c97a16f6b5a233ba66f2e0feeef3177c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c97a16f6b5a233ba66f2e0feeef3177c_JaffaCakes118
Size

355KB
MD5

c97a16f6b5a233ba66f2e0feeef3177c
SHA1

0b874c7734d6cbc7f0f8cae4515e9a8cc9717c15
SHA256

1c02cfcd9021cbd4ad0a479cbf3f54fe0415d638f229bb6c60d9bd5a4ba84fbf
SHA512

8e6f3aec0129c4c1f71815ece1f7a4026959910055c3c14ecd4fb6b56c87aa619ae15d0ea2ee75a144d1b137ce92d8ebf6ad6af3f1725abc372ed8fffa09ed5e
SSDEEP

6144:Kg0izMMnMMMMMahwyCKTnyUjnhb0papI7aO3okhogUBevtY6VNtIq6EEIswVJuCV:hVMMnMMMMM45CGyU7W7s1MtY6VNtIqeu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c97a16f6b5a233ba66f2e0feeef3177c_JaffaCakes118

Files

c97a16f6b5a233ba66f2e0feeef3177c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a3a942bb6d1927912cf2085c75bd803

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateA

mswsock

sethostname

advapi32

ReportEventA
RegQueryValueExA
RegQueryValueExW
RegCloseKey
RegEnumValueA
RegCreateKeyW
AdjustTokenPrivileges
RegDeleteKeyW
RegEnumKeyA
RegSetValueExA
RegCreateKeyA
SetSecurityDescriptorDacl
RegQueryInfoKeyA
RegDeleteValueA
RegSetValueA
RegSetValueExW
RegEnumValueW
RegDeleteValueW
LookupPrivilegeValueA
RegisterEventSourceA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyW
InitializeSecurityDescriptor
DeregisterEventSource
RegQueryValueA
RegOpenKeyW
RegOpenKeyExA
OpenProcessToken

kernel32

ResumeThread
SetFilePointer
LoadResource
GetFileType
GetACP
GlobalSize
GlobalAddAtomA
lstrcmpA
SetEndOfFile
GetEnvironmentStrings
HeapDestroy
SetCurrentDirectoryA
DeleteFileA
GetLocaleInfoA
ReleaseSemaphore
HeapAlloc
GetDateFormatA
CreateMailslotA
ReadFile
RtlUnwind
CloseHandle
TlsSetValue
MultiByteToWideChar
FindResourceA
GetStartupInfoA
GetTempPathA
VirtualAlloc
LockResource
LockFile
SetEvent
WaitForSingleObject
WideCharToMultiByte
GetCurrentProcess
GetModuleHandleA
SetLastError
CompareStringA
LeaveCriticalSection
RaiseException
_lread
VirtualFree
FileTimeToSystemTime
CreateSemaphoreA
HeapSize
GetFullPathNameA
DuplicateHandle
HeapCreate
GetModuleFileNameA
lstrcmpiW
GetCommandLineA
GetOEMCP
IsDBCSLeadByte
GlobalUnlock
LCMapStringW
Sleep
GetEnvironmentStringsW
SearchPathA
MulDiv
FreeEnvironmentStringsA
EnterCriticalSection
GetCPInfo
GetCurrentDirectoryA
lstrcatA
CreateDirectoryA
lstrlenA
FlushInstructionCache
TlsGetValue
lstrcpyA
SetFileTime
FreeResource
GetVolumeInformationA
GetLocalTime
GetStringTypeExA
SetLocalTime
GetProfileStringA
GlobalAlloc
InterlockedIncrement
TerminateProcess
MoveFileA
FormatMessageA
CreateThread
GetShortPathNameA
_llseek
GetTickCount
HeapReAlloc
GetTimeZoneInformation
FreeLibrary
GetCurrentThreadId
UnhandledExceptionFilter
GetDriveTypeA
InterlockedDecrement
LoadLibraryExA
GlobalReAlloc
SetFileAttributesA
ResetEvent
IsBadCodePtr
CompareStringW
GetFileTime
GetTempFileNameA
GetCurrentProcessId
LoadLibraryA
FormatMessageW
CreateProcessA
GlobalHandle
GetProcAddress
GetSystemDirectoryA
lstrcpynA
GlobalLock
GetSystemDefaultLangID
GetSystemTime
CreateEventA
GlobalFree
GetUserDefaultLCID
ExitProcess
FreeEnvironmentStringsW
FlushFileBuffers
TlsFree
IsBadReadPtr
GetFileAttributesA
GetLastError
_lwrite
GetWindowsDirectoryA
FileTimeToLocalFileTime
WriteFile
GetSystemInfo
GetUserDefaultLangID
FindClose
SetErrorMode
FindNextFileA
GetStringTypeW
GlobalDeleteAtom
HeapFree
_lclose
FindFirstFileA
VirtualProtect
WinExec
GetExitCodeProcess
VirtualQuery
GetModuleFileNameW
SystemTimeToFileTime
DeleteCriticalSection
lstrcmpiA
CreateProcessW
GetVersionExA
CreateFileA
TlsAlloc
GetSystemDefaultLCID
LCMapStringA
SetHandleCount
GetVersion
GetStdHandle
GetStringTypeA
RemoveDirectoryA
SetEnvironmentVariableA
SetStdHandle
ExitThread
InitializeCriticalSection
UnlockFile

samlib

SamRemoveMultipleMembersFromAlias
SamTestPrivateFunctionsUser
SamiSetDSRMPassword
SamConnectWithCreds

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a3a942bb6d1927912cf2085c75bd803

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

mswsock

advapi32

kernel32

samlib

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 131KB - Virtual size: 130KB

.reloc Size: 512B - Virtual size: 64B

.data Size: 154KB - Virtual size: 1.0MB

.rdata Size: 205KB - Virtual size: 205KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 131KB - Virtual size: 130KB

.reloc
Size: 512B - Virtual size: 64B

.data
Size: 154KB - Virtual size: 1.0MB

.rdata
Size: 205KB - Virtual size: 205KB