c89cbdaf6700001915bcfa37b515057c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c89cbdaf6700001915bcfa37b515057c_JaffaCakes118
Size

72KB
MD5

c89cbdaf6700001915bcfa37b515057c
SHA1

660b5e9db10018b2f5af5530c4575f09acdf0321
SHA256

c8f9cfe9d7cf88ca133588261b920d2f7c1c2c8a20197917fbf2a6dcfeb3858c
SHA512

4a2a14158de9f18d388dc7c4358f868255b708656b255e731986878e7c40e008fa953328fe6dc29f18fdc0818f9f9fd45803153811eb9c01a2e3e29ef2bbddc3
SSDEEP

1536:OjkCgozxWmTTteeIlsJk4PEShJ004wXRQoW/FJS7GnKrXUn7lHtL:GfNxWmTTteeuYk4cST00lX+o4FJ9nKrk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c89cbdaf6700001915bcfa37b515057c_JaffaCakes118

Files

c89cbdaf6700001915bcfa37b515057c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6f89b191b30cc02782de6f0bb3192b2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocStringByteLen
VariantClear
OleLoadPicture
SafeArrayUnaccessData
SysStringLen
VariantCopyInd
SafeArrayGetUBound
SysReAllocStringLen
SafeArrayPutElement
SafeArrayGetLBound
VariantChangeTypeEx
LoadTypeLib
RegisterTypeLib
VariantChangeType
GetErrorInfo
SafeArrayPtrOfIndex
GetActiveObject
SafeArrayGetElement
SysStringByteLen

comdlg32

ChooseColorW
PrintDlgW
GetFileTitleW
GetSaveFileNameW
ChooseFontW
GetOpenFileNameW
PageSetupDlgA
FindTextW
PageSetupDlgW
GetOpenFileNameA
ChooseFontA
GetSaveFileNameA
PrintDlgA
ChooseColorA
PrintDlgExW

msvcrt

_ltoa
swprintf
_cexit
rand
_beginthreadex
_wcsdup
strncmp
?terminate@@YAXXZ
_tell
_rotr
isalpha
_stat
_ftol
__pioinfo
atoi
wcsncmp
_lock
__CxxFrameHandler
_chsize
ctime
qsort
_finite
_access
exit
_initterm
_amsg_exit
malloc
__p__osver
towupper
tolower
realloc
wcstok
_rotl
srand
_controlfp

user32

CharNextW
DialogBoxParamW
RegisterClipboardFormatW
CharNextA
CharPrevW
GetDlgItemTextW
GetWindowLongW
GetClientRect
GetDC
IntersectRect
WinHelpW
GetMessageA
GetClassNameA
CallWindowProcA
CheckMenuItem
CreatePopupMenu
GetMenuItemCount
GetDesktopWindow
GetWindowDC
LoadImageW
wsprintfW

ole32

CLSIDFromString
CoReleaseMarshalData
OleRun
OleUninitialize
CoGetInterfaceAndReleaseStream
CreateDataAdviseHolder
CreateOleAdviseHolder
CoInitialize
CoUninitialize
CoImpersonateClient
CoMarshalInterThreadInterfaceInStream
OleInitialize
CoUnmarshalInterface
ProgIDFromCLSID
OleLoadFromStream
PropVariantCopy
CoInitializeEx
WriteClassStm
StgIsStorageFile
OleRegGetMiscStatus

rpcrt4

NdrOleFree
RpcServerUseProtseqEpW
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
UuidFromStringW
CStdStubBuffer_IsIIDSupported
RpcRevertToSelf
RpcServerUnregisterIf
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
RpcStringFreeW
NdrDllUnregisterProxy
NdrStubForwardingFunction

ntdll

wcsstr
RtlStringFromGUID
RtlUpcaseUnicodeString
RtlTimeToSecondsSince1970
NtSetValueKey
RtlUnicodeStringToAnsiString
RtlConvertSidToUnicodeString
RtlDeleteResource
NtPowerInformation
RtlSubAuthoritySid
atol
NtTerminateProcess
NtSetInformationFile
RtlAllocateAndInitializeSid
NtEnumerateValueKey
NtAllocateLocallyUniqueId
NtQueryPerformanceCounter
NtAllocateVirtualMemory
RtlSetSaclSecurityDescriptor
NtQuerySecurityObject
RtlDeleteCriticalSection
NtQueryDirectoryFile
NtDuplicateToken
RtlxUnicodeStringToAnsiSize
RtlQueryRegistryValues
NtCreateKey
NtDuplicateObject
RtlOemToUnicodeN
RtlMakeSelfRelativeSD
wcscat
NtSetInformationProcess
RtlxUnicodeStringToOemSize
RtlDeleteSecurityObject
RtlNtStatusToDosError
RtlLengthSid
RtlValidRelativeSecurityDescriptor
NtOpenKey

