52d123714c4a3
SHA1

52d71d978861208fa2030611562674995cc352c6
SHA256

ca6455f43a7acb43837315c832639137e8814aa75093c75fdf40793bf97f99e3
SHA512

08c739bb74ed5d616aa08828d7186a8489796e26d41e58673fe37d40d8dc51e051f87ea48ba4274b18e24863119290c275eb8cd4f959d9470e6777bd101f25f2
SSDEEP

6144:JaZuJtMarECdMRAhy+AVYgLZJwGS3wUnLpSpYkL72ZbMY5x1R:ltMQcY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e659b638a5d3d65c4a52d123714c4a3_JaffaCakes118

Files

8e659b638a5d3d65c4a52d123714c4a3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0146b3e90c4fba92fe9d8927655eff19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rstrui.pdb

Imports

shlwapi

SHDeleteValueW
SHGetValueW
StrCpyNW
PathGetArgsW
StrCmpIW
ChrCmpIW
StrToIntW
StrCmpNIW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW

advapi32

FreeSid
SetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CloseServiceHandle
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyW
DeregisterEventSource
RegisterEventSourceW
RegQueryValueExW
OpenServiceW
OpenSCManagerW
QueryServiceConfigW
QueryServiceStatus
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
ReportEventW
RegQueryValueExA
RegOpenKeyExA

kernel32

GetCommandLineW
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetLocaleInfoW
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceExW
GetVersionExW
FormatMessageW
CreateEventW
ResetEvent
SetEvent
WaitForSingleObject
lstrcmpiA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryA
VirtualFree
VirtualAlloc
WriteFile
CreateProcessW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
ExpandEnvironmentStringsW
lstrcpynW
GetFileAttributesW
UnmapViewOfFile
CloseHandle
ReadFile
SetLastError
GetCurrentThreadId
GetCurrentProcess
RaiseException
InterlockedExchange
GetStartupInfoW
GetModuleHandleA
RemoveDirectoryW
LocalAlloc
GetComputerNameW
GetVolumeNameForVolumeMountPointW
FindFirstFileW
FindNextFileW
FindClose
lstrcmpW
MoveFileW
DeleteFileW
SetFileAttributesW
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
GetShortPathNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrlenA
GetWindowsDirectoryW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
HeapCreate
GetSystemInfo
GetModuleFileNameW
lstrcatW
HeapDestroy
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrcpyW
lstrlenW
MultiByteToWideChar
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapReAlloc
GetSystemDirectoryW

gdi32

CreateRectRgnIndirect
CreateMetaFileW
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateDCW
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
GetDeviceCaps

user32

InvalidateRect
EndPaint
GetClientRect
BeginPaint
IsChild
GetFocus
SetFocus
ShowWindow
GetParent
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
CreateWindowExW
SetWindowPos
SendMessageW
MapWindowPoints
SystemParametersInfoW
GetWindowRect
GetWindow
LoadStringW
GetDesktopWindow
AdjustWindowRectEx
GetSystemMetrics
LoadImageW
MessageBoxW
ExitWindowsEx
SetForegroundWindow
FindWindowW
SetCursor
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
wvsprintfW
GetKeyState
IsWindow
CallWindowProcW
GetWindowLongW
SetWindowLongW
UnionRect
CharNextW
DestroyWindow
DefWindowProcW
ReleaseDC
GetDC
PtInRect
DestroyAcceleratorTable

srrstr

ord5
ord2
ord10
ord3
ord6

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoUninitialize
OleRegEnumVerbs
OleRegGetUserType
CoRegisterClassObject
OleRegGetMiscStatus
CreateDataAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream
CreateOleAdviseHolder
CoRevokeClassObject
CoTaskMemFree

oleaut32

DispCallFunc
VariantInit
VariantTimeToSystemTime
SysAllocString
SysFreeString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
OleCreatePropertyFrame
SystemTimeToVariantTime

msvcrt

realloc
_ftol
wcscmp
wcsstr
free
_wtoi
strtol
_wcsnicmp
_except_handler3
malloc
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
wcschr
_controlfp
_onexit
__dllonexit
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_wtol
wcsncmp
__CxxFrameHandler

winsta

WinStationFreeMemory
WinStationIsHelpAssistantSession
WinStationEnumerateW
WinStationOpenServerW
WinStationCloseServer

Exports

Exports

??0CCounter@@QAE@XZ
??1CCounter@@QAE@XZ
??4CCounter@@QAEAAV0@ABV0@@Z
?Down@CCounter@@QAEKXZ
?GetCount@CCounter@@QAEJXZ
?Init@CCounter@@QAEKXZ
?Up@CCounter@@QAEXXZ
?WaitForZero@CCounter@@QAEKXZ

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0146b3e90c4fba92fe9d8927655eff19

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

advapi32

kernel32

gdi32

user32

srrstr

ole32

oleaut32

msvcrt

winsta

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 8KB - Virtual size: 15KB

Size: 59KB - Virtual size: 59KB

.rsrc Size: 254KB - Virtual size: 253KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 254KB - Virtual size: 253KB