b34ebfa3675138cd3770f680e6dc8b90_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b34ebfa3675138cd3770f680e6dc8b90_JaffaCakes118
Size

507KB
MD5

b34ebfa3675138cd3770f680e6dc8b90
SHA1

d81d27589970b680b81e74a049e6512f4cd63fae
SHA256

9eddd277752f8832ce4a4cc0ee1a2e26af6423940d2064f7954d5f3aa8f0807f
SHA512

0d4c6cad335ebe12de85780f3aa01e3cb74b02614281be9d47ba506e5e1f7cf77877caa43b91b6f9a39dfaf26653616d8fb44bebff51e1886dff6cb00ea7baf0
SSDEEP

12288:uYlyF+Wp8qaPTW88+Iv9/FWkQWeaZIRYrfHYH4FdVc:uBl8pPTsXsIjHbfc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b34ebfa3675138cd3770f680e6dc8b90_JaffaCakes118

Files

b34ebfa3675138cd3770f680e6dc8b90_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1112ef3b571e3de40347faa3e9cf2db8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsnicmp
wcsrchr
towupper
iswspace
toupper
isalpha
strchr
wcscat
strncpy
memmove
wcstod
qsort
_wfopen
_stricmp
wcscspn
towlower
?terminate@@YAXXZ
_wsplitpath
wcscmp
_wcsupr
wcsncpy
mbstowcs
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_initterm
_CxxThrowException
_ftol
??3@YAXPAX@Z
wcsncmp
strcspn
_itow
__dllonexit
wcslen
_errno
bsearch
strtoul
wcsspn
swscanf
_wcslwr
wcstol
malloc
_except_handler3
iswdigit
iswalpha
swprintf
wcscpy
wcstoul
wcschr
_ultow
sprintf
_adjust_fdiv
wcstombs
isxdigit
??1type_info@@UAE@XZ
fclose
isdigit
__CxxFrameHandler
realloc
free
_wcsicmp
_strnicmp
_onexit
wcsstr
fgets

kernel32

DeviceIoControl
CreateNamedPipeW
DeleteCriticalSection
GetUserDefaultLCID
WaitForMultipleObjects
CreateDirectoryW
WaitForMultipleObjectsEx
GetCurrentThread
ReadFile
LeaveCriticalSection
SetErrorMode
GetThreadPriority
VirtualFree
ConnectNamedPipe
ReleaseMutex
GetSystemTimeAsFileTime
CreateEventW
InterlockedDecrement
IsValidLocale
InterlockedIncrement
FindNextFileW
CompareStringW
GetStringTypeW
GetSystemDirectoryW
GetTickCount
GetOverlappedResult
DuplicateHandle
CreateFileMappingW
LocalFileTimeToFileTime
SwitchToThread
GetFileAttributesW
GetCurrentProcess
IsDBCSLeadByteEx
TransactNamedPipe
GetComputerNameW
EnterCriticalSection
ResumeThread
SetEndOfFile
HeapSize
GetLogicalDrives
DeleteFileW
FlushFileBuffers
GlobalUnlock
CompareFileTime
GlobalFree
GetLastError
InterlockedExchange
GetVersionExW
ExpandEnvironmentStringsW
SetProcessWorkingSetSize
IsBadWritePtr
FreeLibrary
CreateMutexW
SetLastError
GetExitCodeProcess
WaitNamedPipeW
SetFileAttributesW
FileTimeToSystemTime
LoadLibraryA
FoldStringW
CreateFileW
GetModuleFileNameW
SleepEx
GetACP
WriteFile
GetLocalTime
SetUnhandledExceptionFilter
TryEnterCriticalSection
GetThreadTimes
WideCharToMultiByte
GetCPInfo
QueueUserAPC
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
OpenFileMappingW
GetVolumeInformationW
VirtualUnlock
WaitForSingleObjectEx
SetNamedPipeHandleState
RemoveDirectoryW
ReadFileEx
GetProcAddress
HeapFree
GetDiskFreeSpaceW
CloseHandle
SystemTimeToFileTime
QueryPerformanceCounter
FindFirstFileW
GetCalendarInfoW
WriteFileEx
OpenProcess
GetThreadLocale
HeapCreate
LocalAlloc
QueryDosDeviceW
FormatMessageW
GetFileSize
SetFilePointer
LoadLibraryExW
GetDriveTypeW
FindClose
WaitForSingleObject
FlushViewOfFile
DisconnectNamedPipe
SetPriorityClass
GetCurrentDirectoryW
OpenEventW
GlobalLock
SetEvent
MapViewOfFile
ResetEvent
lstrlenA
GlobalAlloc
SearchPathW
GetCurrentProcessId
GetLongPathNameW
SetCurrentDirectoryW
GetSystemDefaultLCID
ReadProcessMemory
GetLocaleInfoW
MultiByteToWideChar
PeekNamedPipe
GetFileAttributesExW
CancelIo
GetSystemPowerStatus
GetSystemInfo
LCMapStringW
SetThreadPriority
GetDiskFreeSpaceExW
HeapDestroy
LocalFree
CreateThread
SetThreadLocale
GetSystemTime
HeapAlloc