kernel32

GetCurrentProcess
GetFileSize
HeapAlloc
ResumeThread
QueryPerformanceCounter
GetStringTypeA
GetProcessHeap
GlobalLock
ReleaseMutex
GetFileAttributesA
Thread32Next
lstrcmpW
Sleep
TlsFree
FreeEnvironmentStringsA
IsBadReadPtr
GetACP
GetStdHandle
LockResource
GetDriveTypeA
FlushFileBuffers
GetSystemInfo
GetCurrentThreadId
GetVersion
GlobalAlloc
CreateEventA
GetConsoleMode
TlsAlloc
GetTickCount
GetOEMCP
DeleteFileW
GetSystemDirectoryW
GetCommandLineW
GetEnvironmentStrings
GetModuleHandleW
VirtualAlloc
FindResourceA
GetCommandLineA
CreateFileMappingA
VirtualProtect
GetLastError
GetSystemTimeAsFileTime
GetFileAttributesW
FindClose
FileTimeToSystemTime
InitializeCriticalSection

shlwapi

PathFindExtensionA
StrCatBuffW
PathRemoveBlanksW
StrCatW
SHDeleteKeyW
UrlIsW
PathFindFileNameW
PathCombineW
PathAppendA
PathIsUNCW
StrChrW

comctl32

PropertySheetA
ImageList_Destroy
PropertySheetW
ImageList_Draw
CreatePropertySheetPageW
InitCommonControls
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Create

advapi32

QueryServiceConfigW
CryptDestroyHash
GetSecurityDescriptorOwner
RegEnumKeyW
GetTraceEnableLevel
GetSidLengthRequired
RegDeleteValueA
ImpersonateLoggedOnUser
CheckTokenMembership
RegisterEventSourceW
RegCreateKeyExA
OpenServiceW
RegQueryValueA
CryptDestroyKey
RegEnumKeyA
RegSetValueExA
MakeSelfRelativeSD
ControlService
RegQueryValueExA
RegSetValueW
OpenProcessToken
IsValidSid
GetSidSubAuthorityCount
RegisterTraceGuidsW
GetUserNameA
InitializeSecurityDescriptor
UnregisterTraceGuids
CryptAcquireContextW

shell32

ShellExecuteW
SHGetMalloc
SHGetFolderPathW
SHChangeNotify
SHBrowseForFolderA
SHGetFileInfoW
ShellExecuteA
SHGetSpecialFolderPathW
SHGetPathFromIDListA
DragQueryFileA

gdi32

CreateDIBSection
SetTextAlign
TranslateCharsetInfo
Escape
OffsetViewportOrgEx
GetTextExtentPoint32A
GetPixel
CreateBitmap
PlayMetaFile
OffsetRgn
EndDoc
GetTextAlign
CreateCompatibleDC
PatBlt
ExtTextOutW
CreateDCW
SetROP2
SelectClipRgn
DeleteDC
GetBitmapBits

version

GetFileVersionInfoW
GetFileVersionInfoA
VerFindFileW
GetFileVersionInfoSizeA
VerLanguageNameA
VerQueryValueW
GetFileVersionInfoSizeW
VerQueryValueA

Sections

DATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbss
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 1024B - Virtual size: 1007B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f89b191b30cc02782de6f0bb3192b2d

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

comdlg32

msvcrt

user32

ole32

rpcrt4

ntdll

kernel32

shlwapi

comctl32

advapi32

shell32

gdi32

version

Sections

DATA Size: 9KB - Virtual size: 8KB

.textbss Size: 5KB - Virtual size: 5KB

.text Size: 51KB - Virtual size: 51KB

.tls Size: 512B - Virtual size: 64KB

BSS Size: 1024B - Virtual size: 1007B

.reloc Size: 1KB - Virtual size: 1KB

DATA
Size: 9KB - Virtual size: 8KB

.textbss
Size: 5KB - Virtual size: 5KB

.text
Size: 51KB - Virtual size: 51KB

.tls
Size: 512B - Virtual size: 64KB

BSS
Size: 1024B - Virtual size: 1007B

.reloc
Size: 1KB - Virtual size: 1KB