c8b61173ef39303a348f96a5ae2e93d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c8b61173ef39303a348f96a5ae2e93d3_JaffaCakes118
Size

182KB
MD5

c8b61173ef39303a348f96a5ae2e93d3
SHA1

286a7856a3e3f3e938414799bfc0f55bac284f22
SHA256

2627f58b75ae8070de762570389e94a55b5afed2ecd96fe8d9eeeffd8ac72a65
SHA512

fdf461bb7e59fc4ee815a0e98ad5028e0ae29466d372cbd41226226e13345476cfcf7516846436c6426c733b6d869db7b1e219d1924836760d586f8cdb19e180
SSDEEP

3072:2Ecyo3g9Hm+AyTitq+OeOp9ybhnxicxkHlpgQOGrYg24q3+F2HJZTfUUZxBczFTh:2nyo3gBm+Amc/hxiPHsQOpg9quFMJZTq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8b61173ef39303a348f96a5ae2e93d3_JaffaCakes118

Files

c8b61173ef39303a348f96a5ae2e93d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cabd40d2e88f20b62e27e186bd3461b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
StringFromGUID2
CoRevertToSelf
CoCreateGuid
StringFromCLSID
CoRegisterClassObject
CoGetClassObject
CoUninitialize
CoTaskMemAlloc
CoImpersonateClient
CoDisconnectObject
CLSIDFromString
CoSetProxyBlanket
CoGetCallContext
CoTaskMemRealloc
StringFromIID
CoInitializeSecurity
CoQueryProxyBlanket
CoInitializeEx
CoCreateInstance
CoRevokeClassObject

rpcrt4

RpcStringBindingComposeA
RpcBindingFromStringBindingA
NdrClientCall
RpcBindingSetAuthInfoA
RpcStringFreeA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shlwapi

PathFindExtensionA

oleacc

LresultFromObject
AccessibleObjectFromWindow

advapi32

OpenProcessToken
OpenServiceA
RegDeleteKeyA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
RegSetValueExA
OpenThreadToken
RegEnumKeyExA
DeleteService
LookupPrivilegeValueA
SetThreadToken
ReportEventA
DeregisterEventSource
GetTokenInformation
RegisterEventSourceA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
CreateServiceA
ControlService
ChangeServiceConfigA
RegDeleteValueA
CloseServiceHandle
RegCloseKey
StartServiceCtrlDispatcherA
RegEnumValueA
RegEnumKeyA
AdjustTokenPrivileges
RegQueryInfoKeyA
RegCreateKeyExA
RegCreateKeyA

user32

GetMessageA
DispatchMessageA
CharUpperA
GetWindowThreadProcessId
GetWindowTextA
wsprintfW
KillTimer
EnumWindows
MessageBoxA
PostThreadMessageA
PeekMessageA
CharNextA
LoadStringA
SetTimer
IsWindowVisible
wsprintfA

kernel32

WideCharToMultiByte
VirtualProtect
TlsGetValue
GetVersionExA
ReadFile
VirtualFree
GetCurrentThread
FreeLibrary
InitializeCriticalSection
FlushFileBuffers
LocalFree
GetPrivateProfileSectionNamesA
SetEvent
lstrcpynA
FindResourceA
HeapFree
GetSystemTimeAsFileTime
lstrlenA
TerminateThread
GetProcAddress
HeapReAlloc
LockResource
VirtualAlloc
TerminateProcess
GetCurrentProcess
CreateEventA
SetStdHandle
GetProfileStringA
CompareStringA
EnterCriticalSection
GetFileType
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
GetComputerNameA
SetHandleCount
InterlockedIncrement
HeapDestroy
LCMapStringW
ReadProcessMemory
SizeofResource
lstrlenW
HeapSize
CreateThread
GetCurrentProcessId
HeapAlloc
FreeEnvironmentStringsA
GetProcessTimes
UnmapViewOfFile
WritePrivateProfileStringA
LoadResource
LoadLibraryW
GetModuleFileNameW
lstrcmpiA
Sleep
VirtualQuery
SetErrorMode
FindClose
CreateProcessA
RtlUnwind
GetVersion
FindFirstFileA
IsBadWritePtr
FindResourceExA
GetProcessHeap
GetPrivateProfileStringA
GetFileAttributesA
IsDBCSLeadByte
InterlockedCompareExchange
GetThreadLocale
OpenProcess
TlsSetValue
ReleaseMutex
GetOEMCP
LCMapStringA
GetSystemInfo
GetEnvironmentStrings
CreateFileA
EnumSystemLanguageGroupsW
MultiByteToWideChar
SetLastError
TlsFree
GetPrivateProfileIntA
CreateMutexA
LoadLibraryExA
IsBadReadPtr
QueryPerformanceCounter
InterlockedDecrement
SetEnvironmentVariableA
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WaitForSingleObject
CompareStringW
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteCriticalSection
GetLocaleInfoA
ResetWriteWatch
CloseHandle
GetLastError
lstrcpyA
GetACP
GetCPInfo
ExitProcess
WriteProfileStringA
SetFilePointer
CreateDirectoryA
LocalSize
GetExitCodeProcess
GetStdHandle
GetStartupInfoA
TlsAlloc
CreateFileMappingA
LocalAlloc
GetCurrentThreadId
HeapCreate
GetModuleFileNameA
LeaveCriticalSection
MapViewOfFile
FormatMessageA
LoadLibraryA
GetStringTypeW
lstrcatA
SetEndOfFile
WriteFile
GetCommandLineA
GetSystemDirectoryA
CreateProcessW
DuplicateHandle
IsBadCodePtr
GetPrivateProfileSectionA
HeapFree

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cabd40d2e88f20b62e27e186bd3461b7

Headers

File Characteristics

Imports

ole32

rpcrt4

version

shlwapi

oleacc

advapi32

user32

kernel32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 6KB - Virtual size: 149KB

.data Size: 110KB - Virtual size: 109KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 6KB - Virtual size: 149KB

.data
Size: 110KB - Virtual size: 109KB

.rsrc
Size: 512B - Virtual size: 4KB