c1eab59991bb9b507aef673b7118131d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1eab59991bb9b507aef673b7118131d_JaffaCakes118
Size

250KB
MD5

c1eab59991bb9b507aef673b7118131d
SHA1

2f77956a81b0de9738061f53b9116d325e9ca2aa
SHA256

6a007c8c6c708ad7c1c9ac78c441ce378c643adab1aabc404ee8d1fabaa8a610
SHA512

faf30d203464e16e5a7dd547ed4ea8da75aadad04e65defcf109f21a2a6a9d158faf24441c4db7c4db1a8f478262e5f207e2e78080bb5b2e0f616f7bb6f9f466
SSDEEP

6144:PJ6aBX2bXTIavH9W5MivbVe67tn3OsbRJy+w4XYiPr7/Cqo5:PJAFViJm+RYiPr7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1eab59991bb9b507aef673b7118131d_JaffaCakes118

Files

c1eab59991bb9b507aef673b7118131d_JaffaCakes118
.exe windows:7 windows x86 arch:x86

98965261b1507c6b5b00d77de2382943

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

pdh

PdhGetDefaultPerfCounterHW
PdhVbIsGoodStatus
PdhVerifySQLDBA
PdhEnumMachinesHW
PdhCreateSQLTablesA
PdhVbGetOneCounterPath
PdhParseCounterPathW
PdhValidatePathW
PdhBindInputDataSourceW
PdhFormatFromRawValue
PdhLookupPerfNameByIndexW
PdhBrowseCountersA
PdhGetDataSourceTimeRangeA
PdhGetCounterTimeBase
PdhGetFormattedCounterArrayA
PdhGetDefaultPerfCounterA
PdhLookupPerfIndexByNameA
PdhGetLogFileTypeA
PdhParseCounterPathA
PdhVbGetLogFileSize
PdhTranslate009CounterA
PdhLookupPerfNameByIndexA
PdhGetCounterInfoA
PdhTranslate009CounterW
PdhCloseLog
PdhParseInstanceNameW
PdhEnumObjectItemsW
PdhConnectMachineW
PdhGetDataSourceTimeRangeW
PdhRelogW
PdhListLogFileHeaderA
PdhExpandWildCardPathHW
PdhEnumLogSetNamesA
PdhOpenQueryW
PdhEnumMachinesHA
PdhBrowseCountersW
PdhCreateSQLTablesW
PdhEnumObjectItemsA
PdhUpdateLogW
PdhEnumObjectsW
PdhGetDefaultPerfCounterW
PdhSetDefaultRealTimeDataSource
PdhUpdateLogFileCatalog
PdhVbGetDoubleCounterValue
PdhOpenLogW
PdhAddCounterW
PdhGetRawCounterValue
PdhSetLogSetRunID
PdhRemoveCounter
PdhValidatePathA
PdhExpandCounterPathW
PdhMakeCounterPathW
PdhVbOpenLog
PdhTranslateLocaleCounterW
PdhEnumObjectsA

user32

SetWindowPos
DispatchMessageW
UnhookWindowsHookEx
UpdateWindow
ReleaseDC
IsWindowEnabled
CreateDialogParamW
LoadStringA
wsprintfW
LoadStringW
PostMessageW
GetDlgItemTextW
TranslateMessage
SetTimer
LoadIconW
KillTimer
CheckDlgButton
ShowWindow
EndDialog
SetDlgItemTextW
AdjustWindowRectEx
PeekMessageW
SendMessageW
wsprintfA
GetDC
GetWindowRect

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeSecurity

advapi32

RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW
RegFlushKey
RegEnumKeyW

comctl32

ImageList_Destroy

kernel32

LoadLibraryA
GetModuleHandleA
HeapReAlloc
VirtualFree
GetLocaleInfoA
HeapAlloc
VirtualAlloc
SetEndOfFile
GetTickCount
TlsGetValue
GetCommandLineW
QueryPerformanceCounter
MultiByteToWideChar
GetCPInfo
CreateFileW
IsBadReadPtr
GetTickCount
IsBadCodePtr
LCMapStringW
HeapCreate
InitializeCriticalSection
GetCurrentProcessId
CloseHandle
GetEnvironmentStringsW
GlobalAlloc
WideCharToMultiByte
SetEvent
GetSystemDirectoryW
lstrlenA
LeaveCriticalSection
UnhandledExceptionFilter
GetProcAddress
CompareFileTime
SetStdHandle
lstrlenW
VirtualQuery
LocalFree
SetLastError
RtlUnwind
GetStartupInfoW
GetVersionExA
GetProcessHeap
GetWindowsDirectoryW
VirtualAlloc
ExitProcess
HeapDestroy

rtm

RtmBlockDeleteRoutes
RtmGetEnumDests
MgmGroupEnumerationGetNext
RtmWriteAddressFamilyConfig
RtmGetRegisteredEntities
MgmGetMfe
RtmCreateNextHopEnum
RtmGetFirstRoute
MgmGroupEnumerationStart
RtmCreateDestEnum
RtmEnumerateGetNextRoute
MgmGetNextMfeStats
RtmDeregisterFromChangeNotification
RtmDeleteRouteToDest
InsertIntoTable
RtmAddRoute
RtmGetEntityInfo
RtmReadInstanceConfig
RtmRegisterForChangeNotification
RtmMarkDestForChangeNotification
RtmCreateEnumerationHandle
MgmGetProtocolOnInterface
RtmGetNextHopPointer
RtmGetDestInfo
RtmDeleteRouteTable
MgmRegisterMProtocol
RtmGetRouteAge
MgmGetFirstMfe
RtmFindNextHop
RtmBlockConvertRoutesToStatic
RtmGetExactMatchRoute
RtmIgnoreChangedDests
RtmGetListEnumRoutes
RtmGetRouteInfo
RtmReferenceHandles
RtmGetChangedDests
RtmGetNextRoute
MgmDeInitialize
RtmReleaseNextHops
RtmWriteInstanceConfig
RtmReleaseNextHopInfo
RtmBlockSetRouteEnable
RtmGetAddressFamilyInfo
CreateTable
RtmDereferenceHandles
RtmCreateRouteListEnum
RtmHoldDestination
MgmGetFirstMfeStats
DestroyTable
RtmDeregisterEntity
DumpTable
RtmGetMostSpecificDestination
SearchInTable
RtmDeleteRouteList

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98965261b1507c6b5b00d77de2382943

Headers

DLL Characteristics

File Characteristics

Imports

pdh

user32

ole32

advapi32

comctl32

kernel32

rtm

Sections

.text Size: 197KB - Virtual size: 197KB

.data Size: 34KB - Virtual size: 34KB

.rsrc Size: 17KB - Virtual size: 560KB

.text
Size: 197KB - Virtual size: 197KB

.data
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 17KB - Virtual size: 560KB