b784db38125a12564ac0907aff971325_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b784db38125a12564ac0907aff971325_JaffaCakes118
Size

2.2MB
MD5

b784db38125a12564ac0907aff971325
SHA1

9102c867426495aeddd9079e55db786e278a05ae
SHA256

329b663b5c4a674e541c04a9991052e9e8feb54e11889237d944721c4e777a44
SHA512

3aac00bb9e1d7efce15ecf2bf7066f88aa02362a2594e08046b1d48ce536c26901de2b3114736c05b4142b6724ba9d28370a14f3b758d15b1b019bc3f7ba4b90
SSDEEP

49152:FFnaPaYcPd4fwtOZ9uaF1fPf+wOLBJKeHSJpQ/Xf3UxfxkJJn:XlzoZ9FF1fH+wOVJlHSJpQ3kxxkJ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b784db38125a12564ac0907aff971325_JaffaCakes118

Files

b784db38125a12564ac0907aff971325_JaffaCakes118
.exe windows:5 windows x86 arch:x86

69656772a686bb855e5e2abe9965a150

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mtxoci.pdb

Imports

user32

DialogBoxParamW
EndDialog
SetDlgItemTextW
CloseWindowStation
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
GetDesktopWindow
GetWindowRect
GetClientRect
MapWindowPoints
SetWindowPos
OpenDesktopW
SetThreadDesktop
GetThreadDesktop
CloseDesktop
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
wsprintfA
LoadStringW
wsprintfW

kernel32

FormatMessageW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
ReleaseMutex
DebugBreak
RaiseException
CreateFileW
GetWindowsDirectoryW
CreateMutexW
GetLocalTime
WriteFile
SetFilePointer
lstrcatA
lstrcpyA
lstrlenA
LocalFree
InterlockedCompareExchange
GetModuleHandleW
GetVersionExW
GetSystemInfo
CreateSemaphoreW
Sleep
ReleaseSemaphore
SetLastError
GetComputerNameW
WideCharToMultiByte
GetSystemDirectoryW
SearchPathW
GlobalFree
GlobalAlloc
GlobalMemoryStatusEx
ResetEvent
CreateThread
DuplicateHandle
GetFileAttributesW
InitializeCriticalSection
PostQueuedCompletionStatus
InterlockedExchangeAdd
QueryPerformanceFrequency
CreateIoCompletionPort
InterlockedExchange
FreeLibraryAndExitThread
GetQueuedCompletionStatus
SetThreadPriority
OutputDebugStringA
LoadLibraryA
lstrcmpA
lstrcmpiW
GetModuleFileNameA
VirtualQueryEx
lstrcpynW
LockResource
LoadResource
FindResourceW
FindClose
DeleteFileW
GetCurrentProcess
FindNextFileW
FindFirstFileW
GetExitCodeProcess
CreateProcessW
ExpandEnvironmentStringsW
CreateDirectoryW
GetThreadContext
IsDebuggerPresent
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
GetLastError
DisableThreadLibraryCalls
GetVersionExA
LoadLibraryW
CreateEventA
GetCurrentThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
InterlockedIncrement
lstrcmpW
CompareStringW
SetFileAttributesW
InterlockedDecrement
GetUserDefaultLCID
SetEvent
GetCurrentThreadId
CloseHandle
WaitForSingleObject
CreateEventW
lstrcpyW
lstrcatW
FreeLibrary
GetProcAddress

ole32

StringFromCLSID
CoGetMalloc
CoGetObjectContext
FreePropVariantArray
PropVariantClear
PropVariantCopy
CoUnmarshalInterface
IIDFromString
CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoRevertToSelf
CoMarshalInterface
CoImpersonateClient
CreateStreamOnHGlobal
CoCreateInstance
CoEnableCallCancellation
CoDisableCallCancellation
StringFromGUID2
CoGetObject
StringFromIID
CLSIDFromString
CoGetClassObject
CoSetProxyBlanket
CoCancelCall
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid

advapi32

RegQueryInfoKeyW
SetThreadToken
RegisterServiceCtrlHandlerW
RegDeleteValueW
DeleteService
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CreateServiceW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
QueryServiceStatus
SetServiceStatus
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD
MakeSelfRelativeSD
IsValidSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetSecurityDescriptorLength
LookupAccountSidW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
EqualSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
FreeSid
AllocateAndInitializeSid
RegOpenKeyW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW
GetUserNameW
OpenThreadToken
OpenProcessToken
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
RegUnLoadKeyW
RegLoadKeyW
RegEnumValueW

rpcrt4

NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
NdrDllUnregisterProxy
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrStubCall2
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrStubForwardingFunction

version

VerQueryValueW

msvcrt

wcslen
_onexit
__dllonexit
_adjust_fdiv
_initterm
_wstrdate
_wstrtime
_waccess
_vsnwprintf
wcsrchr
__CxxFrameHandler
_vsnprintf
_beginthreadex
_CIexp
_ftol
wcstoul
wcscpy
malloc
_wcsicmp
wcscmp
_wcsnicmp
iswctype
_except_handler3
_local_unwind2
_itow
wcscat
free

ntdll

RtlDelete
RtlSplay
RtlInitializeCriticalSectionAndSpinCount
RtlDeleteCriticalSection
RtlInitializeCriticalSection

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69656772a686bb855e5e2abe9965a150

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

ole32

advapi32

rpcrt4

version

msvcrt

ntdll

Sections

.text Size: 77KB - Virtual size: 76KB

.data Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 77KB - Virtual size: 76KB

.data
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 15KB - Virtual size: 15KB