c2082a4176f558b981b65d17257f2ec8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c2082a4176f558b981b65d17257f2ec8_JaffaCakes118
Size

385KB
MD5

c2082a4176f558b981b65d17257f2ec8
SHA1

ee22c322593c7e21fc468bed6cb406ab371fce6e
SHA256

b8d673f5c5d629bd618cf37617f3babe3f2674c8c323e94bb305afeef320f0c3
SHA512

2d6d7dbd7ae55ce305161bd4e4a3444ed95704e827a76ea943392a5a21f55a859c7261ee5131ddc8c751812ca819c6f058f4d14fe2b3f0f00d306f92d5c6e8af
SSDEEP

6144:DxXrXH6KkXr9j8v2Mv9av5uL1GnaPubfGdc3f/v8ZJm:1XrXaZ7Ch1GnTbfGS33g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2082a4176f558b981b65d17257f2ec8_JaffaCakes118

Files

c2082a4176f558b981b65d17257f2ec8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

15360c3e443e0a9fedfe342b23d544f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConvertThreadToFiber
RemoveLocalAlternateComputerNameA
IsValidCodePage
CancelDeviceWakeupRequest
EnumSystemLanguageGroupsW
WritePrivateProfileStringW
CompareFileTime
SetCalendarInfoA
GetNamedPipeInfo
GetNumaHighestNodeNumber
OpenProcess
GetConsoleCP
SetLocalPrimaryComputerNameA
CreateActCtxW
InitializeCriticalSection
CreateEventA
SwitchToThread
TzSpecificLocalTimeToSystemTime
RestoreLastError
SetProcessWorkingSetSize
DeviceIoControl
ReleaseActCtx
LocalCompact
ConvertDefaultLocale
SetInformationJobObject
FreeConsole
SetFileTime
SetDefaultCommConfigA
GlobalUnWire
GetStartupInfoA
BuildCommDCBW
lstrcmpiW
ReadFileScatter
Process32NextW
DosPathToSessionPathW
VirtualAlloc
GetVolumePathNameW
GetVersion
IsBadHugeWritePtr
LockFileEx
GetLogicalDriveStringsA
LoadLibraryA
ChangeTimerQueueTimer
GlobalAddAtomW
GlobalReAlloc
GlobalFindAtomA

regapi

RegQueryOEMId
RegPdCreateW
RegWinStationCreateA
RegWinStationCreateW
RegWinStationSetSecurityW
RegPdQueryW
RegWinStationQueryEx
RegCdQueryA
RegCloseServer
RegWinStationQuerySecurityA
RegWdQueryW
RegGetMachinePolicy
RegWinStationEnumerateW
RegGetUserConfigFromUserParameters
RegWinStationEnumerateA
RegConsoleShadowQueryA
RegGetTServerVersion
RegCdDeleteA
RegPdCreateA
RegCdEnumerateA
RegWinStationDeleteW
WaitForTSConnectionsPolicyChanges
RegCdCreateA
RegWdQueryA
RegPdDeleteW
RegCdCreateW
RegUserConfigRename
RegMergeUserConfigWithUserParameters
RegCdDeleteW
RegCdEnumerateW
RegWdEnumerateW
RegWdCreateA

msvfw32

GetOpenFileNamePreview
GetOpenFileNamePreviewA
ICDraw
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
DrawDibStart
DrawDibStop
ICOpen
ICGetDisplayFormat
DrawDibTime
ICMThunk32
DrawDibDraw
DrawDibOpen
ICInfo
GetOpenFileNamePreviewW
DrawDibRealize
MCIWndCreateW
DrawDibGetPalette
ICRemove
DrawDibClose
GetSaveFileNamePreviewA
MCIWndCreateA
DrawDibGetBuffer
ICDrawBegin
ICSendMessage
ICCompress
DrawDibSetPalette
ICGetInfo
DrawDibChangePalette

