96efec6be000ba6963db8346d834255d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

96efec6be000ba6963db8346d834255d_JaffaCakes118
Size

408KB
MD5

96efec6be000ba6963db8346d834255d
SHA1

9cc4387cd9559546403a4f0a25c453ab2e505e2d
SHA256

014d8382b5df43f02ea196df912fbadb0d96e137691ffd9ed105423d1ea86c29
SHA512

3d7a696995cc650f023f79ca21146ef60b8fd23e774062980383177a8aaeb8cd86eb46c0f0590f20440894fa842a30c145f130a8accc955c01710a7a3ddebcbb
SSDEEP

6144:vJDc0ef3MlizZoibmtcp8M/lhFa1R0s7sYMlsVVbVDTZP4rDiwn6y7N8P5amr2o:RDn/zg8dUqrx3Zk6Iyb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96efec6be000ba6963db8346d834255d_JaffaCakes118

Files

96efec6be000ba6963db8346d834255d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

63998143a7cbc16fbf690d8072f06c20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

TranslateNameW

ole32

CoUninitialize
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoInitialize
CoGetInterfaceAndReleaseStream
CoTaskMemFree
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CreateBindCtx
ReleaseStgMedium

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHParseDisplayName
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHBindToParent
SHCreateShellItem

advapi32

LsaStorePrivateData
RegCloseKey
RegEnumKeyW
RegQueryValueExW
GetLengthSid
IsValidSid
EqualSid
LookupAccountNameW
LookupAccountSidW
OpenServiceW
OpenProcessToken
RegSetValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
QueryServiceStatus
RegQueryValueExA
RegDeleteValueW
OpenThreadToken
OpenSCManagerW
RegOpenKeyExA
RegOpenKeyExW
CopySid
CreateProcessWithLogonW
LsaClose
LsaOpenPolicy
CloseServiceHandle
RegCreateKeyExW
GetTokenInformation

shlwapi

StrCmpW
StrToIntExW
StrDupW
PathRemoveBackslashW
wnsprintfW
UrlCombineW
StrCpyNW
SHSetValueW
PathRemoveFileSpecW
UrlGetPartW
PathIsUNCW
PathIsUNCServerW
SHStrDupW
PathParseIconLocationW
SHGetValueW
StrChrW
StrCmpNIW
PathFindFileNameW
PathMatchSpecW
PathCombineW
SHRegGetBoolUSValueW
PathGetDriveNumberW
StrCatBuffW
PathRenameExtensionW
PathFindExtensionW
StrCmpIW
StrToIntW
PathAppendW
AssocQueryStringW
StrRetToBufW

ntdsapi

DsFreeNameResultW
DsCrackNamesW

user32

OffsetRect
GetDialogBaseUnits
LoadIconW
ShowWindow
MapWindowPoints
SetWindowLongW
MessageBoxW
PostMessageW
IsWindowEnabled
SetWindowPos
EnableWindow
SendDlgItemMessageW
SetForegroundWindow
KillTimer
DrawFocusRect
IsDlgButtonChecked
FindWindowW
DrawTextExW
RegisterClipboardFormatW
GetWindowTextW
LoadStringW
LoadCursorW
IsWindowVisible
MoveWindow
SetFocus
GetWindowLongA
EndDialog
DestroyIcon
GetDlgItemTextW
ReleaseDC
CheckRadioButton
GetDesktopWindow
WinHelpW
GetWindowTextLengthW
GetClientRect
RedrawWindow
GetDlgCtrlID
LoadImageW
CharLowerBuffW
SetDlgItemTextW
SetWindowTextW
GetWindowRect
GetDlgItem
RegisterWindowMessageW
GetWindowLongW
DialogBoxParamW
GetSystemMetrics
CharNextW
GetSysColor
SendMessageW
IsWindow
SystemParametersInfoW
GetDC
CheckDlgButton
SetTimer
GetParent
SetCursor

gdi32

CreateFontIndirectW
GetTextMetricsW
GetDeviceCaps
SetBkColor
ExtTextOutW
SelectObject
GetObjectW
DeleteObject
SetTextColor

netapi32

NetLocalGroupAddMembers
NetUnjoinDomain
NetLocalGroupGetMembers
NetApiBufferFree
NetLocalGroupEnum
NetRenameMachineInDomain
DsRoleFreeMemory
NetUserDel
NetLocalGroupDelMembers
NetUserSetInfo
DsRoleGetPrimaryDomainInformation
NetValidateName
NetUserAdd
DsGetDcNameW
NetJoinDomain
NetUserGetInfo
NetUserGetLocalGroups

ntdll

RtlInitUnicodeString
RtlRunDecodeUnicodeString
NtAllocateVirtualMemory
RtlLargeIntegerShiftRight

kernel32

LocalAlloc
InterlockedDecrement
UnhandledExceptionFilter
GetACP
GetComputerNameW
SetComputerNameExW
lstrcpyW
GetCurrentProcess
GetProcAddress
DnsHostnameToComputerNameW
GetCurrentThreadId
QueryPerformanceCounter
GetLastError
GetModuleHandleW
GetLocaleInfoW
FormatMessageW
lstrcpynW
SetEvent
DosDateTimeToFileTime
ExitProcess
GetGeoInfoW
WideCharToMultiByte
CloseHandle
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
lstrcmpiW
GlobalUnlock
GetCurrentThread
MulDiv
GetUserGeoID
FreeLibrary
lstrcmpiA
GetTickCount
GetWindowsDirectoryW
OpenEventW
MultiByteToWideChar
LoadLibraryA
WaitForSingleObject
DelayLoadFailureHook
LocalFree
TerminateProcess
CreateProcessW
GlobalLock
GetVersionExA
CreateEventW
InterlockedIncrement
ResetEvent
LoadLibraryW
GetUserDefaultLangID
lstrlenW
ExpandEnvironmentStringsW
InterlockedCompareExchange
CreateThread
GetSystemDefaultLCID
GetCurrentProcessId
GetModuleFileNameW
GetDriveTypeW

mpr

WNetAddConnection3W
WNetOpenEnumW
WNetGetConnectionW
WNetEnumResourceW
WNetCancelConnection2W
WNetCloseEnum

msvcrt

_except_handler3
wcschr

urlmon

URLDownloadToCacheFileW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 299KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63998143a7cbc16fbf690d8072f06c20

Headers

File Characteristics

Imports

secur32

ole32

shell32

advapi32

shlwapi

ntdsapi

user32

gdi32

netapi32

ntdll

kernel32

mpr

msvcrt

urlmon

Sections

.text Size: 12KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 20B

.data Size: 299KB - Virtual size: 492KB

.rdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 150KB - Virtual size: 149KB

.text
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 20B

.data
Size: 299KB - Virtual size: 492KB

.rdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 150KB - Virtual size: 149KB