d0cc66fe72274c3765b6f31987e636f2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d0cc66fe72274c3765b6f31987e636f2_JaffaCakes118
Size

267KB
MD5

d0cc66fe72274c3765b6f31987e636f2
SHA1

0957f8b51ef8a0ba9287781c105709c3f209fda5
SHA256

2fb111e794bc4d9abf2a56973f86ba0da01ccbe8b74b00fb3c9966238f2bcad6
SHA512

db590bdf747e930af8889bc57e9e71c660d1d00816f3cfe8d509c59887aec2a8479ca710f4bbd60339aeae0460b46581151c7f61f7bdba833531cdf3334de409
SSDEEP

6144:p1gJ8OIFrUcZoW2criWhNMKQSSPTyTWERFR4t8doZSN3t1CT1o:pGJ8B4PTXAz46dN3t1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0cc66fe72274c3765b6f31987e636f2_JaffaCakes118

Files

d0cc66fe72274c3765b6f31987e636f2_JaffaCakes118
.exe windows:6 windows x86 arch:x86

da4fdca36416d42f54500968f5de4ca5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TaskEng.pdb

Imports

user32

GetProcessWindowStation
GetUserObjectInformationW
EnableWindow
AllowSetForegroundWindow
SetCursor
GetMonitorInfoW
GetAncestor
ShutdownBlockReasonCreate
UpdateWindow
MsgWaitForMultipleObjects
ShowWindow
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
PostQuitMessage
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
LoadCursorW
PostMessageW
MessageBoxW
EnumThreadWindows
IsWindow
EnumWindows
GetWindowThreadProcessId
GetThreadDesktop
LoadStringW

msvcrt

memmove_s
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
__CxxFrameHandler3
wcschr
wcsncmp
_purecall
memcpy_s
memset
free
malloc
_XcptFilter
__p__commode
_amsg_exit
__setusermatherr
_initterm
_wcmdln
_cexit
_CxxThrowException
memcmp
_exit
memcpy
iswdigit
_wtol
_vsnwprintf
_wcsicmp
fclose
fflush
fopen_s
fputws
calloc
wcsrchr
_wcsnicmp
_wsplitpath_s
wcscat_s
exit
__set_app_type
__wgetmainargs
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
_except_handler4_common
__p__fmode

ntdll

EtwEventWrite
EtwEventEnabled
EtwEventUnregister
EtwEventRegister
RtlNtStatusToDosError
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
DbgPrintEx
EtwEventWriteTransfer
EtwEventActivityIdControl
NtSetInformationProcess

api-ms-win-core-debug-l1-1-1

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
CreateFileW
GetFileSizeEx
ReadFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetProcessHeap
HeapSetInformation
HeapReAlloc
HeapSize

api-ms-win-core-interlocked-l1-1-0

InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement

api-ms-win-core-libraryloader-l1-1-1

FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
GetModuleHandleA
GetModuleHandleExW
LoadLibraryExW

api-ms-win-core-misc-l1-1-1

LocalFree
Sleep

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-processthreads-l1-1-1

SetProcessShutdownParameters
GetCurrentProcess
OpenThreadToken
TerminateProcess
CreateThread
GetStartupInfoW
GetThreadPriority
GetExitCodeProcess
ResumeThread
CreateProcessW
GetCurrentThreadId
SetThreadPriority
GetCurrentProcessId
GetCurrentThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-1-1

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
CancelWaitableTimer
SetEvent
WaitForSingleObject
SetWaitableTimer

api-ms-win-core-sysinfo-l1-1-1

GetSystemTimeAsFileTime
GetTickCount
SystemTimeToFileTime

api-ms-win-core-threadpool-l1-1-1

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-security-base-l1-1-0

InitializeAcl
CopySid
CreateWellKnownSid
EqualSid
GetLengthSid
AddAce
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
GetSidLengthRequired
GetSidSubAuthority
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
MakeAbsoluteSD
IsValidSid
InitializeSid
InitializeSecurityDescriptor
CheckTokenMembership
GetSecurityDescriptorOwner

ole32

CoDisableCallCancellation
CoEnableCallCancellation
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoMarshalInterface
CoDisconnectObject
CoImpersonateClient
CoRevertToSelf
StringFromCLSID
CLSIDFromString
CoTaskMemFree
IIDFromString
StringFromGUID2
CoCancelCall
CoCreateInstance
CoInitializeSecurity

oleaut32

SysReAllocString
SysAllocStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcAsyncCancelCall
I_RpcExceptionFilter
NdrAsyncClientCall
RpcStringFreeW

kernel32

InitializeCriticalSectionAndSpinCount
DebugBreak
IsWow64Process
LocalAlloc
GetCurrentDirectoryW
WaitForMultipleObjects
DeleteAtom
CreateWaitableTimerW
DelayLoadFailureHook
GetComputerNameW
RegisterWaitForSingleObject
UnregisterWait
GetThreadPreferredUILanguages
SetThreadPreferredUILanguages

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cfevshy
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da4fdca36416d42f54500968f5de4ca5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

msvcrt

ntdll

api-ms-win-core-debug-l1-1-1

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-1

api-ms-win-core-misc-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-1

api-ms-win-core-sysinfo-l1-1-1

api-ms-win-core-threadpool-l1-1-1

api-ms-win-security-base-l1-1-0

ole32

oleaut32

rpcrt4

kernel32

Sections

.text Size: 166KB - Virtual size: 166KB

.data Size: 60KB - Virtual size: 60KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 37KB - Virtual size: 38KB

cfevshy Size: - Virtual size: 4KB

.text
Size: 166KB - Virtual size: 166KB

.data
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 37KB - Virtual size: 38KB

cfevshy
Size: - Virtual size: 4KB