c975072aa25987d75f70b189d08c8c31_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c975072aa25987d75f70b189d08c8c31_JaffaCakes118
Size

298KB
MD5

c975072aa25987d75f70b189d08c8c31
SHA1

6e03a014ea8916ed464430ed2ab6b3ccfc27a2af
SHA256

67bdaff53d2ace2c1ff594619d0b77402ee2098f9629e7c9cf03e93529d67967
SHA512

e41d5cd1504997615388bbb77cb34e741341416332bcbe16df0a7acfa2d3487b30bd4be8ab092088b1027a36cfa1e170caee8dea3113d1ff8d7607fc87234633
SSDEEP

6144:5WqpjeJNu8btdquLZO4ruvZQW4d47wtof+13Usc9GEmhwTxoca:TpCJMmnacu+W4G+of8dTwT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c975072aa25987d75f70b189d08c8c31_JaffaCakes118

Files

c975072aa25987d75f70b189d08c8c31_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fd87edd39d592e4da3cc15ae61c84554

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cryptdlg.pdb

Imports

msvcrt

wcsstr
_adjust_fdiv
wcscat
wcschr
_wtol
memmove
mktime
wcsncpy
malloc
_initterm
memcpy
free
_wcsicmp
_except_handler3
time
memset
_errno
mbstowcs
wcscmp
wcscpy
wcslen

ntdll

NtDeleteKey
NtGetDevicePowerState
NtQueryIoCompletion
NtQueryObject
NtFlushBuffersFile
NtQueryMultipleValueKey
RtlLengthSid

kernel32

SetEvent
DeleteCriticalSection
IsDebuggerPresent
GetModuleHandleA
QueryPerformanceCounter
GlobalFree
SetFileAttributesA
LoadLibraryA
GetStdHandle
GetCurrentThreadId
FindFirstFileA
CreateEventA
lstrlenA
GetCurrentProcessId
CreateFileA
OpenSemaphoreA
InterlockedExchange
TlsGetValue
GetSystemTimeAsFileTime
GlobalAlloc
TerminateProcess
CreateMutexW
FindResourceW
GetCurrentProcess
GetSystemDefaultUILanguage
GetAtomNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetEnvironmentStringsA
SetFilePointer
DisableThreadLibraryCalls
WaitForSingleObject
CloseHandle
InterlockedDecrement
ResetEvent
WaitForMultipleObjects
GetModuleFileNameA
CreateSemaphoreW
HeapDestroy
GetConsoleCP
OpenMutexW
HeapFree
CreateEventW
InitializeCriticalSection
FindResourceExW
GetCommandLineW
CreateMutexA
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetSystemDefaultLCID
FindAtomA
FreeLibrary
lstrlenW
CreateSemaphoreA
GetLastError
LocalAlloc
OpenEventA
LCMapStringW
TlsSetValue
GetComputerNameW
GetSystemDefaultLangID
WideCharToMultiByte
GetLogicalDrives
LoadLibraryExA
InterlockedIncrement
GetStartupInfoA
GlobalMemoryStatusEx
MultiByteToWideChar
Sleep
CreateThread
TlsFree
GetCurrentDirectoryA
LocalFree
EnterCriticalSection
FormatMessageW
LeaveCriticalSection
PulseEvent
AddAtomA
ReadFile
HeapAlloc
GetUserDefaultLCID
GetProcessHeap
GetOEMCP
DeviceIoControl
GetComputerNameExW
SetLastError
FindClose
DeleteFileA
FindNextFileA
TlsAlloc
CreateFileW

rpcrt4

RpcServerInqDefaultPrincNameW
RpcServerUseProtseqW
RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcBindingVectorFree
RpcEpUnregister
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingInqAuthClientW
RpcStringFreeW
NdrServerCall2
RpcImpersonateClient
RpcRevertToSelf
UuidCreate
I_RpcBindingIsClientLocal
RpcServerRegisterAuthInfoW

advapi32

AddAccessDeniedAce
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
InitializeAcl
GetLengthSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
RegEnumValueA
RegEnumKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegOpenKeyExA
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegQueryInfoKeyA
RegisterServiceCtrlHandlerExW
AddAccessAllowedAce

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo
GetIpAddrTable
NhGetInterfaceNameFromGuid
GetInterfaceInfo

ws2_32

WSAIoctl
WSAEventSelect
WSACreateEvent
WSASocketW

user32

CountClipboardFormats
GetCursor
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
SendMessageA
LoadStringW
GetClipboardOwner
GetSystemMetrics
EnumWindows
PostQuitMessage
FindWindowExA
FindWindowA
RegisterClassExA
GetMessageA
DestroyWindow
DefWindowProcA
LoadCursorA
CreateWindowExA
wsprintfW

crypt32

CertStrToNameW

userenv

RefreshPolicy

netapi32

NetApiBufferFree
DsGetDcNameW

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd87edd39d592e4da3cc15ae61c84554

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

rpcrt4

advapi32

iphlpapi

ws2_32

user32

crypt32

userenv

netapi32

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 202KB - Virtual size: 257KB

.bss Size: - Virtual size: 45KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 202KB - Virtual size: 257KB

.bss
Size: - Virtual size: 45KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 4KB - Virtual size: 3KB