user32

RegisterDeviceNotificationW
MsgWaitForMultipleObjects
wsprintfW
DispatchMessageW
TranslateMessage
GetLastInputInfo
UnregisterDeviceNotification
PeekMessageW

ole32

PropSysFreeString
CoCreateInstance
CoTaskMemAlloc
StgConvertPropertyToVariant
PropVariantCopy
FreePropVariantArray
CLSIDFromString
CoFileTimeNow
PropVariantClear
StringFromGUID2
CoInitializeEx
GetClassFile
CoUninitialize
CoGetClassObject
StgConvertVariantToProperty
CoSetProxyBlanket
CreateBindCtx
PropSysAllocString
CoTaskMemFree
StgOpenStorage
CoFreeUnusedLibraries
CreateStreamOnHGlobal
StgPropertyLengthAsVariant

advapi32

StartServiceW
GetSecurityDescriptorLength
InitializeSecurityDescriptor
SetFileSecurityW
ImpersonateLoggedOnUser
RegCloseKey
RegEnumKeyW
LsaOpenSecret
ImpersonateNamedPipeClient
CopySid
QueryServiceStatus
ChangeServiceConfigW
AddAccessAllowedAce
RevertToSelf
GetUserNameW
GetNamedSecurityInfoW
RegOpenKeyExW
LsaClose
RegEnumValueW
RegQueryInfoKeyW
GetLengthSid
RegQueryValueExW
RegConnectRegistryW
RegSetValueExW
SetSecurityDescriptorOwner
LsaCreateSecret
LsaSetSecret
RegOpenKeyW
RegEnumKeyExW
AccessCheck
SetNamedSecurityInfoW
CloseServiceHandle
OpenServiceW
AllocateAndInitializeSid
RegDeleteValueW
LsaOpenPolicy
LsaNtStatusToWinError
AddAce
SetSecurityDescriptorDacl
RegOpenKeyA
RegisterEventSourceW
SetServiceStatus
QueryServiceConfigW
RegisterServiceCtrlHandlerExW
SetSecurityDescriptorGroup
OpenThreadToken
ReportEventW
RegDeleteKeyW
LogonUserW
LsaFreeMemory
SetSecurityDescriptorSacl
DeregisterEventSource
OpenSCManagerW
ControlService
RegCreateKeyExW
LsaRetrievePrivateData
FreeSid
InitializeAcl

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
UuidFromStringW
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer_Release
NdrOleAllocate
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerRelease
IUnknown_QueryInterface_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
NdrDllGetClassObject
CStdStubBuffer_Disconnect
NdrDllRegisterProxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree

ntdll

NtDuplicateToken
NtQuerySystemTime
RtlInitUnicodeString
RtlNtStatusToDosError
RtlFreeHeap
NtQueryInformationToken
NtNotifyChangeDirectoryFile
RtlInitAnsiString
NtNotifyChangeKey
NtQuerySecurityObject
RtlUpcaseUnicodeChar
RtlQueryRegistryValues
RtlOemStringToUnicodeString
NtClose
RtlDosPathNameToNtPathName_U
NtOpenThreadToken
NtSetInformationFile
NtFsControlFile
NtOpenProcessToken
RtlCaptureStackBackTrace
NtCreateFile
NtOpenKey
NtQueryInformationFile
NtQuerySystemInformation
RtlUnicodeStringToOemString
NtWaitForSingleObject
NtQueryVolumeInformationFile
NtQueryDirectoryFile
NtDeviceIoControlFile
NtQueryInformationProcess
NtOpenFile
NtCancelIoFile
NtCreateEvent

shell32

SHGetDesktopFolder
SHBindToParent

Sections

.9618ds
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.B^br5
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.@#RFER
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.N^UHQt
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.h46asrg
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.64h4aer
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1112ef3b571e3de40347faa3e9cf2db8

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ole32

advapi32

rpcrt4

ntdll

shell32

Sections

.9618ds Size: 2KB - Virtual size: 1KB

.B^br5 Size: 512B - Virtual size: 2B

.@#RFER Size: 171KB - Virtual size: 170KB

.N^UHQt Size: 58KB - Virtual size: 57KB

.h46asrg Size: 176KB - Virtual size: 176KB

.64h4aer Size: 97KB - Virtual size: 97KB

.9618ds
Size: 2KB - Virtual size: 1KB

.B^br5
Size: 512B - Virtual size: 2B

.@#RFER
Size: 171KB - Virtual size: 170KB

.N^UHQt
Size: 58KB - Virtual size: 57KB

.h46asrg
Size: 176KB - Virtual size: 176KB

.64h4aer
Size: 97KB - Virtual size: 97KB