aa2c54525594b31c54b9fce2e396cbfd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa2c54525594b31c54b9fce2e396cbfd_JaffaCakes118
Size

324KB
MD5

aa2c54525594b31c54b9fce2e396cbfd
SHA1

39394398a0b4c8f9eb22a0f30fc2b6635d253c22
SHA256

7b6f7b017a00bace7e52e583a0509c797ba6515b1d74423369b2b71fc31c6bc9
SHA512

5ed575af9f1f64e16aafda9e5d0b3b53c6619a9007ac17ce62515306fda84c17d6c50c1cdf96248fca2ea71d39e591f155d70be43a14380ceac7309ad010bc6d
SSDEEP

6144:1+epy6U06PgmtznYKpv/pQ2wDKOguxNgAMeS/jA3:4epy6D6PgmpYK1pQ2wvZN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa2c54525594b31c54b9fce2e396cbfd_JaffaCakes118

Files

aa2c54525594b31c54b9fce2e396cbfd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

73d6b2caa83e81acdbcf6f90f6fef86e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sandbox\92933\Muroc\Registry\RegSrvc\Release\RegSrvc.pdb

Imports

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiSetClassInstallParamsA
SetupDiChangeState
SetupDiDestroyDeviceInfoList

kernel32

ExitProcess
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
GetStartupInfoA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
GetVersion
lstrcmpiA
lstrcmpiW
lstrlenA
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
CloseHandle
WaitForSingleObject
CreateEventA
InterlockedIncrement
SizeofResource
LockResource
LoadResource
FindResourceA
LocalFree
EnterCriticalSection
LeaveCriticalSection
WriteFile
CreateFileA
GetSystemDirectoryA
TerminateProcess
CreateProcessA
SetLastError
GetTickCount
Sleep
LocalAlloc
InterlockedDecrement
GetComputerNameExA
GetModuleFileNameA
lstrcpyA
HeapReAlloc
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
HeapFree
GetFileTime
GetFileAttributesA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
DeleteFileA
MoveFileA
SetErrorMode
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetOEMCP
GetCPInfo
ConvertDefaultLocale
EnumResourceLanguagesA
GlobalFlags
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetProcAddress
lstrcmpA
SystemTimeToFileTime
FileTimeToSystemTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalFree
CopyFileA
MulDiv
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
GetCommandLineA
GetModuleHandleA
LoadLibraryExA
FreeLibrary
GetCurrentThreadId
lstrcpynA
IsDBCSLeadByte
GetCurrentThread
GetCurrentProcess
lstrcatA

user32

PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
DestroyMenu
GetMenuItemInfoA
InflateRect
wsprintfA
ClientToScreen
GetDesktopWindow
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
CharLowerA
CharLowerW
CharUpperA
CharUpperW
UnregisterClassA
CharNextA
LoadStringA
PostThreadMessageA
SetFocus
IsChild
SetCursor
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
GetMenu
PostMessageA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoA
RegisterClassA
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
ShowOwnedPopups
DeleteMenu
DestroyIcon
GetFocus
ModifyMenuA
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDialogBaseUnits
GetForegroundWindow
DispatchMessageA
GetMessageA
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
SendMessageA
IsWindowVisible
GetActiveWindow
TranslateMessage
CallNextHookEx
SetWindowsHookExA
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetWindowTextLengthA
GetWindowTextA
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
IsWindow

gdi32

GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
ScaleWindowExtEx
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsA
MoveToEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
GetDeviceCaps
CopyMetaFileA
CreateDCA
CreateBitmap
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
GetObjectA
DeleteObject
CreateFontIndirectA
CreateCompatibleDC
BitBlt
ExtTextOutA
GetTextExtentPoint32A
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
EnumMetaFile
SelectClipRgn
LineTo

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

LsaOpenPolicy
RegCreateKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegSetValueA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenThreadToken
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
DeleteService
CreateServiceA
ChangeServiceConfig2A
RegCloseKey
LsaNtStatusToWinError
LsaRetrievePrivateData
LsaFreeMemory
LsaClose
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegEnumValueA
QueryServiceConfigA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegNotifyChangeKeyValue

shell32

ExtractIconA
SHGetFileInfoA

comctl32

ord17

shlwapi

PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

ole32

ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoInitialize
CoInitializeSecurity
ReadClassStg
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoSetProxyBlanket
CoCreateInstance
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
OleDuplicateData
CoDisconnectObject
CLSIDFromString
CoUninitialize

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SysAllocString
VarBstrCat
SysAllocStringLen
VariantCopy
SafeArrayPutElement
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
VariantChangeType
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
GetErrorInfo
SetErrorInfo
CreateErrorInfo

Sections

.text
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73d6b2caa83e81acdbcf6f90f6fef86e

Headers

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 236KB - Virtual size: 233KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 236KB - Virtual size: 233KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 12KB - Virtual size: 11KB