c181eb11c447b79f5872f64fc0a67784_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c181eb11c447b79f5872f64fc0a67784_JaffaCakes118
Size

141KB
MD5

c181eb11c447b79f5872f64fc0a67784
SHA1

7254785a97f2542ab074beedcf9ed5f551587ac3
SHA256

3a179f159d7659a77e5159f56e01130efe280e1297b98b45a34412f2b7d2fce8
SHA512

2eb5603160b00448447eab08b0489683a493a86df4c1a95a24d8553463afd1bbbcf7adcd3d43a350854c71f981de022dbb74233f43dabadfc8fa692e0a295780
SSDEEP

3072:16G+MrgBovmxUhOUIvYCFSNVpg3AkPmwjrSa22ZqUwT4BPVXU+Tw6IejwCpKN2i/:16MkBoOmhOLFKkPDjf22ZqU1NE+jIena

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c181eb11c447b79f5872f64fc0a67784_JaffaCakes118

Files

c181eb11c447b79f5872f64fc0a67784_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c4221f9951e60dbdc0a06eb87459aafd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ole32

CoInitializeEx
StringFromCLSID
CoTaskMemRealloc
CoCreateInstance
CoRevertToSelf
CoDisconnectObject
CoTaskMemAlloc
CoGetCallContext
CoUninitialize
StringFromGUID2
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
StringFromIID
CoCreateGuid
CoImpersonateClient
CoRegisterClassObject
CLSIDFromString
CoGetClassObject
CoQueryProxyBlanket
CoRevokeClassObject

advapi32

GetSecurityDescriptorOwner
DeleteService
GetUserNameA
AllocateAndInitializeSid
SetSecurityDescriptorDacl
CreateServiceA
SetServiceStatus
AddAccessDeniedAce
InitializeSid
CopySid
InitializeAcl
AddAccessAllowedAce
IsValidSecurityDescriptor
RegQueryValueExA
RegisterEventSourceA
OpenProcessToken
FreeSid
QueryServiceStatus
ChangeServiceConfigA
MakeAbsoluteSD
GetAce
GetSecurityDescriptorGroup
RegConnectRegistryA
SetThreadToken
OpenThreadToken
RegEnumKeyA
SetSecurityDescriptorSacl
AdjustTokenPrivileges
MakeSelfRelativeSD
StartServiceCtrlDispatcherA
ControlService
RegEnumKeyExA
SetSecurityDescriptorOwner
GetSecurityDescriptorDacl
RegSetKeySecurity
OpenServiceA
LookupAccountSidA
AccessCheck
LookupAccountSidW
GetSecurityDescriptorControl
GetAclInformation
EqualSid
RegDeleteValueA
AddAce
GetSecurityDescriptorSacl
RegDeleteKeyA
RegSetValueExA
GetLengthSid
RegQueryInfoKeyA
OpenSCManagerA
IsValidSid
ReportEventA
RegOpenKeyExA
GetSidSubAuthority
SetSecurityDescriptorGroup
GetSidLengthRequired
InitializeSecurityDescriptor
PrivilegeCheck
DuplicateToken
DeregisterEventSource
CloseServiceHandle
RegCreateKeyExA
RegCloseKey
LookupAccountNameA
LookupPrivilegeValueA
GetSecurityDescriptorLength
GetTokenInformation
RegCreateKeyA
RegEnumValueA
RegisterServiceCtrlHandlerA
DuplicateTokenEx
RegQueryValueExW
RegOpenKeyExW

shlwapi

PathFindExtensionA

kernel32

LockResource
LocalSize
Sleep
InitializeCriticalSection
FindFirstFileA
UnmapViewOfFile
ReadFile
GetACP
GetModuleFileNameA
WriteProfileStringA
GetProcAddress
FindClose
lstrcpyA
VirtualFree
VirtualQuery
CompareStringA
SetLastError
FreeEnvironmentStringsW
ReleaseMutex
CreateProcessW
GetSystemDirectoryA
GetModuleFileNameW
VirtualAlloc
HeapDestroy
GetCurrentThreadId
GetCurrentThread
QueryPerformanceCounter
lstrlenW
WritePrivateProfileStringA
GetPrivateProfileSectionA
ClearCommError
DuplicateHandle
GetStdHandle
GetVersion
HeapAlloc
CreateFileA
IsBadWritePtr
IsBadCodePtr
LoadLibraryW
GetEnvironmentStrings
GetLocaleInfoA
FreeEnvironmentStringsA
SetFilePointer
HeapReAlloc
TerminateThread
FreeLibrary
ReadProcessMemory
GetOEMCP
SetUnhandledExceptionFilter
EnterCriticalSection
TlsAlloc
GetModuleHandleW
CreateProcessA
InterlockedCompareExchange
GetSystemInfo
WaitForSingleObject
SetErrorMode
HeapCreate
GetProcessHeap
LocalFree
FindResourceA
GetFileType
InterlockedExchange
lstrcmpiA
IsBadReadPtr
SetEnvironmentVariableA
CompareStringW
GetModuleHandleA
CreateThread
LocalAlloc
GetPrivateProfileSectionNamesA
CreateEventA
FormatMessageA
GetSystemTimeAsFileTime
CreateFileMappingA
MultiByteToWideChar
LoadLibraryExA
DeleteCriticalSection
EnumResourceNamesW
ExitProcess
InterlockedDecrement
OpenProcess
SetLastError
GetStringTypeA
lstrcpynA
GetProfileStringA
CloseHandle
GetThreadLocale
GetTickCount
FlushFileBuffers
GetProcessTimes
SetEndOfFile
GetCPInfo
GetLastError
InterlockedIncrement
LoadResource
TlsGetValue
GetStartupInfoA
ExitProcess
GetPrivateProfileIntA
FindResourceExA
SetEvent
RtlUnwind
GetStringTypeW
GetExitCodeProcess
lstrcatA
LCMapStringA
HeapSize
WideCharToMultiByte
WriteFile
GetEnvironmentStringsW
CreateMutexA
GetCurrentProcess
GetCurrentProcessId
GetPrivateProfileStringA
GetCommandLineA
GetComputerNameA
TlsFree
MapViewOfFile
CreateDirectoryA
TerminateProcess
SetStdHandle
IsDBCSLeadByte
lstrlenA
GetFileAttributesA
LeaveCriticalSection
RaiseException
SizeofResource
SetHandleCount
TlsSetValue
UnhandledExceptionFilter
LCMapStringW
LoadLibraryA
VirtualProtect
GetVersionExA
HeapFree

user32

SetTimer
LoadStringA
PostThreadMessageA
wsprintfW
GetWindowTextA
MessageBoxA
EnumWindows
GetMessageA
GetWindowThreadProcessId
KillTimer
DispatchMessageA
CharUpperA
IsWindowVisible
PeekMessageA
CharNextA
wsprintfA

rpcrt4

RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
RpcStringBindingComposeA
NdrClientCall
RpcStringFreeA

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4221f9951e60dbdc0a06eb87459aafd

Headers

File Characteristics

Imports

version

ole32

advapi32

shlwapi

kernel32

user32

rpcrt4

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 33KB - Virtual size: 33KB

.rscr Size: 512B - Virtual size: 348KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 33KB - Virtual size: 33KB

.rscr
Size: 512B - Virtual size: 348KB