ntdll

ZwCreateProfile
ZwGetWriteWatch
NtOpenDirectoryObject
ZwSetInformationFile
NtReleaseSemaphore
RtlGetSecurityDescriptorRMControl
RtlDecompressFragment
NtReplaceKey
RtlFreeOemString
ZwDeleteKey
NtCloseObjectAuditAlarm
RtlNumberGenericTableElementsAvl
NtQueueApcThread
RtlCheckForOrphanedCriticalSections
_ultow
NtRemoveIoCompletion
RtlLengthSid
NtCreateSection
RtlSetCurrentEnvironment
ZwTestAlert
ZwSetDefaultLocale
RtlExtendedLargeIntegerDivide
RtlNumberOfSetBits
NtReplyWaitReplyPort
_aullrem
NtSetSecurityObject
ZwSetSystemTime
RtlSelfRelativeToAbsoluteSD2
NtDebugContinue
LdrQueryProcessModuleInformation
_wtol
NtWaitForKeyedEvent
RtlCompareUnicodeString
RtlInitNlsTables
RtlpNtCreateKey
NtUnlockVirtualMemory
NtExtendSection
ZwCreateIoCompletion
RtlDeleteAce
RtlZeroHeap

msvcrt40

_fputchar
?sync_with_stdio@ios@@SAXXZ
_fputwchar
_findfirsti64
_outpd
?read@istream@@QAEAAV1@PADH@Z
??0strstreambuf@@QAE@ABV0@@Z
_lseeki64
fopen
_mbsdup
isalpha
_winminor
clock
??0istrstream@@QAE@PAD@Z
getc
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
putwchar
sin
_ismbcl1
??_Elogic_error@@UAEPAXI@Z
$I10_OUTPUT
?sync@stdiobuf@@UAEHXZ
?is_open@ifstream@@QBEHXZ
?gptr@streambuf@@IBEPADXZ
??9type_info@@QBEHABV0@@Z
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
?flags@ios@@QBEJXZ
gets
?pcount@strstream@@QBEHXZ
??4istream_withassign@@QAEAAV0@ABV0@@Z
putwc
_heapset
?close@ifstream@@QAEXXZ
?ignore@istream@@QAEAAV1@HH@Z

advapi32

AddAccessAllowedAceEx
BuildTrusteeWithObjectsAndSidW
GetServiceKeyNameW
SetEntriesInAclW
LsaQueryForestTrustInformation
LsaSetSecurityObject
WmiQueryGuidInformation
GetNamedSecurityInfoA
FileEncryptionStatusA
LsaRemovePrivilegesFromAccount
WmiQueryAllDataMultipleW
LsaLookupNames
EnumerateTraceGuids
OpenTraceW
PrivilegedServiceAuditAlarmW
SystemFunction031
LsaQueryInformationPolicy
WmiQuerySingleInstanceMultipleW
CredWriteDomainCredentialsW
BuildExplicitAccessWithNameW
IsValidSecurityDescriptor
BuildTrusteeWithNameW
EncryptionDisable
CommandLineFromMsiDescriptor
FindFirstFreeAce
CredReadDomainCredentialsW
SystemFunction021
WmiFreeBuffer
CreatePrivateObjectSecurityWithMultipleInheritance
WmiMofEnumerateResourcesA
WmiExecuteMethodA
RevertToSelf
ObjectCloseAuditAlarmW
SetSecurityDescriptorDacl
RegCreateKeyExA

secur32

ImportSecurityContextW
ImportSecurityContextA
TranslateNameA
GetComputerObjectNameW
MakeSignature
SecpTranslateNameEx
QueryContextAttributesW
QueryCredentialsAttributesW
QuerySecurityPackageInfoW
LsaDeregisterLogonProcess
RevertSecurityContext
EncryptMessage
LsaUnregisterPolicyChangeNotification
GetUserNameExW
LsaLogonUser
ImpersonateSecurityContext
SecpFreeMemory
InitializeSecurityContextW
SaslIdentifyPackageW
FreeContextBuffer
GetUserNameExA
SaslEnumerateProfilesW
AcceptSecurityContext
SaslIdentifyPackageA
ApplyControlToken
SetContextAttributesW
ExportSecurityContext
AddSecurityPackageW
SaslInitializeSecurityContextW
LsaEnumerateLogonSessions
SetContextAttributesA
FreeCredentialsHandle
SaslGetProfilePackageA
LsaRegisterPolicyChangeNotification

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 195KB - Virtual size: 641KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15360c3e443e0a9fedfe342b23d544f3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

regapi

msvfw32

ntdll

msvcrt40

advapi32

secur32

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 195KB - Virtual size: 641KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 195KB - Virtual size: 641KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 1024B