a33ff77f85b217bee69456d447cb07e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a33ff77f85b217bee69456d447cb07e3_JaffaCakes118
Size

296KB
MD5

a33ff77f85b217bee69456d447cb07e3
SHA1

2f7d2be1596b7022cac3e2fd37b38082a74babad
SHA256

7627c984430cd2f5b9e0a115df2d16adaeb4f2da8027e165a702ff667009796d
SHA512

4ce9accbf4fdbafb9e1d1e17e7a7c3f73a38a0d87ab3081a6fe4e62fc679ca9e3e072624f8a096af6a7385691b68024cd0814949a6b10e449019bc97d20e4533
SSDEEP

3072:aIaW0tcrDAyhlwlW2G7WlgE9Yrl/hBRseK68nc9EgMUCI81zKRct3A8ENVtu1Nxd:PjhlweD9Hctrv1/mk5KT99sXKp4sVG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a33ff77f85b217bee69456d447cb07e3_JaffaCakes118

Files

a33ff77f85b217bee69456d447cb07e3_JaffaCakes118
.exe windows:6 windows x86 arch:x86

0229b9c0104d27c53cde6f718af94163

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ehVid.pdb

Imports

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
OpenProcessToken
SetSecurityDescriptorDacl
CreateWellKnownSid
LookupAccountSidW
InitializeAcl
AddAccessAllowedAce
GetAclInformation
GetAce
AddAce
LookupAccountNameW
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
InitializeSecurityDescriptor
RegQueryValueExW
GetSecurityDescriptorDacl

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
ApplicationRecoveryFinished
RegisterApplicationRestart
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentVariableW
HeapSetInformation
LoadLibraryA
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
HeapFree
GetProcessHeap
HeapAlloc
ReleaseMutex
CreateMutexW
lstrlenW
RaiseException
SetThreadPriority
QueryPerformanceFrequency
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CreateFileW
GetLocalTime
OutputDebugStringW
LoadLibraryW
GetProcAddress
EncodeSystemPointer
OutputDebugStringA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
lstrlenA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
InterlockedExchange
ResumeThread
GetLastError
WriteFile
lstrcmpiW
CreateEventW
SetEvent
InterlockedIncrement
InterlockedDecrement
CreateThread
GetModuleFileNameW
Sleep
GetModuleHandleW
MultiByteToWideChar
FreeLibrary
ReadFile
CreateFileA
GetCurrentThreadId

user32

TranslateMessage
UnregisterClassA
CharNextW
PostThreadMessageW
CharUpperW
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjectsEx

msvcrt

fclose
fwprintf
_wfopen_s
_CIlog
_ftol2
_waccess
_wcsicmp
_CIsqrt
memmove
wcscpy_s
wcsncpy_s
wcscat_s
??_U@YAPAXI@Z
memset
fflush
??2@YAPAXI@Z
memcpy
calloc
_purecall
_vsnwprintf
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
memcpy_s
free
malloc
??_V@YAXPAX@Z
??3@YAXPAX@Z
wprintf
wcsrchr

ole32

GetRunningObjectTable
CoFileTimeNow
StgCreateStorageEx
StgOpenStorageEx
CreateStreamOnHGlobal
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoResumeClassObjects
CreateItemMoniker

oleaut32

SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysFreeString
VarUI4FromStr
SysStringLen

shlwapi

PathAppendA
PathSearchAndQualifyW
PathFindFileNameW
ord212
ord184
PathFindExtensionW
PathFileExistsW
StrCmpIW

shell32

SHGetFolderPathAndSubDirW
SHGetFolderPathAndSubDirA
SHChangeNotify

gdiplus

GdipSetSmoothingMode
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipSaveImageToStream
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdipCreateSolidFill
GdipFillRectangleI
GdipDrawString
GdipCreateFont
GdipGetFontHeight
GdipCloneBrush
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipSetInterpolationMode

winmm

timeGetTime

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wbenxgh
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0229b9c0104d27c53cde6f718af94163

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

shlwapi

shell32

gdiplus

winmm

Sections

.text Size: 232KB - Virtual size: 231KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 33KB - Virtual size: 34KB

wbenxgh Size: 21KB - Virtual size: 24KB

.text
Size: 232KB - Virtual size: 231KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 33KB - Virtual size: 34KB

wbenxgh
Size: 21KB - Virtual size: 24KB