b9b54cb8f0cba8d179c6eba404e1f72a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9b54cb8f0cba8d179c6eba404e1f72a_JaffaCakes118
Size

252KB
MD5

b9b54cb8f0cba8d179c6eba404e1f72a
SHA1

72e0775817aa557ff7a087815eb331a5d1097b3c
SHA256

c063023f94fd8f16f74045fe76c2c1d06408b75025122374d2548760298806e0
SHA512

007693fdc300e3bbb940a5896bef32d1d54ed4acec69ad17af94bb1556bad5a08ffa314377f01efb5f7a69bfdaeedfa4655308a9f7cc1db419a85e257ae3d322
SSDEEP

6144:/A+78qIWD3L1AkFBXVcVnclDuCBVRONMsk:/9L19XVcEDug6E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9b54cb8f0cba8d179c6eba404e1f72a_JaffaCakes118

Files

b9b54cb8f0cba8d179c6eba404e1f72a_JaffaCakes118
.exe windows:6 windows x86 arch:x86

c3e99d46b8de741cdb4e464d7c49b409

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Mats_Run.IEAddon.pdb

Imports

advapi32

FreeSid
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
OpenProcessToken
CreateProcessAsUserW
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
RegQueryValueExW

kernel32

FlushInstructionCache
GetCurrentProcess
GetLastError
GetProcAddress
GetModuleHandleW
GetVersionExW
WriteFile
GetExitCodeProcess
DeleteFileW
UnmapViewOfFile
LoadLibraryW
GetVersionExA
CopyFileW
SetFileAttributesW
GetFullPathNameW
GetCurrentThreadId
CreateDirectoryW
MapViewOfFile
lstrlenW
InterlockedIncrement
HeapAlloc
lstrcmpiW
SetFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateMutexW
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteCriticalSection
LockResource
LoadResource
FindResourceExW
SetLastError
GetUserDefaultUILanguage
GetLocaleInfoW
MulDiv
MultiByteToWideChar
FindResourceW
LoadLibraryExW
GetModuleFileNameW
FormatMessageW
LCMapStringW
GetPrivateProfileStringW
CreateProcessW
CreateFileW
CreateFileMappingW
GetEnvironmentVariableW
GetSystemDirectoryW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
OpenFileMappingW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetSystemInfo
GetCommandLineW
HeapSetInformation
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetNativeSystemInfo
InterlockedExchange
GlobalFree
FindClose
CloseHandle
GetFileAttributesW
FreeLibrary
LocalFree
HeapFree
SizeofResource
GetProcessHeap
InterlockedDecrement
LoadLibraryA
VirtualFree
VirtualAlloc
Sleep
InterlockedCompareExchange
GetStartupInfoW
OutputDebugStringA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
GetSystemDefaultUILanguage
SearchPathW

gdi32

CreateFontIndirectW
CreateSolidBrush
SaveDC
RestoreDC
GetDeviceCaps
SelectObject
SetBkColor
ExtTextOutW
SetTextColor
DeleteDC
SetBkMode
GetTextMetricsW
DeleteObject
GetObjectW

user32

GetWindowTextW
GetWindowTextLengthW
SetForegroundWindow
FindWindowW
UnregisterClassA
SetWindowPos
GetDlgCtrlID
GetParent
ShowWindow
GetClientRect
GetWindowRect
MoveWindow
EnumChildWindows
CreateWindowExW
SendMessageW
EndDialog
GetSystemMetrics
ReleaseDC
GetDC
CallWindowProcW
DrawTextW
GetDlgItem
GetWindowLongW
DialogBoxParamW
DestroyWindow
CharNextW
DefWindowProcW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
SetWindowLongW
GetSysColor
GetWindow
LoadIconW
SystemParametersInfoW
SetWindowTextW
MapWindowPoints

msvcrt

_onexit
_controlfp
isdigit
mbtowc
__mb_cur_max
isleadbyte
isxdigit
localeconv
wctomb
iswctype
wcstombs
__badioinfo
__pioinfo
_read
_fileno
_lock
ungetc
_wcsnicmp
_vsnwprintf
memset
_CxxThrowException
free
_wcsicmp
wcschr
malloc
memcpy
memmove
__setusermatherr
_amsg_exit
_initterm
__p__commode
__dllonexit
_wcmdln
exit
_XcptFilter
_unlock
realloc
??1type_info@@UAE@XZ
?terminate@@YAXXZ
wcsrchr
wcsstr
iswspace
wcsncmp
__CxxFrameHandler
__set_app_type
__p__fmode
_exit
_cexit
__wgetmainargs
calloc
_errno
bsearch

ole32

CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr

wintrust

WinVerifyTrust

shell32

ShellExecuteW
CommandLineToArgvW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ntdll

RtlUnwind
NtQuerySystemInformation
RtlNtStatusToDosError
NtQueryInformationProcess

wininet

InternetGetCookieW
InternetSetCookieW

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3e99d46b8de741cdb4e464d7c49b409

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

oleaut32

wintrust

shell32

version

ntdll

wininet

Sections

.text Size: 117KB - Virtual size: 117KB

.data Size: 1KB - Virtual size: 6KB

.rsrc Size: 620KB - Virtual size: 619KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 117KB - Virtual size: 117KB

.data
Size: 1KB - Virtual size: 6KB

.rsrc
Size: 620KB - Virtual size: 619KB

.reloc
Size: 7KB - Virtual size: 7KB