bde3fd0937e7dafe7bfb2cf29a279d43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bde3fd0937e7dafe7bfb2cf29a279d43_JaffaCakes118
Size

251KB
MD5

bde3fd0937e7dafe7bfb2cf29a279d43
SHA1

961e298dc2511b2fa1b004b06610711e28bec6c7
SHA256

06b9f012d3d0a69dc487218dd49b595f5208fb407a037f7a7ed62a48bbe8d710
SHA512

6d97fa5ead3eae9101eea3f3c381eddc9a69601b242d3ae40914061371c50a1e2c2c939d2c899fbac55f2b580d3578622769c28d68eeab4f3e19d7dc27db16fb
SSDEEP

6144:POWPOtNVYPknYLcfT6gNmn9tsRlrPP68MrEJ0gsm2JG1c5:P9POdYPdL38X/smZ1c5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bde3fd0937e7dafe7bfb2cf29a279d43_JaffaCakes118

Files

bde3fd0937e7dafe7bfb2cf29a279d43_JaffaCakes118
.exe windows:0 windows x86 arch:x86

0799fa9cc4982bb49f439f2a55c801be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

ShowWindow
GetWindowLongW
GetClientRect
SetDlgItemInt
GetDesktopWindow
IsWindowEnabled
EndDialog
EnableWindow
UpdateWindow
SetFocus
IsDialogMessageW
LoadStringA
CheckRadioButton
ReleaseDC
PostMessageW
wsprintfW
GetWindowRect
GetDlgItemInt

ole32

CoInitialize
CoUninitialize
CoInitializeSecurity

advapi32

RegQueryValueExW
RegNotifyChangeKeyValue
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW

comctl32

ImageList_Create
ImageList_Destroy

pdh

PdhSelectDataSourceW
PdhEnumMachinesHW
PdhRelogA
PdhValidatePathA
PdhCollectQueryDataEx
PdhMakeCounterPathA
PdhParseInstanceNameA
PdhAdd009CounterW
PdhTranslateLocaleCounterA
PdhConnectMachineA
PdhGetDataSourceTimeRangeA
PdhFormatFromRawValue
PdhParseCounterPathA
PdhAddCounterW
PdhValidatePathW
PdhBrowseCountersW
PdhGetRawCounterValue
PdhVbGetDoubleCounterValue
PdhRemoveCounter
PdhLookupPerfIndexByNameW
PdhGetDataSourceTimeRangeW
PdhVbCreateCounterPathList
PdhLookupPerfNameByIndexW
PdhEnumLogSetNamesW
PdhEnumObjectsW
PdhListLogFileHeaderA
PdhCloseLog
PdhGetFormattedCounterValue
PdhGetDefaultPerfObjectA
PdhOpenQueryA
PdhConnectMachineW
PdhCollectQueryData
PdhUpdateLogA
PdhBrowseCountersHA
PdhGetFormattedCounterArrayA
PdhVbGetLogFileSize
PdhEnumMachinesA
PdhVerifySQLDBW
PdhEnumObjectItemsW
PdhOpenQueryW
PdhGetRawCounterArrayA
PdhBindInputDataSourceA
PdhVbGetOneCounterPath
PdhReadRawLogRecord
PdhListLogFileHeaderW
PdhGetCounterInfoA
PdhVbAddCounter
PdhGetRawCounterArrayW

kernel32

GetStringTypeW
SetStdHandle
GetSystemTimeAsFileTime
TlsGetValue
lstrcmpW
CompareFileTime
WriteFile
GetStdHandle
GetCurrentThreadId
InitializeCriticalSection
SetEvent
HeapAlloc
QueryPerformanceCounter
VirtualAlloc
GetModuleFileNameA
CloseHandle
VirtualAlloc
GetModuleHandleA
TlsAlloc
GlobalAlloc
VirtualFree
GetProcessHeap
HeapReAlloc
VirtualFree
SetLastError
EnterCriticalSection
LCMapStringW
IsBadWritePtr
FreeLibrary
GetLocaleInfoA
GetFileType
ExitProcess
FreeEnvironmentStringsW
GetFullPathNameW
WaitForMultipleObjects
GetCommandLineA
CreateEventW
GetLastError
GetCommandLineW
HeapDestroy
InterlockedIncrement
GetTickCount
Sleep
GetCPInfo
LeaveCriticalSection
MultiByteToWideChar
CreateThread
WaitForSingleObject
SetUnhandledExceptionFilter
CloseHandle
GetProcAddress
GetStartupInfoW
LocalFree
IsBadReadPtr
GetCurrentDirectoryW
LoadLibraryA
GetVersionExW

rtm

RtmReferenceHandles
RtmDeleteNextHop
DestroyTable
RtmLockNextHop
RtmGetRoutePointer
RtmBlockSetRouteEnable
RtmReleaseRoutes
RtmGetLessSpecificDestination
CreateTable
RtmGetExactMatchRoute
RtmReadInstanceConfig
RtmWriteAddressFamilyConfig
RtmIsMarkedForChangeNotification
RtmDeregisterClient
RtmGetEnumNextHops
MgmGroupEnumerationEnd
MgmGetMfeStats
CheckTable
RtmReleaseDests
RtmCreateRouteEnum
RtmGetNetworkCount
RtmGetEnumDests
RtmGetInstances
RtmReleaseDestInfo
RtmLockRoute
RtmDeleteRoute
DeleteFromTable
RtmDeleteRouteList
RtmCreateRouteListEnum
InsertIntoTable
RtmDeregisterEntity
RtmDeleteRouteTable
RtmGetExactMatchDestination
RtmGetNextHopInfo
RtmLockDestination
RtmGetEntityInfo
RtmWriteInstanceConfig
RtmReleaseRouteInfo
MgmDeRegisterMProtocol
MgmGetMfe
RtmGetRouteInfo
RtmHoldDestination
RtmRegisterClient
RtmDereferenceHandles
NextMatchInTable
RtmAddRouteToDest
RtmLookupIPDestination
RtmGetMostSpecificDestination
RtmGetOpaqueInformationPointer
MgmRegisterMProtocol

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0799fa9cc4982bb49f439f2a55c801be

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

advapi32

comctl32

pdh

kernel32

rtm

Sections

.text Size: 189KB - Virtual size: 189KB

.data Size: 40KB - Virtual size: 39KB

.rsrc Size: 21KB - Virtual size: 596KB

.text
Size: 189KB - Virtual size: 189KB

.data
Size: 40KB - Virtual size: 39KB

.rsrc
Size: 21KB - Virtual size: 596KB