8e86df8c5606d25b65e4c1325ee41fac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8e86df8c5606d25b65e4c1325ee41fac_JaffaCakes118
Size

278KB
MD5

8e86df8c5606d25b65e4c1325ee41fac
SHA1

2d7efbee82bf77f99873d2dce8c2785191d2945c
SHA256

197f4da1881ba5855092dda8b61f1cb963307cb168d7aa8589f94af81cbee2df
SHA512

953229f29b06c7dda947b190156be9ea7831fcb21ad0501bd300ce9658064709f4deb7764077bf096bcde2fad104c5c006ca64ae79a52b7f476aa013270c4387
SSDEEP

6144:lwcL44D1QsaMX+pd1bEz2s7ETRhEgjJqX+pd1bEz2s7ETRhEgjJDTTtK:Scs4D1SMX+pd167QhE0qX+pd167QhE0U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e86df8c5606d25b65e4c1325ee41fac_JaffaCakes118

Files

8e86df8c5606d25b65e4c1325ee41fac_JaffaCakes118
.exe windows:6 windows x86 arch:x86

9970fa4104e4c405b7ecd7c2ba1e5649

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ieinstal.pdb

Imports

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegOpenKeyExW
RegEnumValueW
RegSetValueExA
RegQueryValueExA
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyA
RegOpenKeyExA
ConvertStringSidToSidW
EqualSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
CopySid
CreateWellKnownSid
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetSidSubAuthority
RegOpenCurrentUser
RegOverridePredefKey
GetTokenInformation
OpenProcessToken
InitializeAcl
GetLengthSid
IsValidSid
GetAce
GetSecurityDescriptorSacl
GetKernelObjectSecurity
SetSecurityInfo
GetSidSubAuthorityCount

kernel32

DeleteFileW
lstrcmpiW
lstrlenW
lstrcmpiA
lstrlenA
DeleteFileA
SetFileAttributesA
CreateProcessW
LoadLibraryExW
GetExitCodeThread
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
LocalFree
LocalAlloc
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
RemoveDirectoryA
CreateDirectoryExA
GetFileAttributesA
GetTempPathA
CopyFileW
InterlockedCompareExchange
CreateEventW
HeapSetInformation
SetEvent
UnhandledExceptionFilter
TerminateProcess
GetVersionExA
OpenEventW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetProcAddress
CreateFileW
GetFileAttributesW
GetCurrentProcess
OpenProcess
DuplicateHandle
CloseHandle
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetProcessShutdownParameters
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
VirtualQuery
VirtualProtect
FlushInstructionCache
VirtualAlloc
InterlockedExchange
GetModuleHandleW
GetLastError
ResumeThread
HeapFree
GetProcessHeap
HeapAlloc
CreateThread
GetThreadContext
SetThreadContext
SuspendThread
SetLastError
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetModuleFileNameW

user32

GetSystemMetrics
PostQuitMessage
CharNextW
LoadStringW

msvcrt

?terminate@@YAXXZ
memset
_vsnwprintf
wcsrchr
_vsnprintf
_wcsnicmp
memcpy
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
wcstok
_controlfp
__setusermatherr
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
__p__fmode
__p__commode

psapi

GetModuleBaseNameW

ole32

CoCreateInstance
CoRevertToSelf
CoImpersonateClient
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject
CoGetCallContext
CoInitializeSecurity
CoInitializeEx
StringFromGUID2
CoInitialize
CoUninitialize
CoRevokeClassObject

oleaut32

UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
SysAllocString
SysFreeString

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

urlmon

Extract
CompatFlagsFromClsid
CoInternetCreateSecurityManager
ord107
CoInternetSetFeatureEnabled

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminAddCatalog
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext

iertutil

ord201
ord200
ord9

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pcqxbld
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9970fa4104e4c405b7ecd7c2ba1e5649

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

psapi

ole32

oleaut32

rpcrt4

urlmon

wintrust

iertutil

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 194KB - Virtual size: 194KB

.reloc Size: 33KB - Virtual size: 34KB

pcqxbld Size: - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 194KB - Virtual size: 194KB

.reloc
Size: 33KB - Virtual size: 34KB

pcqxbld
Size: - Virtual size: 4KB