af3e84c4ac7731b58d6130fdda29d613_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af3e84c4ac7731b58d6130fdda29d613_JaffaCakes118
Size

171KB
MD5

af3e84c4ac7731b58d6130fdda29d613
SHA1

a3dc36540a53e3df4e4dad058923f6499da0a86b
SHA256

ae154a62d50776100b3926f0043b1d6d428935b0a01a66b9a41f030ef75fea5d
SHA512

deb35528dc38625b197a15d4d8178002dcf35131e7661e3abfd7b98318586e3463b9d04abde8840391d694ca32231033a052bd288a9410b0d816271ce991e10c
SSDEEP

3072:t4ueHJVwVYkl0qfYB1ox0bCqKstrEZt6UZpLXjN50RifsDCtAE3kHQy3o1Ew3MB:tRepVwakl0fm0bCwdk0UZpjL0Rifs+3K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af3e84c4ac7731b58d6130fdda29d613_JaffaCakes118

Files

af3e84c4ac7731b58d6130fdda29d613_JaffaCakes118
.exe windows:7 windows x86 arch:x86

b3bc69003f51b0ec277d9dbeae9a9ed2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrByteCountPointerFree
MesEncodeFixedBufferHandleCreate
MesIncrementalHandleReset
DllGetClassObject
NDRSContextMarshall
CreateStubFromTypeInfo
NdrAllocate
NdrAsyncServerCall
MesBufferHandleReset
CStdStubBuffer_CountRefs
NdrByteCountPointerUnmarshall
NDRcopy
NDRSContextMarshallEx
NDRCContextBinding
NdrClientInitialize
NdrAsyncClientCall
NdrByteCountPointerBufferSize
DllRegisterServer
MesDecodeIncrementalHandleCreate
NDRCContextMarshall
DceErrorInqTextW
MesHandleFree
MesInqProcEncodingId
NdrConformantStructBufferSize

oleaut32

SafeArrayGetLBound
VariantCopyInd
SafeArrayCreate
RegisterTypeLib
SysReAllocStringLen
VariantInit
VariantChangeType
SafeArrayAccessData
OleLoadPicture
SysStringLen
LoadTypeLibEx
SysAllocStringLen
GetActiveObject
SafeArrayPutElement
SafeArrayPtrOfIndex
SetErrorInfo
VariantCopy
SafeArrayGetElement
SafeArrayUnaccessData
VariantClear
GetErrorInfo
SysAllocStringByteLen
SysFreeString
LoadTypeLib
VariantChangeTypeEx

dnsapi

DnsCopyStringEx

kernel32

GetTempPathA
LockResource
ExitProcess
LoadResource
GetCurrentProcess
IsDBCSLeadByte
OpenProcess
CreateFileMappingA
GetExitCodeProcess
DeviceIoControl
RemoveDirectoryW
RaiseException
AddAtomW
SetThreadPriority
GetLastError
CreateMutexA
MulDiv
VirtualAlloc
CreateProcessW
WriteConsoleW
CreateFileMappingW
CopyFileW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
OutputDebugStringW
GetCommandLineW
ReleaseSemaphore
GetFullPathNameW
lstrcatW
FindNextFileA
IsBadCodePtr
ResumeThread
CreateMutexW
IsValidCodePage
VirtualFree
FindResourceA
CreateDirectoryA
SetFileAttributesA
LoadLibraryExA
CloseHandle

advapi32

RegQueryValueExA
RegDeleteKeyW
RegDeleteKeyA
FreeSid
AllocateAndInitializeSid
RegEnumValueW
RegSetValueExW
OpenThreadToken
RegCreateKeyExA
RegQueryInfoKeyW
RegOpenKeyExA
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueA
RegOpenKeyExW
GetTokenInformation
RegSetValueExA
RegEnumKeyExA
RegEnumKeyExW
InitializeSecurityDescriptor
OpenProcessToken
CloseServiceHandle

shell32

SHChangeNotifyDeregister
DllInstall
SHChangeNotifyRegister
SHStartNetConnectionDialogW
SHGetSetSettings
Shell_MergeMenus
Shell_GetCachedImageIndex
Shell_GetImageLists
DragAcceptFiles
SHILCreateFromPath
PifMgr_OpenProperties
DAD_DragMove
PathResolve
SHCoCreateInstance
DAD_DragEnterEx
GetFileNameFromBrowse
DllGetClassObject
DllUnregisterServer
IsNetDrive
SHDefExtractIconW
DAD_DragLeave
DriveType
DllRegisterServer
DragFinish
PathQualify
RestartDialog
DllGetVersion
DllCanUnloadNow
PickIconDlg
IsLFNDrive

user32

SetWindowPos
ReleaseDC
GetDlgItem
SetTimer
TranslateMessage
GetSystemMetrics
DispatchMessageA
GetWindowLongW
SetCursor
SetWindowLongW
SendMessageW
SendMessageA
LoadStringW
IsWindow
GetDesktopWindow
MessageBoxA
GetClientRect
CreateWindowExA
UpdateWindow
GetParent
DestroyWindow
EndDialog
ShowWindow
EnableWindow
PostQuitMessage
GetSysColor
wsprintfA
SetFocus
PostMessageW
SetWindowLongA
CharNextA
MessageBoxW
InvalidateRect
wsprintfW

Sections

.textbss
Size: - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b3bc69003f51b0ec277d9dbeae9a9ed2

Headers

File Characteristics

Imports

rpcrt4

oleaut32

dnsapi

kernel32

advapi32

shell32

user32

Sections

.textbss Size: - Virtual size: 476KB

.debug Size: 15KB - Virtual size: 14KB

.text Size: 512B - Virtual size: 454B

.idata Size: 103KB - Virtual size: 103KB

.rdata Size: 16KB - Virtual size: 16KB

.rsrc Size: 18KB - Virtual size: 18KB

.data Size: 16KB - Virtual size: 16KB

.textbss
Size: - Virtual size: 476KB

.debug
Size: 15KB - Virtual size: 14KB

.text
Size: 512B - Virtual size: 454B

.idata
Size: 103KB - Virtual size: 103KB

.rdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 18KB - Virtual size: 18KB

.data
Size: 16KB - Virtual size: 16KB