a9e1d7e30677702211b430a6bfe8ecc3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a9e1d7e30677702211b430a6bfe8ecc3_JaffaCakes118
Size

489KB
MD5

a9e1d7e30677702211b430a6bfe8ecc3
SHA1

412c5b3e6f1995c364e219bbea62e446532c216b
SHA256

260a23e0fa08a6b3a013e36f905cce8ca9459409249772bbd0dc00379ecb58d5
SHA512

9cd5d24e4d1fb309363f4f5987d4c19bb9a8cd81dafc371f1555db50f4c0cee80ed6b200108a2711f3d807f3d080daab6d39591934dd2e8e100b9b3c03a76aa0
SSDEEP

6144:RzXyBZusr3sskWvNou/N7BTslexnKq2Lu8Ieq2EFNAOb1dtzzUwVsl1f1sI8YVXb:RzXbWFoiCSKqQoQEFV1UX72saul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9e1d7e30677702211b430a6bfe8ecc3_JaffaCakes118

Files

a9e1d7e30677702211b430a6bfe8ecc3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

18f9929d36dc5ecd65c8702427496d34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_snprintf
sprintf
_vsnprintf
strrchr
wcsncpy
_wcsicmp
wcsstr
_except_handler3
_adjust_fdiv
malloc
_initterm
free
_snwprintf

advapi32

ChangeServiceConfigW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegOpenKeyW
CloseServiceHandle
StartServiceW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
RegDeleteValueW
QueryServiceStatus
ControlService
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyW
RegCreateKeyExW
RegSetValueExA
RegCreateKeyA
RegSetValueW
RegCreateKeyExA

gdi32

DeleteDC
GetDeviceCaps
CreateDCW
CreateFontIndirectW

kernel32

lstrcatW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
Sleep
WaitForSingleObject
LocalFree
CloseHandle
ReleaseMutex
CompareStringW
GetPrivateProfileStringW
GetWindowsDirectoryW
CreateProcessW
DeleteFileW
lstrcmpiW
lstrcmpW
MultiByteToWideChar
lstrcpyA
CompareStringA
lstrcpynW
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
lstrcpyW
SetLastError
LocalAlloc
GetModuleHandleW
GetModuleFileNameW
WriteFile
HeapFree
CreateMutexA
HeapAlloc
GetProcessHeap
FlushFileBuffers
SetFilePointerEx
CreateFileA
GetPrivateProfileStructW
GetLocalTime
GetModuleFileNameA
lstrcpynA
CreateMutexW

user32

FindWindowW
SetForegroundWindow
wsprintfW
ShowWindow
SetWindowTextW
SystemParametersInfoW
MessageBoxW
LoadIconW
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItem
SetFocus
LoadStringW
IsWindow
GetWindowLongW
SetWindowLongW
GetParent
SendMessageW
GetActiveWindow

ole32

CoInitialize
CoUninitialize
CoCreateInstance

cfgmgr32

CM_Get_DevNode_Status

setupapi

SetupDefaultQueueCallbackW
SetupGetStringFieldW
SetupFindFirstLineW
SetupDiRegisterDeviceInfo
SetupCloseInfFile
SetupDiGetActualSectionToInstallW
SetupOpenInfFileW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiGetSelectedDevice
SetupQueryInfVersionInformationW
SetupGetInfInformationW
SetupDiGetDriverInstallParamsW
SetupDiEnumDriverInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiClassGuidsFromNameW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInterfaceRegKey
SetupDiEnumDeviceInterfaces
SetupDiSetClassInstallParamsW
SetupDiGetClassInstallParamsW
SetupDiGetWizardPage
SetupDiCallClassInstaller
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiCreateDeviceInfoW
SetupDiClassNameFromGuidW
SetupDiCreateDeviceInfoList
SetupDiRemoveDevice
SetupDiDeleteDevRegKey
SetupDiRemoveDeviceInterface
SetupDiDeleteDeviceInterfaceRegKey
SetupDiGetDeviceInterfaceDetailW
SetupFindNextLine
SetupDiCreateDeviceInterfaceRegKeyW
SetupOpenAppendInfFileW
SetupDiCreateDeviceInterfaceW
SetupTermDefaultQueueCallback
SetupDiInstallDevice
SetupInitDefaultQueueCallbackEx
SetupDiCreateDevRegKeyW
SetupDiSetDriverInstallParamsW

shell32

SHSetLocalizedName
SHGetFolderPathW

mscms

InstallColorProfileW
AssociateColorProfileWithDeviceW

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AppS
Size: 1024B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pph55
Size: 1024B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhpp7
Size: 1024B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ppkS
Size: 1024B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.4QUl2
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JAKQI
Size: 1024B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kajsd
Size: 1024B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JAKSQ
Size: 1024B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.9102
Size: 1024B - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18f9929d36dc5ecd65c8702427496d34

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

gdi32

kernel32

user32

ole32

cfgmgr32

setupapi

shell32

mscms

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 3KB

.AppS Size: 1024B - Virtual size: 188B

.pph55 Size: 1024B - Virtual size: 204B

.fhpp7 Size: 1024B - Virtual size: 210B

.ppkS Size: 1024B - Virtual size: 216B

.4QUl2 Size: 443KB - Virtual size: 442KB

.JAKQI Size: 1024B - Virtual size: 160B

.kajsd Size: 1024B - Virtual size: 140B

.JAKSQ Size: 1024B - Virtual size: 110B

.9102 Size: 1024B - Virtual size: 98B

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 298B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 3KB

.AppS
Size: 1024B - Virtual size: 188B

.pph55
Size: 1024B - Virtual size: 204B

.fhpp7
Size: 1024B - Virtual size: 210B

.ppkS
Size: 1024B - Virtual size: 216B

.4QUl2
Size: 443KB - Virtual size: 442KB

.JAKQI
Size: 1024B - Virtual size: 160B

.kajsd
Size: 1024B - Virtual size: 140B

.JAKSQ
Size: 1024B - Virtual size: 110B

.9102
Size: 1024B - Virtual size: 98B

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 298B